Greetings, I have some problem trying to detect a process running on the machine. Specifically, I want to detect the process "tor.exe" by using win_applications_rcl.txt Here's my directive:
[P2P] [any] [] p:=:tor.exe; Unfortunately, it's not working... there seems to be a problem with the = sign, if I use something like this: p:r:tor.exe; it works correctly. But then, since "r:" is used for regular expression, I get an alert for everything that contains "tor.exe", which is obviously not good. Any idea on how I can improve this? Thanks, Francesco -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
