New Update Huorong Internet Security (Updates)

Petrovic · Jun 28, 2022

Jerry.Lin said:
My HIPS rules for Huorong
Check out if you're interested: GitHub - JerryLinLinLin/Huorong-ATP-Rules: 一款火绒增强HIPS自定义规则

+
Trojan.StartupFolderMalDropper.A
*\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js?
like *.jse

Jerry.Lin · Jun 28, 2022

Petrovic said:
There are currently no plans for rules for IP Firewall?

No plans yet.

Petrovic · Jun 29, 2022

@Jerry.Lin
+ hosts protection

Petrovic · Jun 30, 2022

Petrovic said:
+
Trojan.StartupFolderMalDropper.A
*\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js?
like *.jse

+
*.wsf

Sunshine-boy · Jun 30, 2022

Jerry.Lin said:
scan engine.

Hello can you pls tell me what this article means? ty

火绒安全与英特尔vPro平台合作，共筑软硬件协同安全新格局

www.huorong.cn

Petrovic · Jun 30, 2022

Sunshine-boy said:
Hello can you pls tell me what this article means? ty

火绒安全与英特尔vPro平台合作，共筑软硬件协同安全新格局

火绒安全与英特尔vPro平台合作，共筑软硬件协同安全新格局

www.huorong.cn

huorong+intel - Google Search

Jerry.Lin · Jun 30, 2022

Petrovic said:
@Jerry.Lin
+ hosts protection
View attachment 267767

Host file is already covered by the default rules.

Jerry.Lin · Jun 30, 2022

Petrovic said:
+
*.wsf

Any samples/references of real-world malware that are doing that?

Petrovic · Jul 1, 2022

Jerry.Lin said:
Any samples/references of real-world malware that are doing that?

_CH8576394.wsf (MD5: 8E0FD927F008AD42FB07B4A8B20A8098) - Interactive analysis - ANY.RUN

Jerry.Lin · Jul 1, 2022

Petrovic said:
_CH8576394.wsf (MD5: 8E0FD927F008AD42FB07B4A8B20A8098) - Interactive analysis - ANY.RUN

I don't see it drops in the startup folder?

Is Suspicious.ScriptHost enough for this sample?

Petrovic · Jul 5, 2022

Jerry.Lin said:
My HIPS rules for Huorong
Check out if you're interested: GitHub - JerryLinLinLin/Huorong-ATP-Rules: 一款火绒增强HIPS自定义规则

v0.1.6
What's Changed
-Add Trojan.Nanocore ruleset
-Fix ReadBrowserData false positives
-Fix a description error in the document generation script

Release v0.1.6 · JerryLinLinLin/Huorong-ATP-Rules

更新日志新增Trojan.Nanocore规则组修复ReadBrowserData部分误报修复文档生成脚本部分描述错误 What's Changed Add Trojan.Nanocore ruleset Fix ReadBrowserData false positives Fix a description error in the document generation s...

github.com

Petrovic · Jul 7, 2022

5.0.69.1

Defence driver
Scan engine (Bundle)
Scan engine (XSSE)
Scan engine (Cobra)
Log program
Tray program
Netflux program
UI resource (Main)
UI resource (Log)
UI resource (HRConfig)
UI resource (NetFlow)
UI resource (FileShred)
UI resource (VULScan)
Virtual sandbox (DAT)
Virus definitions (PROP)
Virus definitions (PSET)
Virus definitions (TROJ)
Behavior analysis definitions
Malicious website definitions
VULScan database

Petrovic · Jul 18, 2022

5.0.69.2

Scan engine (XSSE)
Virtual sandbox (DAT)
Virtual sandbox (TDL)
Virus definitions (PROP)
Virus definitions (PSET)
Virus definitions (TROJ)
Defence database
Behavior analysis definitions
Malicious website definitions
Application reinforcement database
PopupBlocker database
VULScan database

likeastar20 · Jul 18, 2022

The protection is still not optimal, but the rest is pretty nice(UI, Scanning Speed, Removal etc.)
Also, they should make an English website.

Petrovic · Jul 20, 2022

5.0.69.3

Defence driver
Virtual sandbox (DAT)
Virus definitions (PROP)
Virus definitions (PSET)
Virus definitions (TROJ)
Defence database
Behavior analysis definitions
Malicious website definitions

storm · Jul 30, 2022

Jerry.Lin said:
My HIPS rules for Huorong
Check out if you're interested: GitHub - JerryLinLinLin/Huorong-ATP-Rules: 一款火绒增强HIPS自定义规则

please add AI to Huorong

Petrovic · Aug 18, 2022

Huorong_ATP_Rules_v0.1.7

Release v0.1.7 · JerryLinLinLin/Huorong-ATP-Rules

更新日志新增遥测组别 Telemetry ，默认状态为关闭新增以下规则组： Suspicious.AppCertDLLs Suspicious.AppInitDLLs Suspicious.NetDebugger Suspicious.NetWinAppXRT Telemetry.ActiveSetup Telemetry.CredentialProviders Telemetry....

github.com

Added new group category Telemetry, the default state is off
The following rule groups have been added:
Suspicious.AppCertDLLs
Suspicious.AppInitDLLs
Suspicious.NetDebugger
Suspicious.NetWinAppXRT
Telemetry.ActiveSetup
Telemetry.CredentialProviders
Telemetry.LSAConfig
Telemetry.PowerShell
Telemetry.ReadBrowserData
Telemetry.TerminalServer
Other ruleset adjustments

Petrovic · Aug 19, 2022

5.0.69.5

Firewall driver
Defence driver
Scan center
Scan engine (libcodecs)
Scan engine (Bundle)
Scan engine (XSSE)
Main program
Tray program
Security service
UI resource (HRConfig)
Uninstaller
SysRepair program
Virtual sandbox (DAT)
Virus definitions (PROP)
Virus definitions (PSET)
Virus definitions (TROJ)
Behavior analysis definitions
Website control database

Petrovic · Sep 3, 2022

5.0.69.7

UI resource (SysClean)
Virtual sandbox (DAT)
Virus definitions (PROP)
Virus definitions (PSET)
Virus definitions (TROJ)
Malicious website definitions
Website control database

Petrovic · Sep 5, 2022

5.0.69.8

Firewall driver
Defence driver
Virus definitions (PROP)
Virus definitions (PSET)
Virus definitions (TROJ)

New Update Huorong Internet Security (Updates)

Level 64

Level 2

Level 64

Level 64

Level 28

Level 64

Level 2

Level 2

Level 64

Level 2

Level 64

Level 64

Level 64

Level 8

Level 64

New Member

Level 64

Level 64

Level 64

Level 64

Similar threads