-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christian,
I've been trying to add an execption for this process: <system-event time="9/11/2008 17:58:49.202" type="process" process="C:\Program Files\Internet Explorer\iexplore.exe" action="created" object="C:\Program Files\Common Files\Nullsoft\ActiveX\2.4\AOLMediaPlaybackControl.exe"/ I tried adding these to the ProcessMonitor.exl file inside the vmware and also in the server's exclusion list to be sent: + AOLMediaPlaybackControl.exe .* C:\\Program Files\\Common Files\\Nullsoft\\ActiveX\\2.4\\AOLMediaPlaybackControl.exe + AOLMediaPlaybackControl.exe .* C:\\Program Files\\Common Files\\Nullsoft\\ActiveX\\2\.4\\AOLMediaPlaybackControl.exe + AOLMediaPlaybackControl.exe .* C:\\Program Files\\Common Files\\Nullsoft\\ActiveX\\2\.4\\AOLMediaPlaybackControl\.exe but It seems that it still cannot catch the exception. I'm not really sure when to use the "\." and "." on files or folders with that uses . (dots) because there's "wuauclt\.exe" and "iexplore.exe" on the example. Little help will be much appreciated. Thanks! ~Bernard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkXnKYACgkQh7LS1zTMMnOnAQCgmsN0GGNUfqky0geQ8lnN/1uh qXoAnjlyXfKnfCTE5jukKmQusfjt4s+I =cBdM -----END PGP SIGNATURE----- _______________________________________________ Capture-HPC mailing list [email protected] https://public.honeynet.org/mailman/listinfo/capture-hpc
