NoVirusThanks OSArmor: An Additional Layer of Defense

Discussion in 'other anti-malware software' started by novirusthanks, Dec 17, 2017.

  1. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    Thanks for the purchases guys!

    @paulderdash

    Yes licenses are auto-renewed by default after 1 year (if they have not been canceled by the user).

    All coupon codes released until today are permanent, so they will be maintained at every renewal (including the WILDERS20 you used).

    That means at the next renewals you will pay the same amount you paid on the first year.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    I'm also still using the free version and I wanted to say that so far it's not causing any problems on Win 10, even though Win 10 is way more complex than Win 8.1, when it comes to the amount of processes and services (from mostly M$) that are running. So good job and in the future I might buy a license.

    What about further development of EXE Radar, or are you busy with other stuff? Of course it's already pretty good, it just needs a bit of tweaking here and there.
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Does OsArmor has network protection?
     
  4. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,218
    Location:
    Brooklyn, NY
    Hi, sent Personal Message. Flashed the motherboard BIOS today and got a popup notice stating "the machine fingerprint has changed" upon machine restart. Entered my key in the box and got this notice:

    osalic2.PNG
    Interesting, didn't know this could happen but it does, obviously.
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    https://www.wilderssecurity.com/thr...layer-of-defense.398859/page-127#post-2973477

    Happened to me too: https://www.wilderssecurity.com/thr...layer-of-defense.398859/page-126#post-2967233
     
  6. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,218
    Location:
    Brooklyn, NY
    Great, thanks, paulderdash, this was the answer. Yes, your issue is/was the same, I'm glad you posted this. I should have searched first, my mistake.

    In addition to jumping thru all the hoops, I had to reinstall OSArmor altogether in order to re-submit my key. No box had shown up after I hit the "license status" tab, or any related tab for that matter.

    Anyhow, it's activated again, thanks to your links. At least it's better in one respect than HitmanPro-- you have to contact support and then wait a hot minute until the customer support contacts you. :isay::oops::isay:

    Edit: OSA just auto-updated to v. 1.5.2. Hopefully this license issue was addressed. Maybe there will be a changelog.
     
    Last edited: Dec 20, 2020
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    And it will be fixed in the next version. :thumb:
     
  8. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,218
    Location:
    Brooklyn, NY
    Yes, it just updated. :) There's a "Deactivate" box in the activation window. Is that the change? Can't remember if it was there or not in the prev. version.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    I am falling in love with OSArmor Personal beautiful program and alot of goodies in the advance settings :);)
     
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    As test, with 1.5.2 internal rules not checked. Sandboxie-Plus sandbox contents is deleted. Is safe process not blocked an example of OSArmor false positive?
    png_8358.png
    Process: [12516]C:\Windows\System32\cmd.exe
    Process MD5 Hash: 321A50053155122E6ACE9691197A8E3F
    Parent: [9992]C:\Program Files\Sandboxie-Plus\Start.exe
    Rule: BlockCmdExeExecution
    Rule Name: Block execution of Windows Command Prompt (cmd.exe)
    Command Line: C:\WINDOWS\System32\cmd.exe /c rmdir /s /q "C:\Sandbox\bjm\__Delete_Edge_01D6D77009328A6D"
    Signer: <NULL>
    Parent Signer: <NULL>
    User/Domain: bjm/DESKTOP-DELL
    System File: True
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium
     
    Last edited: Dec 21, 2020
  11. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @bjm_

    Yes that action (false positive) is safely whitelisted in the internal rules with option "Enable internal rules for allowing safe behaviors".

    @jmonge

    Great! Glad you like the program =)

    @plat1098

    You can deactivate a device eighter via Customer Portal (useful if you don't have access to the device) or via "Deactivate" button on Activator GUI.

    The issue with the BIOS flash that invalidates the license is not yet fixed, will be done in 1.5.3 or 1.5.4 version.

    //Everyone

    We're finishing to update OSA Configurator, here are some previews:

    1.png

    2.png


    A lot has changed: you'll be able to search rules, view only specific rules (groups), select/unselect all rules in a group, export/import rules, apply security profiles, export protections and/or program settings, reset to default, and much more.
     
  12. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    Thanks, Andreas. The screenshots look very promising. Impatiently looking forward to the release of the next version.:geek:
     
  13. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    OSA internal rules - whitelist is user readable?
    OSA internal rules - whitelist is periodically reviewed?
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    How to correct Exclude rule for "Block execution of Microsoft Edge" that's not working, for me?
    png_8376.png png_8375.png
    Date/Time: 12/22/2020 1:30:24 AM
    Process: [7132]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [12180]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,17243410946773333132,8342320125941711541,131072 --enable-features=DnsOverHttps --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4292 /prefetch:2
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    Date/Time: 12/22/2020 1:30:24 AM
    Process: [4872]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [12180]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,17243410946773333132,8342320125941711541,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=3836 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    Date/Time: 12/22/2020 1:30:23 AM
    Process: [9272]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [12180]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,17243410946773333132,8342320125941711541,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=2980 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    Date/Time: 12/22/2020 1:30:23 AM
    Process: [4136]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [12180]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,17243410946773333132,8342320125941711541,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=3308 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium
    ++== Passive Logging ==++

    Date/Time: 12/22/2020 1:36:46 AM
    Process: [9212]C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Process MD5 Hash: 7DF126F33228BBA87B6B9985F7BA0307
    Parent: [11008]C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: SYSTEM/NT AUTHORITY
    System File: False
    Parent System File: False
    Integrity Level: System
    Parent Integrity Level: System


    ++== Passive Logging ==++

    Date/Time: 12/22/2020 1:33:12 AM
    Process: [1916]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [3612]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,18292626907296573727,13917457668220354608,131072 --enable-features=DnsOverHttps --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16032 --gpu-sub-system-id=147656744 --gpu-revision=0 --gpu-driver-version=26.20.100.7463 --start-stack-profiler --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2580 /prefetch:2
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium
    Is Exclude rule not working because my Edgium has Profile 1 & Profile 2?
     
    Last edited: Dec 22, 2020
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    I sprung for the 50% perpetual off on license renewals. Just installed OSA yesterday for the first time on Win 10 x(64) 20H2 with Eset Internet Security 14.0.22 build.

    I do have a couple of questions:

    1. Below is a Process Explorer screenshot showing OSA DevSvc and License Manager with deep purple color. This indicates use of packed executable's; something I have never seen before. Is this legit?

    OSA_Packed_Images.png

    Also PE shows DevSvc using 60K memory but Win task manager only shows it using 20K memory?

    2. How do you update OSA with auto update disabled by default? Is there a manual way within the GUI to check for updates - I couldn't find the setting?

    Also with auto updating disabled, does OSA show an alert that a new version is available?

    -EDIT-

    Also is there anyway to test OSA to make sure its functional?

    It did not detect this process hollowing test: ~ Removed VirusTotal Results as per Policy ~

    Nor was this reflective .dll injection test against explorer.exe: ~ Removed VirusTotal Results as per Policy ~ , detected.

    At this point, I can't say I am overly enthused with OSA detection.
     
    Last edited by a moderator: Dec 22, 2020
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    How can I pasword protect OSArmor Personal?
     
  17. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    Re: "Block execution of unsigned processes on _____"
    Does OSA verify the integrity of signature information with signed processes?
    Or, OSA only checks whether processes have signature information?
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    OK. Since mods removed VT link I posted, the reflective .dll test process name is inject.x64.exe. It's MD5 hash is fb2314ef8dea599d5e456283aa7965e9.

    Also I was finally able to get a suspicious detection from OSA for the old HMP-A test tool of all things. I had renamed it to iexplore.exe which BTW is one of the recommended ways to use this test tool; rename it to a browser .exe. Appears the suspicious detection is triggered when internal PE header name doesn't match actual file .exe name.
     
  21. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @bjm_

    No, it is internal only (non-modificable by user)

    Yes

    The command-line string changes always at evert MSEdge execution, you may need to use wildcard * for characters that changes, or do not use command-line in exclusion rule.

    Example:

    Code:
    [%PROCESS%: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe] [%PARENTPROCESS%: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe] [%PROCESSCMDLINE%: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" *]
    Yes, we check that the certificate is also valid.

    @itman

    1. Yes that is fine, OSA exes are protected and compressed by using a third-party well-known commercial application protector.

    2. At the moment there is no option to check for updates from GUI or to be just notified of a new version (is already in the todo list), we added only the option to auto-update OSA directly.

    You may want to subscribe to our newsletter and be notified via email once there is a new version, you can then install over-the-top the new version manually in case.

    Yes, rename a .exe file in invoice.pdf.exe and it should be blocked.

    About your two malware samples tested, in this link I wrote a few notes about testing OSA against malware:

    https://www.wilderssecurity.com/thr...layer-of-defense.398859/page-119#post-2938468

    Here is an old video where I tested OSA with HMA test tool:
    https://www.youtube.com/watch?v=2fUBOVbAHcE

    HMA was renamed to opera.exe
     
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    Yes, I tried command-line wildcard w/wo space at wild card = No joy
    Code:
    [%PROCESS%: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe] [%PROCESSCMDLINE%: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" *] [%SIGNER%: Microsoft Corporation] [%PARENTPROCESS%: C:\Windows\explorer.exe] [%PARENTSIGNER%: Microsoft Windows]
    [%PROCESS%: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe] [%PROCESSCMDLINE%: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"*] [%SIGNER%: Microsoft Corporation] [%PARENTPROCESS%: C:\Windows\explorer.exe] [%PARENTSIGNER%: Microsoft Windows]
    Yes, I tried wo command line = No joy
    Code:
    [%PROCESS%: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe] [%SIGNER%: Microsoft Corporation] [%PARENTPROCESS%: C:\Windows\explorer.exe] [%PARENTSIGNER%: Microsoft Windows]
    png_8399.png
     
    Last edited: Dec 23, 2020
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,400
    Location:
    U.S.A.
    Didn't work for me. Below is the log entry:
    Note: Mark-of-the-Web ADS had been manually removed from this file.
     
    Last edited: Dec 23, 2020
  24. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,134
    Location:
    Italy
    @bjm_

    What are you trying to exclude exactly? The rule was made to entirely block Edge execution.

    This rule you used should work to allow msedge.exe execution:

    Code:
    [%PROCESS%: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe] [%SIGNER%: Microsoft Corporation] [%PARENTPROCESS%: C:\Windows\explorer.exe] [%PARENTSIGNER%: Microsoft Windows]
    But there may be other blocked events in the .log file that may need to be excluded too.

    @itman

    On newer OSA versions we improved detection of fake system proceses and in that case iexplore.exe is considered suspicious and is blocked first.

    Try to rename it to opera.exe (a third-party and non-system web browser) and it should work:

    example.png
     
    Last edited: Dec 24, 2020
  25. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,068
    Location:
    .
    Yes, "the rule was made to entirely block Edge execution".
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    I'm trying to Exclude Edgium via Manage Exclusions from internal OSA rules that block Edgium execution.
    Well, if the rule I've used should work to allow msedge.exe execution....then?
    Hmm....other "blocked events in the log that may need to be executed, too"?
    Okay....something for me to play with.
    My OSA trial has been to check all boxes and open holes as required....to see whats what....to experience OSA, to observe OSA, to learn how to build workable rules. Just me.
    "Add to Exclusions" seems to work (for me) for other OSA blocked events ....other than Edgium?
    ~ my steps:
    Delete all Logs files > OSA Passive Logging > restart machine > at desktop - call Edgium shortcut.
    Yes, I see the Command-Line string changes at Edgium execution.
    Yes, I see the need to use wildcard * for characters that changes, or the need to not use Command-Line in exclusion rule.
    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:18:41 AM
    Process: [1652]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16032 --gpu-sub-system-id=147656744 --gpu-revision=0 --gpu-driver-version=26.20.100.7463 --start-stack-profiler --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=6652 /prefetch:2
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:18:10 AM
    Process: [8472]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6272 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:18:07 AM
    Process: [3620]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --start-stack-profiler --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:50 AM
    Process: [7536]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5460 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:49 AM
    Process: [9428]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:42 AM
    Process: [3104]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:42 AM
    Process: [5340]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:42 AM
    Process: [7736]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:41 AM
    Process: [10776]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:41 AM
    Process: [1340]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:41 AM
    Process: [9464]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:41 AM
    Process: [9516]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=2108 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:41 AM
    Process: [7864]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,495671618167586793,10331591563918506499,131072 --enable-features=DnsOverHttps --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1868 /prefetch:2
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:16:41 AM
    Process: [10576]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [10564]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\bjm\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\bjm\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\bjm\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=87.0.4280.88 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=87.0.664.66 --initial-client-data=0xec,0xf0,0xf4,0xc8,0xf8,0x7fff46cb9508,0x7fff46cb9518,0x7fff46cb9528
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:14:22 AM
    Process: [11080]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16032 --gpu-sub-system-id=147656744 --gpu-revision=0 --gpu-driver-version=26.20.100.7463 --start-stack-profiler --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=6300 /prefetch:2
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:13:47 AM
    Process: [916]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:43 AM
    Process: [3044]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:32 AM
    Process: [10692]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:27 AM
    Process: [11160]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:26 AM
    Process: [11004]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5252 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:23 AM
    Process: [8400]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:23 AM
    Process: [9908]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:23 AM
    Process: [9872]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:23 AM
    Process: [8360]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:23 AM
    Process: [5004]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:23 AM
    Process: [1772]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:22 AM
    Process: [1996]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1888 /prefetch:2
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Low
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:22 AM
    Process: [7956]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,11319643417661451363,16455325098346755901,131072 --enable-features=DnsOverHttps --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=2040 /prefetch:8
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:22 AM
    Process: [4916]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\bjm\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\bjm\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\bjm\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=87.0.4280.88 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=87.0.664.66 --initial-client-data=0xec,0xf0,0xf4,0xc8,0xf8,0x7fff43909508,0x7fff43909518,0x7fff43909528
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: False
    Integrity Level: Medium
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:22 AM
    Process: [6676]C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Process MD5 Hash: E4D08C06AC3C542A62F03E2DBAB33F05
    Parent: [8828]C:\Windows\explorer.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Windows
    User/Domain: bjm/DESKTOP-DELL
    System File: False
    Parent System File: True
    Integrity Level: Medium
    Parent Integrity Level: Medium


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:12 AM
    Process: [8464]C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Process MD5 Hash: 7DF126F33228BBA87B6B9985F7BA0307
    Parent: [8584]C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: SYSTEM/NT AUTHORITY
    System File: False
    Parent System File: False
    Integrity Level: System
    Parent Integrity Level: System


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:12 AM
    Process: [8584]C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Process MD5 Hash: 7DF126F33228BBA87B6B9985F7BA0307
    Parent: [3276]C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Corporation
    User/Domain: SYSTEM/NT AUTHORITY
    System File: False
    Parent System File: False
    Integrity Level: System
    Parent Integrity Level: System


    ++== Passive Logging ==++

    Date/Time: 12/24/2020 11:12:12 AM
    Process: [3276]C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    Process MD5 Hash: 7DF126F33228BBA87B6B9985F7BA0307
    Parent: [1048]C:\Windows\System32\services.exe
    Rule: BlockMsEdgeExecution
    Rule Name: Block execution of Microsoft Edge
    Command Line: "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
    Signer: Microsoft Corporation
    Parent Signer: Microsoft Windows Publisher
    User/Domain: SYSTEM/NT AUTHORITY
    System File: False
    Parent System File: True
    Integrity Level: System
    Parent Integrity Level: System
    I'll play more. Thanks
    Edit:
    ~ below Exclusion rules sans Command-Line do not allow Edgium execution, for me.
    Code:
    [%PROCESS%: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe] [%SIGNER%: Microsoft Corporation] [%PARENTPROCESS%: C:\Windows\explorer.exe] [%PARENTSIGNER%: Microsoft Windows]
    [%PROCESS%: C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe] [%SIGNER%: Microsoft Corporation] [%PARENTPROCESS%: C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe] [%PARENTSIGNER%: Microsoft Corporation]
    Code:
    [%PROCESS%: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe] [%SIGNER%: Microsoft Corporation] [%PARENTPROCESS%: C:\Windows\explorer.exe]
    [%PROCESS%: C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe] [%SIGNER%: Microsoft Corporation] [%PARENTPROCESS%: C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe]
    
    ~ below Exclusion rules sans Command-Line allow Edgium execution, for me.
    Code:
    [%PROCESS%: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe] [%SIGNER%: Microsoft Corporation]
    [%PROCESS%: C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe] [%SIGNER%: Microsoft Corporation]
    
     
    Last edited: Dec 25, 2020
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.