hi, i have yet another problem. this time it's the exclusion lists. i found the following line in the report files of detections:
"process","11/05/2011 06:59:11.388","2672","C:\Program Files\Internet Explorer\iexplore.exe","created","3088","C:\WINDOWS\system32\notepad.exe" this usually happens when a css file is accessed and opened with notepad in order to prevent these activities from being considered malicious i added the following line to the 'ProcessMonitor.exl'. + C:\\Program Files\\Internet Explorer\\iexplore.exe .* C:\\WINDOWS\\system32\\notepad.exe but unfortunately it still considers urls that trigger internet explorer to open notepad, malicious, so the exclusion for some reason does not seem to work. any ideas what the reason could be or what i can do against it? regards, florian _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc