Hi Emilio The lines I added are: + Delete .* C:\\WINDOWS\\system32\\Macromed\\Flash\\testUpdate.txt + SetValueKey .* HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\FlashPlayerUpdate.*
And yet, even in RegistryMonitor.exl, it doesn't work. Could you please share the exclusion rules you added? Thanks, Moshe -----Original Message----- From: capture-hpc-boun...@public.honeynet.org [mailto:capture-hpc-boun...@public.honeynet.org] On Behalf Of capture-hpc-requ...@public.honeynet.org Sent: Tuesday, January 19, 2010 7:00 PM To: capture-hpc@public.honeynet.org Subject: Capture-HPC Digest, Vol 32, Issue 3 Send Capture-HPC mailing list submissions to capture-hpc@public.honeynet.org To subscribe or unsubscribe via the World Wide Web, visit https://public.honeynet.org/mailman/listinfo/capture-hpc or, via email, send a message with subject or body 'help' to capture-hpc-requ...@public.honeynet.org You can reach the person managing the list at capture-hpc-ow...@public.honeynet.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Capture-HPC digest..." Today's Topics: 1. Re: RE: Can't exclude a registry (Emilio Casbas) ---------------------------------------------------------------------- Message: 1 Date: Tue, 19 Jan 2010 11:26:24 +0100 From: Emilio Casbas <ecas...@gmail.com> Subject: Re: [Capture-HPC] RE: Can't exclude a registry To: General discussion list for Capture-HPC users <capture-hpc@public.honeynet.org> Message-ID: <659d59b51001190226n2b090e28n90469555ded33...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Don't know exactly why, but moving up the problematic lines on the RegistryMonitor.exl solved the issue. Regards Emilio 2009/12/2 Moshe Basanchig <mbasanc...@finjan.com> > Same here, > > I'm having the exact same issue. > Suggestions? > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://public.honeynet.org/pipermail/capture-hpc/attachments/20100119/bea1ebec/attachment-0001.html ------------------------------ _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc End of Capture-HPC Digest, Vol 32, Issue 3 ******************************************
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
