plaso-rubanetra/test_data/AccessProtectionLog.txt
2020-04-06 18:48:34 +02:00

15 lines
4.4 KiB
Plaintext

9/27/2013 2:42:26 PM Blocked by Access Protection rule SOMEDOMAIN\someUser C:\Windows\System32\procexp64.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
9/27/2013 2:42:39 PM Blocked by Access Protection rule SOMEDOMAIN\someUser C:\Windows\System32\procexp64.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
9/27/2013 2:42:39 PM Blocked by Access Protection rule SOMEDOMAIN\someUser C:\Windows\System32\procexp64.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
9/27/2013 2:42:40 PM Blocked by Access Protection rule SOMEDOMAIN\someUser C:\Windows\System32\procexp64.exe C:\Program Files (x86)\McAfee\Common Framework\McTray.exe Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
7/17/2013 1:49:34 PM Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\Windows\System32\powercfg.exe \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings Action blocked : Create
7/17/2013 1:49:34 PM Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\Windows\System32\powercfg.exe C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Anti-virus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
7/17/2013 1:53:31 PM Would be blocked by Access Protection rule (rule is currently not enforced) TheGrid\clu C:\Windows\system32\taskhost.exe C:\Windows\Temp\SDIAG_1893e055-45e8-4dda-a6fc-036616ec15c7\DiagPackage.dll Common Maximum Protection:Prevent creation of new executable files in the Windows folder Action blocked : Create
7/17/2013 1:53:32 PM Would be blocked by Access Protection rule (rule is currently not enforced) TheGrid\clu C:\Windows\System32\sdiagnhost.exe \REGISTRY\USER\S-1-5-21-218510691-2140962509-2033415169-18142\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings Action blocked : Create
7/30/2013 10:06:05 AM Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\Windows\TEMP\InstallPlugin_11_8_800_94.exe C:\Windows\Temp\{49568447-C9D4-4C19-942B-4472959CBC07}\fpb.tmp Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder Action blocked : Execute
7/30/2013 10:06:06 AM Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\Windows\TEMP\InstallPlugin_11_8_800_94.exe C:\Windows\Temp\{05007B29-A945-4346-8B04-7DD2F5453280}\InstallFlashPlayer.exe Common Maximum Protection:Prevent creation of new executable files in the Windows folder Action blocked : Create
7/30/2013 10:18:02 AM Would be blocked by port blocking rule (rule is currently not enforced) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Common Maximum Protection:Prevent HTTP communication 23.56.2.70:443
7/30/2013 10:22:48 AM Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Users\tron\AppData\Roaming\Mozilla\Firefox\prfD430.tmp Common Standard Protection:Protect Mozilla & FireFox files and settings Action blocked : Create
7/30/2013 10:22:48 AM Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Users\tron\AppData\Roaming\Mozilla\Firefox\Profiles\w77xlhgl.default\webapps\prfD432.tmp Common Standard Protection:Protect Mozilla & FireFox files and settings Action blocked : Delete
7/30/2013 10:22:48 AM Would be blocked by Access Protection rule (rule is currently not enforced) NT AUTHORITY\SYSTEM C:\Windows\system32\svchost.exe C:\Users\tron\AppData\Roaming\Mozilla\Firefox\Profiles\w77xlhgl.default\prfD431.tmp Common Standard Protection:Protect Mozilla & FireFox files and settings Action blocked : Create