|
|
|
@1582
|
[1582]
|
05/14/08 14:58:08 |
kindlund |
Added work_unit_limit logic; where cloned VMs will get recycled after … |
|
|
|
@1581
|
[1581]
|
05/12/08 16:24:37 |
kindlund |
Reverted to defaults. |
|
|
|
@1580
|
[1580]
|
05/12/08 16:24:06 |
kindlund |
Added startup_worker_delay. |
|
|
|
@1579
|
[1579]
|
05/12/08 16:23:35 |
kindlund |
Housekeeping. |
|
|
|
@1578
|
[1578]
|
05/12/08 15:47:21 |
kindlund |
Updated exclusion list (re: 84e19947e56c3c6713206bed03). |
|
|
|
@1577
|
[1577]
|
05/12/08 15:13:29 |
kindlund |
Disabled multi-threaded snapshotting, since performing this as a subthread … |
|
|
|
@1576
|
[1576]
|
05/12/08 15:12:26 |
kindlund |
Initial fix, to deal with spinning up too many clone VMs simultaneously… … |
|
|
|
@1559
|
[1559]
|
04/25/08 11:17:11 |
kindlund |
Housekeeping. |
|
|
|
@1558
|
[1558]
|
04/24/08 17:14:36 |
kindlund |
Updated Manager to support DB retrieval of URLs for multiple, simultaneous … |
|
|
|
@1554
|
[1554]
|
04/22/08 13:20:44 |
kindlund |
Updated unit tests and log messages. |
|
|
|
@1547
|
[1547]
|
04/22/08 02:22:00 |
kindlund |
Added initial support for managing simultaneous honeyclient VMs on a … |
|
|
|
@1541
|
[1541]
|
04/19/08 15:48:53 |
kindlund |
Disabled prerouting logging functionality on FW, since it was yielding … |
|
|
|
@1540
|
[1540]
|
04/17/08 22:48:41 |
kindlund |
IE7 visiting multimedia website (sound) - (308d8ba0ccf89389210ae652f9). |
|
|
|
@1539
|
[1539]
|
04/17/08 18:39:00 |
kindlund |
IE7 exclusion list update (ee3b1ef22860c7a9c64956d080). |
|
|
|
@1538
|
[1538]
|
04/17/08 17:26:50 |
kindlund |
Updated Master VM to support IE7 with default policy, active scripting … |
|
|
|
@1537
|
[1537]
|
04/17/08 16:52:57 |
kindlund |
Updated IE7 false positive (cfb601205432618e08a2857cfd). |
|
|
|
@1536
|
[1536]
|
04/17/08 11:27:44 |
kindlund |
IE7 benign activity - (392c0d3fa27bb6b46f5bba6804). |
|
|
|
@1535
|
[1535]
|
04/17/08 11:17:05 |
kindlund |
Capture only works with EXL entries that have dots (.) escaped properly. |
|
|
|
@1534
|
[1534]
|
04/17/08 11:14:29 |
kindlund |
IE7 Exclusion Entry - (e395e843a5dad632d004be63ca) |
|
|
|
@1532
|
[1532]
|
04/16/08 19:45:38 |
kindlund |
Added Database recovery logic, in case the Ruby Drone web service … |
|
|
|
@1531
|
[1531]
|
04/16/08 19:44:52 |
kindlund |
Updated utility script. |
|
|
|
@1530
|
[1530]
|
04/16/08 17:17:31 |
kindlund |
Updated utility functions. |
|
|
|
@1528
|
[1528]
|
04/16/08 17:14:15 |
kindlund |
Added utility code. |
|
|
|
@1527
|
[1527]
|
04/16/08 15:22:54 |
kindlund |
Benign flash activity (IE7) - 2f174eecc05393f1a8a89075cb |
|
|
|
@1526
|
[1526]
|
04/16/08 15:20:29 |
kindlund |
Updated false positive (0b52f9a0ad4992fdb2abe5afa1). |
|
|
|
@1525
|
[1525]
|
04/16/08 15:16:52 |
kindlund |
False positive - (29fffdfc3dcc7eb6cdfa65609c). |
|
|
|
@1524
|
[1524]
|
04/16/08 14:41:12 |
kindlund |
Capture doesn't like extra spaces at the end of each EXL directive. |
|
|
|
@1523
|
[1523]
|
04/16/08 14:17:42 |
kindlund |
Bumped AM version. |
|
|
|
@1522
|
[1522]
|
04/16/08 14:17:28 |
kindlund |
Exclusion list updates - IE7 accessing live.com which calls CardSpace … |
|
|
|
@1520
|
[1520]
|
04/16/08 13:34:40 |
kindlund |
Updated exclusion list to reflect Windows Side-by-Side benign activity. … |
|
|
|
@1518
|
[1518]
|
04/15/08 08:17:13 |
kindlund |
Encountered rare error, where retry rate would hit 5, yet the 5th … |
|
|
|
@1517
|
[1517]
|
04/14/08 08:44:32 |
xkovah |
Replaced changes which got removed in r 1511 |
|
|
|
@1516
|
[1516]
|
04/11/08 11:42:39 |
xkovah |
a couple more misc ctfmon.exe entries |
|
|
|
@1515
|
[1515]
|
04/11/08 11:18:31 |
xkovah |
interesting thing with the language bar getting turned on after I did … |
|
|
|
@1514
|
[1514]
|
04/11/08 09:37:26 |
xkovah |
a new internationalization reg change found on the default IE7 |
|
|
|
@1513
|
[1513]
|
04/11/08 09:09:51 |
xkovah |
another false positive from IE7 running |
|
|
|
@1512
|
[1512]
|
04/10/08 10:58:01 |
xkovah |
+ SetValueKey C \WINDOWS\\explorer\.exe … |
|
|
|
@1511
|
[1511]
|
04/10/08 10:47:45 |
xkovah |
Added to the file:
#XENO: I recommend commenting out all blacklist entries … |
|
|
|
@1510
|
[1510]
|
04/09/08 22:01:40 |
kindlund |
False positive (d006934159767a7fc28160d5d1). |
|
|
|
@1509
|
[1509]
|
04/09/08 20:20:15 |
kindlund |
False positives (326851bdd43e32b5554e99a52e). |
|
|
|
@1508
|
[1508]
|
04/09/08 20:12:22 |
kindlund |
Updated IE7 white list (1d380b911f63801355d90ff5da). |
|
|
|
@1507
|
[1507]
|
04/09/08 18:26:14 |
kindlund |
Updated to support source_type and source_name. |
|
|
|
@1499
|
[1499]
|
04/09/08 15:47:11 |
kindlund |
Merging simpler_agent branch into trunk. |
|
|
|
@1496
|
[1496]
|
04/09/08 15:39:08 |
xkovah |
Added Pod::Usage (aka Pod::Parser) |
|
|
|
@1471
|
[1471]
|
04/08/08 10:29:49 |
xkovah |
as I thought might happen, the checksums file for the Bundle::CPAN stuff … |
|
|
|
@1470
|
[1470]
|
04/08/08 10:26:47 |
xkovah |
missing local copy of Compress::BZip2 for some reason |
|
|
|
@1468
|
[1468]
|
04/08/08 09:01:43 |
xkovah |
Changed Agent bundle to add Win32::Exe and also adding the CPAN::Checksums … |
|
|
|
@1465
|
[1465]
|
04/07/08 13:32:19 |
xkovah |
Updated the bundle names to reflect the last tag/rel version, 1.0.2.
They … |
|
|
|
@1464
|
[1464]
|
04/07/08 08:57:17 |
xkovah |
As Matt mentioned, we need to state where the modified capture source can … |
|
|
|
@1410
|
[1410]
|
04/01/08 15:14:05 |
kindlund |
Funky interactions with cleanup code. |
|
|
|
@1409
|
[1409]
|
04/01/08 14:59:21 |
kindlund |
Updated set_client_suspicious call within Manager. |
|
|
|
@1408
|
[1408]
|
04/01/08 11:40:56 |
kindlund |
Need to update hive API before that last commit. |
|
|
|
@1407
|
[1407]
|
04/01/08 11:28:35 |
kindlund |
Updated Agent handling logic slightly — marked clones that do not respond … |
|
|
|
@1406
|
[1406]
|
03/31/08 15:01:15 |
kindlund |
Updated IE7 white list (f63e8556f0f2ef149f42040b3d). |
|
|
|
@1405
|
[1405]
|
03/31/08 14:58:38 |
kindlund |
Updated IE7 white list (81e7d88c1adf8af2753fda8e4a). |
|
|
|
@1404
|
[1404]
|
03/31/08 14:55:56 |
kindlund |
Updated IE7 false positives (7868808e44d97ba3acdf767d09). |
|
|
|
@1403
|
[1403]
|
03/31/08 14:17:02 |
kindlund |
Updated IE7 false positives (e7c8761830343d86a86bc6f46d). |
|
|
|
@1402
|
[1402]
|
03/31/08 14:13:08 |
kindlund |
Updated exclusion list for WMP (82b48848e7eef866c15071a252). |
|
|
|
@1401
|
[1401]
|
03/31/08 13:59:41 |
kindlund |
Updated operational master VM. |
|
|
|
@1400
|
[1400]
|
03/28/08 15:31:35 |
kindlund |
Updated per false positive (0cec38a5dfbca2defdae7f38c9). |
|
|
|
@1399
|
[1399]
|
03/27/08 23:47:47 |
kindlund |
More IE7 false positives. |
|
|
|
@1398
|
[1398]
|
03/27/08 23:10:56 |
kindlund |
Updated exclusion list. |
|
|
|
@1397
|
[1397]
|
03/27/08 23:04:05 |
kindlund |
More false positives for IE7. |
|
|
|
@1396
|
[1396]
|
03/27/08 22:58:20 |
kindlund |
More IE7 false positives. |
|
|
|
@1395
|
[1395]
|
03/27/08 21:53:36 |
kindlund |
Updated base master image to IE7. |
|
|
|
@1394
|
[1394]
|
03/27/08 21:36:18 |
kindlund |
More IE7 excludes. |
|
|
|
@1393
|
[1393]
|
03/27/08 21:11:31 |
kindlund |
Updated IE false positives, also ignored writes for .bat and .cmd files … |
|
|
|
@1392
|
[1392]
|
03/27/08 21:04:30 |
kindlund |
WMI false positive. |
|
|
|
@1391
|
[1391]
|
03/27/08 17:17:14 |
kindlund |
More IE7 whitelist entries. |
|
|
|
@1390
|
[1390]
|
03/27/08 17:04:47 |
kindlund |
Updated exclusion lists to support IE 7. |
|
|
|
@1389
|
[1389]
|
03/26/08 19:44:22 |
kindlund |
Updated Clone initialization, in order to print a more user friendly … |
|
|
|
@1388
|
[1388]
|
03/25/08 20:58:08 |
kindlund |
Accounting for additional whitelist activity (b7b5f0e08f4c8475d950c4a73c). |
|
|
|
@1387
|
[1387]
|
03/25/08 20:39:34 |
kindlund |
Updated exclusion list, per ticket #152 |
|
|
|
@1368
|
[1368]
|
03/25/08 11:42:51 |
kindlund |
Make sure errors in communicating with the FW don't affect our ability to … |
|
|
|
@1367
|
[1367]
|
03/25/08 10:08:23 |
kindlund |
Updated wmiprvse.exe false positive list (3e606c371a805a4c50274ad506). |
|
|
|
@1366
|
[1366]
|
03/24/08 20:54:57 |
kindlund |
More false positives, related to wmiprvse.exe (31fd1a012f1caca021feb94c08) |
|
|
|
@1361
|
[1361]
|
03/19/08 12:14:23 |
kindlund |
Updated exclusion list to reflect 8e4b27c9c03e5b2b8c193c3dad false … |
|
|
|
@1360
|
[1360]
|
03/19/08 12:09:37 |
kindlund |
Updated exclusion list, per 51a99a33ee8b78b45914980658 false positive. |
|
|
|
@1359
|
[1359]
|
03/18/08 12:35:42 |
kindlund |
Updated utility scripts. |
|
|
|
@1358
|
[1358]
|
03/18/08 01:51:32 |
kindlund |
Updated operational web service. |
|
|
|
@1357
|
[1357]
|
03/17/08 17:09:08 |
kindlund |
Updated migration script. |
|
|
|
@1356
|
[1356]
|
03/17/08 16:00:13 |
kindlund |
Updated operational environment. |
|
|
|
@1353
|
[1353]
|
03/17/08 13:20:44 |
kindlund |
Updated API to reflect client migration script usage. |
|
|
|
@1352
|
[1352]
|
03/17/08 13:19:56 |
kindlund |
Helper script to migrate non-deleted clients (internal use only). |
|
|
|
@1351
|
[1351]
|
03/14/08 17:01:12 |
kindlund |
Sanity check content type value in Browser — in case we arn't able to … |
|
|
|
@1350
|
[1350]
|
03/11/08 13:43:51 |
kindlund |
Discovered that explorer.exe also purges IE history cache. |
|
|
|
@1349
|
[1349]
|
03/11/08 13:16:24 |
kindlund |
Updated false positive to reflect temporary files generated by flash. |
|
|
|
@1348
|
[1348]
|
03/10/08 11:54:15 |
kindlund |
Updated white list with further exclusions (windows update). |
|
|
|
@1347
|
[1347]
|
03/10/08 11:23:38 |
kindlund |
Updated white list for Windows Update. |
|
|
|
@1346
|
[1346]
|
03/07/08 16:36:28 |
kindlund |
Found more false-positive activity, re: ticket #144 |
|
|
|
@1345
|
[1345]
|
03/07/08 16:32:00 |
kindlund |
Added rule to exclude benign Flash activity, re: ticket #136 |
|
|
|
@1343
|
[1343]
|
03/07/08 15:19:24 |
kindlund |
Added to cleanup script, to stop any VMs marked as bug before … |
|
|
|
@1341
|
[1341]
|
03/07/08 12:49:45 |
xkovah |
Checking in the updated Bundle::HoneyClient::Manager for … |
|
|
|
@1340
|
[1340]
|
03/07/08 12:47:42 |
xkovah |
Copying over the source file for Filesys::DfPortable from 1.0.2 to trunk |
|
|
|
@1337
|
[1337]
|
03/06/08 23:24:18 |
kindlund |
Modified the XML-RPC code to support proxies. |
|
|
|
@1336
|
[1336]
|
03/06/08 17:24:21 |
kindlund |
Added support for disk space checking; Manager will now gracefully … |
|
|
|
@1335
|
[1335]
|
03/06/08 16:48:02 |
kindlund |
Added programmatic organizational support. |
|
|
|
@1334
|
[1334]
|
03/06/08 16:29:32 |
kindlund |
Bumped master vm version number. |
|
|
|
@1333
|
[1333]
|
03/06/08 16:10:43 |
kindlund |
Needed a reference to LWP::UserAgent. |
|
|
|
@1332
|
[1332]
|
03/06/08 15:58:23 |
kindlund |
Updated exclusion lists re: ticket #144 |
