Changeset 1605

Timestamp:

06/09/08 11:31:57 (4 months ago)

Author:

xkovah

Message:

some initial Acrobat whitelist info

Files:

• honeyclient/branches/exp/xkovah-app_whitelists/thirdparty/capture-mod/FileMonitor.exl (modified) (1 diff)
• honeyclient/branches/exp/xkovah-app_whitelists/thirdparty/capture-mod/ProcessMonitor.exl (modified) (1 diff)
• honeyclient/branches/exp/xkovah-app_whitelists/thirdparty/capture-mod/RegistryMonitor.exl (modified) (1 diff)

honeyclient/branches/exp/xkovah-app_whitelists/thirdparty/capture-mod/FileMonitor.exl

@@ -334 +334 @@
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\LocalService
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\config\\SysEvent\.Evt
+
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
+#Adobe Acrobat Reader 6 Excludes
++   Write   C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\6\.0\\AdobeComFnt06\.lst
++   Write   C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\6\.0\\Collab\\Reviews
++   Write   C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\6\.0\\Collab\\OfflineDocs
++   Delete  C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Acr.*
++   Write   C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Acr.*
++   Write   C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\6\.0\\Preferences\\defaultHeuristics\.dat
++   Write   C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\6\.0\\AcroForm\\MRUFormsList
++   Write   C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Acrobat\\6\.0\\Cache\\AcroFnt06\.lst
++   Write   C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\6\.0\\Updater\\udstore\.js
++   Write   C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\6\.0\\TMGrpPrm\.sav
+
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\7\.0\\UserCache\.bin
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\7\.0\\AdobeCMapFnt07\.lst
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\7\.0\\JavaScripts\\glob\.settings\.js
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\7\.0\\Collab\\RSS
++   Delete  C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Acr.*
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Acr.*
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Color\\.*
++   Delete  C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Color\\.*
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Acrobat\\7\.0\\Cache\\.*
++   Delete  C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Acrobat\\7\.0\\Cache\\.*
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\7\.0\\AdobeSysFnt07\.lst
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\7\.0\\JSADM\.exv
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\7\.0\\Updater\\udlog\.txt
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\7\.0\\Updater\\udstore\.js
+
++   Write   C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32Info\.exe   C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\7\.0\\UserCache\.bin
+
+
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
+#Adobe Reader 8 excludes
++   Write   C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Acr.*\.tmp
++   Write   C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Adobe\\Acrobat\\8\.0\\EPICConfig\.xml
++   Delete  C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Acr.*\.tmp
++   Delete  C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\Adobe\\Acrobat\\8\.0\\EPICConfig\.xml
++   Write   C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\aumLib\.log
++   Delete  C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    C:\\Program Files\\Adobe\\Reader 8\.0\\Resource\\Linguistics\\Providers\\Proximity10
++   Write   C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AdobeUpdaterPrefs\.dat
++   Write   C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    C:\\Documents and Settings\\Administrator\\Application Data\\Adobe\\Acrobat\\8\.0\\UserCache\.bin
++   Write   C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Acrobat\\8\.0\\Updater\\updater\.log
++   Delete  C:\\WINDOWS\\explorer\.exe  C:\\Documents and Settings\\Administrator\\Recent\\.*
++   Write   C:\\WINDOWS\\explorer\.exe  C:\\Documents and Settings\\Administrator\\Recent\\.*
++   Write   System  C:\\Documents and Settings\\Administrator\\Recent\\.*
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\Data\\AdobeUpdater_meta\.txt
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AUTrans\.xml\.0
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\Data\\AdobeUpdater\.aum
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\crl\\.*\.crl
++   Delete  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\Data\\reader8rdr-en_US\.aum
++   Delete  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AUTrans\.xml
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\acrobatPI\.log
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\Data\\reader8rdr-en_US\.aup\.xml
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\aum\.log
++   Delete  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AUTrans\.xml\.0
++   Delete  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\crl\\.*\.crl
++   Delete  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\Data\\AdobeUpdater\.aum
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\Data\\reader8rdr-en_US\.aum
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AUTrans\.xml_
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\Data\\reader8rdr-en_US_meta\.txt
++   Delete  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AUTrans\.sig
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AUTrans\.sig
++   Delete  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\crl
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AUTrans\.xml
++   Delete  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AUTrans\.xml_
++   Write   C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Adobe\\Updater5\\AdobeUpdaterPrefs\.dat

honeyclient/branches/exp/xkovah-app_whitelists/thirdparty/capture-mod/ProcessMonitor.exl

@@ -48 +48 @@
-#### HONEYCLIENT AUTO EXCLUDE SCRIPT - IE7 accessing live.com
-+   infocard.exe    .*  C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\infocard.exe
+
+#Below Excludes for Whitelisting Acrobat 8, for executing attachments
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   AcroRd32.exe    .*  C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   AdobeUpdater.exe    .*  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   AcroRd32.exe    .*  C:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   AcroRd32.exe    .*  C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe
++   AcroRd32Info.exe    .*  C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32Info.exe

honeyclient/branches/exp/xkovah-app_whitelists/thirdparty/capture-mod/RegistryMonitor.exl

@@ -401 +401 @@
-# IE7 - accessing multimedia pages
-+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\MPEG2Demultiplexer
+
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
+#Adobe Acrobat Reader 6 excludes
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.*
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.*
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\6\.0\\AVGeneral.*
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.*
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKLM\\SOFTWARE\\Adobe\\Acrobat Reader\\6\.0\\AdobeViewer
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\6\.0\\AdobeViewer
++   DeleteValueKey  C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\6\.0\\AdobeViewer
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\6\.0\\Language\\current
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 6\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
++   SetValueKey C:\\WINDOWS\\explorer\.exe  HKLM\\SOFTWARE\\Classes\\Applications\\AcroRd32\.exe\\shell.*
+
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
+#Adobe Acrobat Reader 7 excludes
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\7\.0\\RememberedViews\\.+
++   DeleteValueKey  C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\7\.0\\RememberedViews\\.+
++   DeleteValueKey  C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\7\.0\\AdobeViewer
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\7\.0\\AVGeneral.*
++   DeleteValueKey  C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\7\.0\\AVGeneral.*
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\7\.0\\Collab.*
++   DeleteValueKey  C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Adobe\\Acrobat Reader\\7\.0\\Collab.*
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.+
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32\.exe   HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache\\.+
+
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32Info\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.+
++   SetValueKey C:\\Program Files\\Adobe\\Acrobat 7\.0\\Reader\\AcroRd32Info\.exe   HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
+
+
+#### HONEYCLIENT AUTO EXCLUDE SCRIPT
++   DeleteValueKey  C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Adobe\\Acrobat Reader\\8\.0\\AdobeViewer
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Adobe\\Acrobat Reader\\8\.0\\AdobeViewer
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKLM\\SOFTWARE\\Adobe\\Acrobat Reader\\8\.0\\AdobeViewer
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Adobe\\Acrobat Reader\\8\.0\\SDI
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Adobe\\Acrobat Reader\\8\.0\\Annots
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache\\.+
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.*
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Adobe\\Acrobat Reader\\8\.0\\AVGeneral\\cRecentFiles\\c1
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Adobe\\Acrobat Reader\\8\.0\\AVGeneral.*
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Adobe\\Acrobat Reader\\8\.0\\Collab
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.*
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Adobe\\Adobe Acrobat\\8\.0\\DiskCabs
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap
++   SetValueKey C:\\Program Files\\Adobe\\Reader 8\.0\\Reader\\AcroRd32\.exe    HKCU\\Software\\Adobe\\Acrobat Reader\\8\.0\\RememberedViews\\.+
+
++   SetValueKey C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
++   SetValueKey C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\.+
++   SetValueKey C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
++   SetValueKey C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe HKLM\\SYSTEM\\ControlSet001\\Hardware Profiles\\0001\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings
++   SetValueKey C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings.*
+#Note, that the below actually won't work...it conflicts with a blacklist entry...
++   DeleteValueKey  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
++   DeleteValueKey  C:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
+