woobook
May 10th, 2007, 06:15 AM
I have already added Exception Rules as follow:
##################################################
#Rules
##################################################
#C:\Program Files\......\XDICT.EXE ;;Kevlar;0
#C:\Program Files\......\XDICT.EXE ;;WriteProcessMemory;0
#C:\Program Files\......\XDICT.EXE ;;WriteProcessMemory;0
but it is not use, this is the log:
======
Event ID: BLINK-API-0
Severity: High
Description: Blink stopped an unprivileged WriteProcessMemory call. If you believe this application is not malicious, you can add it to a list of approved applications in the Config\apiex.ini file using this format 'FilePath;[Optional MD5];WriteProcessMemory;0'
BufferLength: 0000C106
ReturnLength: 0012F7F0
Caller process: (936)C:\Program Files\......\XDICT.EXE
Alert: Yes
BaseAddress: 048D3EF0
Target Process: (1316)BLINK.EXE
Buffer: 01F60048
-----------------------------------------------------
what's wrong?
##################################################
#Rules
##################################################
#C:\Program Files\......\XDICT.EXE ;;Kevlar;0
#C:\Program Files\......\XDICT.EXE ;;WriteProcessMemory;0
#C:\Program Files\......\XDICT.EXE ;;WriteProcessMemory;0
but it is not use, this is the log:
======
Event ID: BLINK-API-0
Severity: High
Description: Blink stopped an unprivileged WriteProcessMemory call. If you believe this application is not malicious, you can add it to a list of approved applications in the Config\apiex.ini file using this format 'FilePath;[Optional MD5];WriteProcessMemory;0'
BufferLength: 0000C106
ReturnLength: 0012F7F0
Caller process: (936)C:\Program Files\......\XDICT.EXE
Alert: Yes
BaseAddress: 048D3EF0
Target Process: (1316)BLINK.EXE
Buffer: 01F60048
-----------------------------------------------------
what's wrong?