Changeset 1332

Show
Ignore:
Timestamp:
03/06/08 15:58:23 (6 months ago)
Author:
kindlund
Message:

Updated exclusion lists re: ticket #144

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl

    r1331 r1332  
    194194+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Tar.?\.tmp 
    195195+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Tar.?\.tmp 
     196 
     197#### Honeyclient manual add - iexplore.exe - ticket #144 (windows update services) 
     198+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\WindowsUpdate.log 
     199+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD1\.tmp 
     200+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD1\.tmp\\wuweb\.dll 
     201+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD1\.tmp\\wuweb\.dll 
     202+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD1\.tmp\\wuweb\.inf 
     203+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD1\.tmp\\wuweb\.inf 
     204+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD1\.tmp\\wuweb\.cat 
     205+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD1\.tmp\\wuweb\.cat 
     206+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\CatRoot2\\dberr\.txt 
     207+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\LastGood\\TMP1\.tmp 
     208+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\SET3\.tmp 
     209+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\SET3\.tmp 
     210+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Downloaded Program Files\\SET4\.tmp 
     211+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\Downloaded Program Files\\SET4\.tmp 
     212+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WuRedir\\9482F4B4-E343-43B6-B170-9A65BC822C77\\wuredir\.cab\.bak 
     213+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WuRedir\\9482F4B4-E343-43B6-B170-9A65BC822C77\\wuredir\.cab\.bak 
     214+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WuRedir\\9482F4B4-E343-43B6-B170-9A65BC822C77\\wuredir\.xml 
     215+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WuRedir\\9482F4B4-E343-43B6-B170-9A65BC822C77\\wuredir\.cab 
     216+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wuident\.txt 
     217+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.cab 
     218+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.inf 
     219+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.cat 
     220+   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\CatRoot2\\tmp\.edb 
     221+   Write   C:\\WINDOWS\\system32\\winlogon\.exe    C:\\WINDOWS\\system32\\dllcache\\wuweb\.dll\.new 

  • honeyclient/trunk/thirdparty/capture-mod/RegistryMonitor.exl

    r1271 r1332  
    315315#### Honeyclient manual add - helpsvc.exe 
    316316+   SetValueKey C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpsvc.exe   HKLM\\SOFTWARE\\Microsoft\\PCHealth\\.+ 
     317 
     318#### Honeyclient manual add - iexplore.exe - ticket #144 (windows update services) 
     319+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ModuleUsage\\C:\/WINDOWS\/System32\/wuweb\.dll 
     320+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs 
     321+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}\\DownloadInformation 
     322+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}\\InstalledVersion 
     323+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}\\Contains\\Files 
     324+   SetValueKey C:\\WINDOWS\\system32\\winlogon.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon