|
|
|
@1927
|
[1927]
|
12/08/08 20:39:14 |
kindlund |
Benign activity from client ID (10976). |
|
|
|
@1902
|
[1902]
|
11/26/08 15:40:25 |
kindlund |
Updated exclusion list to reflect benign activity in: … |
|
|
|
@1901
|
[1901]
|
11/26/08 10:59:08 |
kindlund |
Updated exclusion entry to reflect benign activity in: … |
|
|
|
@1875
|
[1875]
|
11/17/08 22:47:48 |
kindlund |
Updated exclusion list to handle VMip.exe activity from VMware Tools when … |
|
|
|
@1718
|
[1718]
|
07/24/08 16:40:21 |
kindlund |
Added registry exclusion for IE benign activity regarding DirectX sound … |
|
|
|
@1683
|
[1683]
|
07/11/08 13:45:56 |
kindlund |
Oops. okay this should fix #180 |
|
|
|
@1682
|
[1682]
|
07/11/08 13:40:58 |
kindlund |
Fix for Ticket #180 |
|
|
|
@1679
|
[1679]
|
07/10/08 14:05:45 |
kindlund |
Partial fix for ticket #181 |
|
|
|
@1678
|
[1678]
|
07/10/08 14:02:03 |
knwang |
Updated Process and File exclusion lists for MSN Messenger Autostart … |
|
|
|
@1673
|
[1673]
|
07/08/08 15:37:26 |
knwang |
Updated registry exclusion list for benign explorer activity … |
|
|
|
@1671
|
[1671]
|
07/08/08 15:11:19 |
knwang |
Updated File and Registry exclusion lists for IE 6 Crashing … |
|
|
|
@1670
|
[1670]
|
07/08/08 14:49:53 |
knwang |
Updated registry exclusion list for IE6 crash … |
|
|
|
@1669
|
[1669]
|
07/08/08 14:08:23 |
knwang |
Updated exclusion list to support temporary Flash objects … |
|
|
|
@1656
|
[1656]
|
07/03/08 19:35:48 |
kindlund |
Updated exclusion list for benign activity for IE7/infocard … |
|
|
|
@1655
|
[1655]
|
07/03/08 19:33:53 |
kindlund |
Updated exclusion list to ignore benign IE6/Passport activity … |
|
|
|
@1654
|
[1654]
|
07/02/08 21:35:14 |
kindlund |
Updated filesystem exclusion list to support benign activity for … |
|
|
|
@1648
|
[1648]
|
07/01/08 15:12:30 |
kindlund |
Some of the registry exl entries did not have their process name extension … |
|
|
|
@1647
|
[1647]
|
07/01/08 15:10:00 |
kindlund |
Updated exclusion list to ignore random IE crashing due to poor … |
|
|
|
@1646
|
[1646]
|
07/01/08 14:40:34 |
kindlund |
Updated exclusion list to support Active Scripting Printing within IE |
|
|
|
@1645
|
[1645]
|
07/01/08 14:29:32 |
kindlund |
Updated exclusion lists to support Active Scripting Printing |
|
|
|
@1641
|
[1641]
|
06/25/08 14:48:40 |
kindlund |
Updated file exclusion rules to account for IE7 behavior. |
|
|
|
@1639
|
[1639]
|
06/24/08 18:18:35 |
kindlund |
Minor updates. |
|
|
|
@1621
|
[1621]
|
06/11/08 14:51:42 |
kindlund |
Updated exclusion list to reflect benign activity in … |
|
|
|
@1578
|
[1578]
|
05/12/08 15:47:21 |
kindlund |
Updated exclusion list (re: 84e19947e56c3c6713206bed03). |
|
|
|
@1540
|
[1540]
|
04/17/08 22:48:41 |
kindlund |
IE7 visiting multimedia website (sound) - (308d8ba0ccf89389210ae652f9). |
|
|
|
@1539
|
[1539]
|
04/17/08 18:39:00 |
kindlund |
IE7 exclusion list update (ee3b1ef22860c7a9c64956d080). |
|
|
|
@1537
|
[1537]
|
04/17/08 16:52:57 |
kindlund |
Updated IE7 false positive (cfb601205432618e08a2857cfd). |
|
|
|
@1536
|
[1536]
|
04/17/08 11:27:44 |
kindlund |
IE7 benign activity - (392c0d3fa27bb6b46f5bba6804). |
|
|
|
@1535
|
[1535]
|
04/17/08 11:17:05 |
kindlund |
Capture only works with EXL entries that have dots (.) escaped properly. |
|
|
|
@1534
|
[1534]
|
04/17/08 11:14:29 |
kindlund |
IE7 Exclusion Entry - (e395e843a5dad632d004be63ca) |
|
|
|
@1527
|
[1527]
|
04/16/08 15:22:54 |
kindlund |
Benign flash activity (IE7) - 2f174eecc05393f1a8a89075cb |
|
|
|
@1526
|
[1526]
|
04/16/08 15:20:29 |
kindlund |
Updated false positive (0b52f9a0ad4992fdb2abe5afa1). |
|
|
|
@1525
|
[1525]
|
04/16/08 15:16:52 |
kindlund |
False positive - (29fffdfc3dcc7eb6cdfa65609c). |
|
|
|
@1524
|
[1524]
|
04/16/08 14:41:12 |
kindlund |
Capture doesn't like extra spaces at the end of each EXL directive. |
|
|
|
@1522
|
[1522]
|
04/16/08 14:17:28 |
kindlund |
Exclusion list updates - IE7 accessing live.com which calls CardSpace … |
|
|
|
@1520
|
[1520]
|
04/16/08 13:34:40 |
kindlund |
Updated exclusion list to reflect Windows Side-by-Side benign activity. … |
|
|
|
@1517
|
[1517]
|
04/14/08 08:44:32 |
xkovah |
Replaced changes which got removed in r 1511 |
|
|
|
@1516
|
[1516]
|
04/11/08 11:42:39 |
xkovah |
a couple more misc ctfmon.exe entries |
|
|
|
@1515
|
[1515]
|
04/11/08 11:18:31 |
xkovah |
interesting thing with the language bar getting turned on after I did … |
|
|
|
@1514
|
[1514]
|
04/11/08 09:37:26 |
xkovah |
a new internationalization reg change found on the default IE7 |
|
|
|
@1513
|
[1513]
|
04/11/08 09:09:51 |
xkovah |
another false positive from IE7 running |
|
|
|
@1512
|
[1512]
|
04/10/08 10:58:01 |
xkovah |
+ SetValueKey C \WINDOWS\\explorer\.exe … |
|
|
|
@1511
|
[1511]
|
04/10/08 10:47:45 |
xkovah |
Added to the file:
#XENO: I recommend commenting out all blacklist entries … |
|
|
|
@1510
|
[1510]
|
04/09/08 22:01:40 |
kindlund |
False positive (d006934159767a7fc28160d5d1). |
|
|
|
@1509
|
[1509]
|
04/09/08 20:20:15 |
kindlund |
False positives (326851bdd43e32b5554e99a52e). |
|
|
|
@1508
|
[1508]
|
04/09/08 20:12:22 |
kindlund |
Updated IE7 white list (1d380b911f63801355d90ff5da). |
|
|
|
@1499
|
[1499]
|
04/09/08 15:47:11 |
kindlund |
Merging simpler_agent branch into trunk. |
|
|
|
@1464
|
[1464]
|
04/07/08 08:57:17 |
xkovah |
As Matt mentioned, we need to state where the modified capture source can … |
|
|
|
@1406
|
[1406]
|
03/31/08 15:01:15 |
kindlund |
Updated IE7 white list (f63e8556f0f2ef149f42040b3d). |
|
|
|
@1405
|
[1405]
|
03/31/08 14:58:38 |
kindlund |
Updated IE7 white list (81e7d88c1adf8af2753fda8e4a). |
|
|
|
@1404
|
[1404]
|
03/31/08 14:55:56 |
kindlund |
Updated IE7 false positives (7868808e44d97ba3acdf767d09). |
|
|
|
@1403
|
[1403]
|
03/31/08 14:17:02 |
kindlund |
Updated IE7 false positives (e7c8761830343d86a86bc6f46d). |
|
|
|
@1402
|
[1402]
|
03/31/08 14:13:08 |
kindlund |
Updated exclusion list for WMP (82b48848e7eef866c15071a252). |
|
|
|
@1400
|
[1400]
|
03/28/08 15:31:35 |
kindlund |
Updated per false positive (0cec38a5dfbca2defdae7f38c9). |
|
|
|
@1399
|
[1399]
|
03/27/08 23:47:47 |
kindlund |
More IE7 false positives. |
|
|
|
@1398
|
[1398]
|
03/27/08 23:10:56 |
kindlund |
Updated exclusion list. |
|
|
|
@1397
|
[1397]
|
03/27/08 23:04:05 |
kindlund |
More false positives for IE7. |
|
|
|
@1396
|
[1396]
|
03/27/08 22:58:20 |
kindlund |
More IE7 false positives. |
|
|
|
@1394
|
[1394]
|
03/27/08 21:36:18 |
kindlund |
More IE7 excludes. |
|
|
|
@1393
|
[1393]
|
03/27/08 21:11:31 |
kindlund |
Updated IE false positives, also ignored writes for .bat and .cmd files … |
|
|
|
@1392
|
[1392]
|
03/27/08 21:04:30 |
kindlund |
WMI false positive. |
|
|
|
@1391
|
[1391]
|
03/27/08 17:17:14 |
kindlund |
More IE7 whitelist entries. |
|
|
|
@1390
|
[1390]
|
03/27/08 17:04:47 |
kindlund |
Updated exclusion lists to support IE 7. |
|
|
|
@1388
|
[1388]
|
03/25/08 20:58:08 |
kindlund |
Accounting for additional whitelist activity (b7b5f0e08f4c8475d950c4a73c). |
|
|
|
@1387
|
[1387]
|
03/25/08 20:39:34 |
kindlund |
Updated exclusion list, per ticket #152 |
|
|
|
@1367
|
[1367]
|
03/25/08 10:08:23 |
kindlund |
Updated wmiprvse.exe false positive list (3e606c371a805a4c50274ad506). |
|
|
|
@1366
|
[1366]
|
03/24/08 20:54:57 |
kindlund |
More false positives, related to wmiprvse.exe (31fd1a012f1caca021feb94c08) |
|
|
|
@1361
|
[1361]
|
03/19/08 12:14:23 |
kindlund |
Updated exclusion list to reflect 8e4b27c9c03e5b2b8c193c3dad false … |
|
|
|
@1360
|
[1360]
|
03/19/08 12:09:37 |
kindlund |
Updated exclusion list, per 51a99a33ee8b78b45914980658 false positive. |
|
|
|
@1350
|
[1350]
|
03/11/08 13:43:51 |
kindlund |
Discovered that explorer.exe also purges IE history cache. |
|
|
|
@1349
|
[1349]
|
03/11/08 13:16:24 |
kindlund |
Updated false positive to reflect temporary files generated by flash. |
|
|
|
@1348
|
[1348]
|
03/10/08 11:54:15 |
kindlund |
Updated white list with further exclusions (windows update). |
|
|
|
@1347
|
[1347]
|
03/10/08 11:23:38 |
kindlund |
Updated white list for Windows Update. |
|
|
|
@1346
|
[1346]
|
03/07/08 16:36:28 |
kindlund |
Found more false-positive activity, re: ticket #144 |
|
|
|
@1345
|
[1345]
|
03/07/08 16:32:00 |
kindlund |
Added rule to exclude benign Flash activity, re: ticket #136 |
|
|
|
@1332
|
[1332]
|
03/06/08 15:58:23 |
kindlund |
Updated exclusion lists re: ticket #144 |
|
|
|
@1331
|
[1331]
|
03/05/08 19:06:50 |
kindlund |
Updated to reflect more false-positives (related to SSL traffic). |
|
|
|
@1330
|
[1330]
|
03/05/08 18:55:57 |
kindlund |
Fixed ticket #142. |
|
|
|
@1329
|
[1329]
|
03/05/08 18:42:18 |
kindlund |
Identified a false-positive, where VMwareService.exe writes .inf files to … |
|
|
|
@1328
|
[1328]
|
03/05/08 17:01:10 |
kindlund |
Excluded additional file activity by WMI Service. |
|
|
|
@1302
|
[1302]
|
03/03/08 14:24:08 |
kindlund |
Apparently, the exl language specification requires that each entry be … |
|
|
|
@1281
|
[1281]
|
02/28/08 10:00:21 |
kindlund |
XPath patch no longer needed, since we use capture for registry activity |
|
|
|
@1275
|
[1275]
|
02/28/08 09:05:50 |
kindlund |
Updated filesystem exclusion lists to correct bugs and account for … |
|
|
|
@1271
|
[1271]
|
02/27/08 14:40:47 |
kindlund |
Updated VM destruction logic. Added new registry/filesystem excludes. |
|
|
|
@1267
|
[1267]
|
02/27/08 11:27:18 |
kindlund |
Updated file monitor exclusion list, to account for legitimate downloads … |
|
|
|
@1243
|
[1243]
|
02/20/08 17:18:12 |
kindlund |
Migrated capture executable to a saner location. |
|
|
|
@696
|
[696]
|
07/18/07 22:21:10 |
kindlund |
Merged active_content branch back into trunk. |
|
|
|
@131
|
[131]
|
12/20/06 11:09:37 |
kindlund |
sc: merging branch using tags … |
|
|
|
@13
|
[13]
|
11/16/06 17:27:28 |
kindlund |
Initialized public repository with 0.9 release. |
