Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Bouncer - Discussion & Support Thread
Message
<blockquote data-quote="WildByDesign" data-source="post: 487186" data-attributes="member: 48641"><p>[USER=2930]@exterminator20[/USER] Thank you for your previous reply and also thank you for tidying up the thread earlier, I appreciate that, sir.</p><p></p><p></p><p>The Beta Camp releases have all been updated on Febraury 29th and all drivers, both 64-bit and 32-bit, are now digitally signed. So now it is easier to test these beta builds without having to switch into Windows Test Mode. Beta Camp link is in post #1 at the top of this thread.</p><p></p><p>At the moment, at least within the beta builds, Bouncer is under the name Tuersteher which is where the name Bouncer is derived from. Tuersteher, in German, refers to the bouncer (or door man) at a local club or bar.</p><p></p><p>The Beta Camp releases have a more limited config file size, so I wanted to point that out first and foremost:</p><p></p><p>Bouncer 5KB</p><p>Pumpernickel 3KB</p><p>MemProtect 2KB</p><p></p><p>Each build contains some example configs to get started with. But I figured that I would share the configs that I am currently using on some test systems which are working very well and also fit within the file size limitation. So hopefully these rule sets may be beneficial for some users who may be getting started with any of these Beta Camp release builds.</p><p></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[SPOILER="Bouncer / Tuersteher.ini (5KB)"]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[CODE][#LETHAL]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[LOGGING]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[#SHA256]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[PARENTCHECK]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[CMDCHECK]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[WHITELIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">?:\PortableApps\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">?:\Program Files\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Temp\????????-????-????-????-????????????</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">Q:\140066.enu\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">D:\Bouncer\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">D:\Tools\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Program Files (x86)\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\ProgramData\CanonBJ\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\ProgramData\Adguard\Temp\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\ProgramData\Package Cache\{????????-????-????-????-????????????}\setup.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">!C:\Windows\Temp\{????????-????-????-????-????????????}\.ba1\mbahost.dll</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Packages\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Microsoft\OneDrive\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Temp\procexp64.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Apple\Apple Software Update\SetupAdmin.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Temp\{????????-????-????-????-????????????}\fpb.tmp</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Google\Chrome\User Data\PepperFlash\??.?.?.???\pepflashplayer.dll</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\ProgramData\Adobe\ARM\?\?????\AdobeARMHelper.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">!C:\Windows\Temp\??_?????.tmp\setup.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Temp\??_?????.tmp\setup.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Google\Chrome\User Data\SwReporter\?.??.?\software_reporter_tool.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">!C:\Windows\Temp\???????.tmp\*.dll</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Temp\???????.tmp\*.dll</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\*\updates\????????????????\updates\0\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbasecomps.dll</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Temp\????????-????-????-????-????????????\DismHost.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\*\AppData\Local\Temp\????????-????-????-????-????????????\*.dll</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">!C:\Windows\Temp\????????-????-????-????-????????????\DismHost.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">!C:\Windows\Temp\????????-????-????-????-????????????\*.dll</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">!C:\Windows\Temp\DPTF\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">!C:\Windows\Temp\MP*.DLL</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Windows\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\????????????????????\mrtstub.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Users\TIFFAN~1\AppData\Local\Temp\??????.tmp\*.dll</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[BLACKLIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*iexplore.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*regedit.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*bitsadmin.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*cipher.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*syskey.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*vssadmin.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*regedit.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*Regsvcs*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*RegAsm*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*wusa*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">?:\$Recycle*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*vssadmin.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*aspnet_compiler.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*csc.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*jsc.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*vbc.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*ilasm.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*MSBuild.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*script.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*journal.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*bitsadmin*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*iexpress.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*mshta.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*systemreset.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*bcdedit.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*mstsc.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*powershell.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*powershell_ise.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*hh.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*set.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*setx.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*InstallUtil.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*IEExec.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*DFsvc.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*dfshim.dll</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*PresentationHost.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Windows\Temp\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[PARENTWHITELIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[PARENTBLACKLIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[CMDWHITELIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[CMDBLACKLIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[EOF]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[/CODE]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[/SPOILER]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[SPOILER="Pumpernickel.ini (3KB)"]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[CODE][#LETHAL]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[LOGGING]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[WHITELIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>C:\Users\*\AppData\Local\Temp\etilqs_*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>C:\Users\*\AppData\Roaming\Microsoft\Windows\Recent*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>C:\Users\*\AppData\Local\Google\Chrome\User Data*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>C:\Users\*\AppData\Local\Microsoft\Windows\Explorer\*cache_*.db</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>C:\Users\*\AppData\Local\Microsoft\Windows\INetCache\counters.dat</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>C:\Users\*\AppData\LocalLow\Microsoft\CryptnetUrlCache\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>C:\Users\*\AppData\Local\Temp\???*.tmp</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>C:\Users\*\AppData\Local\Temp\????_???*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>C:\Users\*\AppData\Local\Temp\scoped_dir_????_????*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*chrome.exe>D:\Downloads*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*firefox.exe>*\Mozilla\Profiles\Firefox*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*firefox.exe>C:\Users\*\AppData\Local\Temp\etilqs_*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*firefox.exe>C:\Users\*\AppData\Local\Microsoft\Windows\INetCache\counters.dat</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*firefox.exe>C:\Users\*\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*firefox.exe>C:\Users\*\AppData\Local\Temp\mozilla-temp-files*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*firefox.exe>C:\Users\*\AppData\Local\Mozilla\updates\????????????????*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*firefox.exe>C:\Users\*\AppData\Roaming\Mozilla\Firefox\Crash Reports\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*firefox.exe>D:\Downloads*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Windows\System32\*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Windows\explorer.exe>C:\Users\*\AppData\Local\Microsoft\Windows\Explorer\*.db</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Program Files (x86)\Adguard\AdguardSvc.exe>C:\ProgramData\Adguard\*.db*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">Q:\140066.enu\Office14\*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">!*notepad.exe>D:\Tools-Protected\Test\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[BLACKLIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*explorer.exe>D:\Tools-Protected\Test*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[EOF]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[/CODE]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[/SPOILER]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[SPOILER="MemProtect.ini (2KB)"]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[CODE][#LETHAL]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[LOGGING]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[WHITELIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Windows\*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Program Files\*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\Program Files (x86)\*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">?:\PortableApps\*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">?:\Program Files\*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">D:\Tools\*>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*ProcessHacker.exe>C:\Windows\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*ProcessHacker.exe>C:\Program Files (x86)\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*ProcessHacker.exe>C:\Program Files\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*ProcessHacker.exe>*peview.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*peview.exe>*ProcessHacker.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*procexp.exe>C:\Windows\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*procexp.exe>C:\Program Files (x86)\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*procexp.exe>C:\Program Files\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*procexp64.exe>C:\Windows\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*procexp64.exe>C:\Program Files (x86)\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*procexp64.exe>C:\Program Files\*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*procexp.exe>*procexp64.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">*procexp64.exe>*procexp.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\ProgramData\Adguard\Temp\?.?.???.???*\setup-?.?.???.???*.exe>*</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\ProgramData\Package Cache\{????????-????-????-????-????????????}\setup.exe>C:\ProgramData\Package Cache\{????????-????-????-????-????????????}\setup.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">C:\ProgramData\Package Cache\{????????-????-????-????-????????????}\setup.exe>C:\ProgramData\Adguard\Temp\?.?.???.???*\setup-?.?.???.???*.exe</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[BLACKLIST]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[EOF]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[/CODE]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'">[/SPOILER]</span></span></p><p><span style="font-size: 15px"><span style="font-family: 'Open Sans'"></span></span></p><p><span style="font-family: 'Open Sans'"><span style="font-size: 15px">So all of those rules are working perfectly well on a Windows 10 64-bit machine and I have also tested them on a Windows 7 32-bit virtual machine as well. You don't have to use all of the drivers, of course. From a learning perspective, it is best to use one at a time and utilize the detailed logging (and in non-lethal non-blocking mode) to give a great idea of what all activity is going on within your system.</span></span></p><p><span style="font-family: 'Open Sans'"><span style="font-size: 15px"></span></span></p><p><span style="font-family: 'Open Sans'"><span style="font-size: 15px">As always, if anyone has any questions or needs some help with anything, I am more than happy to help out whenever possible. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></span></span></p></blockquote><p></p>
[QUOTE="WildByDesign, post: 487186, member: 48641"] [USER=2930]@exterminator20[/USER] Thank you for your previous reply and also thank you for tidying up the thread earlier, I appreciate that, sir. The Beta Camp releases have all been updated on Febraury 29th and all drivers, both 64-bit and 32-bit, are now digitally signed. So now it is easier to test these beta builds without having to switch into Windows Test Mode. Beta Camp link is in post #1 at the top of this thread. At the moment, at least within the beta builds, Bouncer is under the name Tuersteher which is where the name Bouncer is derived from. Tuersteher, in German, refers to the bouncer (or door man) at a local club or bar. The Beta Camp releases have a more limited config file size, so I wanted to point that out first and foremost: Bouncer 5KB Pumpernickel 3KB MemProtect 2KB Each build contains some example configs to get started with. But I figured that I would share the configs that I am currently using on some test systems which are working very well and also fit within the file size limitation. So hopefully these rule sets may be beneficial for some users who may be getting started with any of these Beta Camp release builds. [SIZE=4][FONT=Open Sans][SPOILER="Bouncer / Tuersteher.ini (5KB)"] [CODE][#LETHAL] [LOGGING] [#SHA256] [PARENTCHECK] [CMDCHECK] [WHITELIST] ?:\PortableApps\* ?:\Program Files\* C:\Users\*\AppData\Local\Temp\????????-????-????-????-???????????? Q:\140066.enu\* C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\* D:\Bouncer\* D:\Tools\* C:\Program Files (x86)\* C:\ProgramData\CanonBJ\* C:\ProgramData\Adguard\Temp\* C:\ProgramData\Package Cache\{????????-????-????-????-????????????}\setup.exe !C:\Windows\Temp\{????????-????-????-????-????????????}\.ba1\mbahost.dll C:\Users\*\AppData\Local\Packages\* C:\Users\*\AppData\Local\Microsoft\OneDrive\* C:\Users\*\AppData\Local\Temp\procexp64.exe C:\Users\*\AppData\Local\Apple\Apple Software Update\SetupAdmin.exe C:\Users\*\AppData\Local\Temp\{????????-????-????-????-????????????}\fpb.tmp C:\Users\*\AppData\Local\Google\Chrome\User Data\PepperFlash\??.?.?.???\pepflashplayer.dll C:\ProgramData\Adobe\ARM\?\?????\AdobeARMHelper.exe !C:\Windows\Temp\??_?????.tmp\setup.exe C:\Users\*\AppData\Local\Temp\??_?????.tmp\setup.exe C:\Users\*\AppData\Local\Google\Chrome\User Data\SwReporter\?.??.?\software_reporter_tool.exe !C:\Windows\Temp\???????.tmp\*.dll C:\Users\*\AppData\Local\Temp\???????.tmp\*.dll C:\Users\*\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe C:\Users\*\AppData\Local\*\updates\????????????????\updates\0\* *\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbasecomps.dll C:\Users\*\AppData\Local\Temp\????????-????-????-????-????????????\DismHost.exe C:\Users\*\AppData\Local\Temp\????????-????-????-????-????????????\*.dll !C:\Windows\Temp\????????-????-????-????-????????????\DismHost.exe !C:\Windows\Temp\????????-????-????-????-????????????\*.dll !C:\Windows\Temp\DPTF\* !C:\Windows\Temp\MP*.DLL C:\Windows\* C:\????????????????????\mrtstub.exe C:\Users\TIFFAN~1\AppData\Local\Temp\??????.tmp\*.dll [BLACKLIST] *iexplore.exe *regedit.exe *bitsadmin.exe *cipher.exe *syskey.exe *vssadmin.exe *regedit.exe *Regsvcs* *RegAsm* *wusa* ?:\$Recycle* *vssadmin.exe *aspnet_compiler.exe *csc.exe *jsc.exe *vbc.exe *ilasm.exe *MSBuild.exe *script.exe *journal.exe *bitsadmin* *iexpress.exe *mshta.exe *systemreset.exe *bcdedit.exe *mstsc.exe *powershell.exe *powershell_ise.exe *hh.exe *set.exe *setx.exe *InstallUtil.exe *IEExec.exe *DFsvc.exe *dfshim.dll *PresentationHost.exe C:\Windows\Temp\* [PARENTWHITELIST] *>* [PARENTBLACKLIST] [CMDWHITELIST] *>* [CMDBLACKLIST] [EOF] [/CODE] [/SPOILER] [SPOILER="Pumpernickel.ini (3KB)"] [CODE][#LETHAL] [LOGGING] [WHITELIST] *chrome.exe>C:\Users\*\AppData\Local\Temp\etilqs_* *chrome.exe>C:\Users\*\AppData\Roaming\Microsoft\Windows\Recent* *chrome.exe>C:\Users\*\AppData\Local\Google\Chrome\User Data* *chrome.exe>C:\Users\*\AppData\Local\Microsoft\Windows\Explorer\*cache_*.db *chrome.exe>C:\Users\*\AppData\Local\Microsoft\Windows\INetCache\counters.dat *chrome.exe>C:\Users\*\AppData\LocalLow\Microsoft\CryptnetUrlCache\* *chrome.exe>C:\Users\*\AppData\Local\Temp\???*.tmp *chrome.exe>C:\Users\*\AppData\Local\Temp\????_???* *chrome.exe>C:\Users\*\AppData\Local\Temp\scoped_dir_????_????* *chrome.exe>D:\Downloads* *firefox.exe>*\Mozilla\Profiles\Firefox* *firefox.exe>C:\Users\*\AppData\Local\Temp\etilqs_* *firefox.exe>C:\Users\*\AppData\Local\Microsoft\Windows\INetCache\counters.dat *firefox.exe>C:\Users\*\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations* *firefox.exe>C:\Users\*\AppData\Local\Temp\mozilla-temp-files* *firefox.exe>C:\Users\*\AppData\Local\Mozilla\updates\????????????????* *firefox.exe>C:\Users\*\AppData\Roaming\Mozilla\Firefox\Crash Reports\* *firefox.exe>D:\Downloads* C:\Windows\System32\*>* C:\Windows\explorer.exe>C:\Users\*\AppData\Local\Microsoft\Windows\Explorer\*.db C:\Program Files (x86)\Adguard\AdguardSvc.exe>C:\ProgramData\Adguard\*.db* Q:\140066.enu\Office14\*>* !*notepad.exe>D:\Tools-Protected\Test\* [BLACKLIST] *explorer.exe>D:\Tools-Protected\Test* [EOF] [/CODE] [/SPOILER] [SPOILER="MemProtect.ini (2KB)"] [CODE][#LETHAL] [LOGGING] [WHITELIST] C:\Windows\*>* C:\Program Files\*>* C:\Program Files (x86)\*>* ?:\PortableApps\*>* ?:\Program Files\*>* D:\Tools\*>* *ProcessHacker.exe>C:\Windows\* *ProcessHacker.exe>C:\Program Files (x86)\* *ProcessHacker.exe>C:\Program Files\* *ProcessHacker.exe>*peview.exe *peview.exe>*ProcessHacker.exe *procexp.exe>C:\Windows\* *procexp.exe>C:\Program Files (x86)\* *procexp.exe>C:\Program Files\* *procexp64.exe>C:\Windows\* *procexp64.exe>C:\Program Files (x86)\* *procexp64.exe>C:\Program Files\* *procexp.exe>*procexp64.exe *procexp64.exe>*procexp.exe C:\ProgramData\Adguard\Temp\?.?.???.???*\setup-?.?.???.???*.exe>* C:\ProgramData\Package Cache\{????????-????-????-????-????????????}\setup.exe>C:\ProgramData\Package Cache\{????????-????-????-????-????????????}\setup.exe C:\ProgramData\Package Cache\{????????-????-????-????-????????????}\setup.exe>C:\ProgramData\Adguard\Temp\?.?.???.???*\setup-?.?.???.???*.exe [BLACKLIST] [EOF] [/CODE] [/SPOILER] [/FONT][/SIZE] [FONT=Open Sans][SIZE=4]So all of those rules are working perfectly well on a Windows 10 64-bit machine and I have also tested them on a Windows 7 32-bit virtual machine as well. You don't have to use all of the drivers, of course. From a learning perspective, it is best to use one at a time and utilize the detailed logging (and in non-lethal non-blocking mode) to give a great idea of what all activity is going on within your system. As always, if anyone has any questions or needs some help with anything, I am more than happy to help out whenever possible. :)[/SIZE][/FONT] [/QUOTE]
Insert quotes…
Verification
Post reply
Top