Changeset 1345

Timestamp:

03/07/08 16:32:00 (6 months ago)

Author:

kindlund

Message:

Added rule to exclude benign Flash activity, re: ticket #136

Files:

• honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl (modified) (1 diff)

honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl

@@ -220 +220 @@
-+   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\CatRoot2\\tmp\.edb
-+   Write   C:\\WINDOWS\\system32\\winlogon\.exe    C:\\WINDOWS\\system32\\dllcache\\wuweb\.dll\.new
+
+#### Honeyclient manual add - iexplore.exe - ticket #136 (flash)
++   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\fla.?\.tmp
++   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\fla.?\.tmp