Changeset 1390

Show
Ignore:
Timestamp:
03/27/08 17:04:47 (4 months ago)
Author:
kindlund
Message:

Updated exclusion lists to support IE 7.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl

    r1388 r1390  
    256256#### Honeyclient manual add - iexplore.exe 
    257257+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\wbk.?.?.?\.tmp 
     258 
     259#### HONEYCLIENT AUTO EXCLUDE SCRIPT - Internet Explorer 7 Updates 
     260+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS 
     261+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution\\DataStore\\Logs 
     262+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32 
     263+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\repair 
     264+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution 

  • honeyclient/trunk/thirdparty/capture-mod/ProcessMonitor.exl

    r1243 r1390  
    3333+   WgaTray.exe .*  C:\\WINDOWS\\system32\\WgaTray\.exe 
    3434+   alg.exe .*  C:\\WINDOWS\\system32\\alg\.exe 
    35 +   firefox.exe .*  C:\\Program Files\\Mozilla Firefox\\firefox\.exe#### HONEYCLIENT AUTO EXCLUDE SCRIPT 
     35+   firefox.exe .*  C:\\Program Files\\Mozilla Firefox\\firefox\.exe 
     36 
     37#### HONEYCLIENT AUTO EXCLUDE SCRIPT 
    3638+   setup_wm.exe    .*  C:\\Program Files\\Windows Media Player\\setup_wm.exe 
    3739+   wmplayer.exe    .*  C:\\Program Files\\Windows Media Player\\wmplayer.exe 
     40 
     41#### HONEYCLIENT AUTO EXCLUDE SCRIPT - Internet Explorer 7 Updates 
     42+   verclsid.exe    .*  C:\\WINDOWS\\system32\\verclsid.exe 

  • honeyclient/trunk/thirdparty/capture-mod/RegistryMonitor.exl

    r1346 r1390  
    324324+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}\\Contains\\Files 
    325325+   SetValueKey C:\\WINDOWS\\system32\\winlogon.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon 
     326 
     327#### HONEYCLIENT AUTO EXCLUDE SCRIPT - Internet Explorer 7 Updates 
     328+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Security\\AntiPhishing\\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F 
     329+   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts 
     330+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 
     331+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 
     332+   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts 
     333+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices 
     334+   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\LowRegistry 
     335+   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices 
     336+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Zoom 
     337+   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices 
     338+   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices 
     339+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\CTF\\TIP\\\{1188450c-fdab-47ae-80d8-c9633f71be64\}\\LanguageProfile\\0x00000000\\\{63800dac-e7ca-4df9-9a5c-20765055488d\} 
     340+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Ports 
     341+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 
     342+   DeleteValueKey  C:\\WINDOWS\\system32\\userinit\.exe    HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts 
     343+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S.+\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices 
     344+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices 
     345+   DeleteValueKey  C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts 
     346+   DeleteValueKey  C:\\WINDOWS\\system32\\userinit\.exe    HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Devices 
     347+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts 
     348+   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached 
     349+   SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\PrinterPorts 
     350+   SetValueKey C:\\WINDOWS\\system32\\userinit\.exe    HKCU\\Printers