hi, i have yet another problem. this time it's the exclusion lists.

i found the following line in the report files of detections:

"process","11/05/2011 06:59:11.388","2672","C:\Program Files\Internet  
Explorer\iexplore.exe","created","3088","C:\WINDOWS\system32\notepad.exe"

this usually happens when a css file is accessed and opened with notepad

in order to prevent these activities from being considered malicious i  
added the following line to the 'ProcessMonitor.exl'.

+       C:\\Program Files\\Internet  
Explorer\\iexplore.exe  .*      C:\\WINDOWS\\system32\\notepad.exe

but unfortunately it still considers urls that trigger internet  
explorer to open notepad, malicious, so the exclusion for some reason  
does not seem to work. any ideas what the reason could be or what i  
can do against it?

regards, florian

_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc

Reply via email to