Ticket #138 (new issue)

Opened 6 months ago

Last modified 6 months ago

Workaround currently in place for handling of .exe URIs in Capture

Reported by: xkovah Assigned to: xkovah
Priority: normal Milestone:
Component: Excluded Registry/File/Process Version: none
Severity: none Keywords: capture
Cc:

Description

Capture has a whitelist for IE temp file directories, but has a blacklist entry for filenames ending in .exe, and as such, if you browse to a URI which is specific to an exe (i.e. http://bla.com/download/file.exe) it will still flag the creation of the file since the blacklist trumps the whitelist.

For now we have disabled the blacklist entry related to .exes but I think the simplest solution will be to have the integrity check piece compare the last URI visited to any file events, and ignore entries where the two match.

The longer term solution is that Capture needs a rework of it's whitelist/blacklist capabilities, as they're not extensible, and have implementation limitations which shouldn't exist (see ticked #131)

Attachments

Change History

03/05/08 18:56:52 changed by kindlund

  • component changed from Unknown to Excluded Registry/File/Process.

Add/Change #138 (Workaround currently in place for handling of .exe URIs in Capture)




Change Properties
Action