Changeset 1522

Show
Ignore:
Timestamp:
04/16/08 14:17:28 (4 weeks ago)
Author:
kindlund
Message:

Exclusion list updates - IE7 accessing live.com which calls CardSpace ActiveX control (b3586e1f274ccd30f7274c6612).

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl

    r1520 r1522  
    322322+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution\\Download.*   
    323323+   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution\\Download.*  
     324 
     325#### HONEYCLIENT AUTO EXCLUDE SCRIPT - IE7 accessing live.com 
     326+   Write   C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  C:\\WINDOWS\\system32\\config\\system\.LOG 
     327+   Write   C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  C:\\WINDOWS\\system32\\config\\system 

  • honeyclient/trunk/thirdparty/capture-mod/ProcessMonitor.exl

    r1515 r1522  
    4545#thus I consider it something valid to add 
    4646+   ctfmon.exe  .*  C:\\WINDOWS\\system32\\ctfmon.exe 
     47 
     48#### HONEYCLIENT AUTO EXCLUDE SCRIPT - IE7 accessing live.com 
     49+   infocard.exe    .*  C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe 

  • honeyclient/trunk/thirdparty/capture-mod/RegistryMonitor.exl

    r1516 r1522  
    392392+   DeleteValueKey  C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run 
    393393+   SetValueKey C:\\WINDOWS\\system32\\ctfmon\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run 
     394 
     395#### HONEYCLIENT AUTO EXCLUDE SCRIPT - IE7 accessing live.com 
     396+   SetValueKey C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  HKU\\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders 
     397+   SetValueKey C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\Application 
     398+   SetValueKey C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe  HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\Application\\idsvc 
     399+   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Main