Clickx 23

home *** CD-ROM | disk | FTP | other *** search

/ Clickx 23 / Clickx 23.iso / DATA / zlsSetup_60_667_000.exe / OSFWRULES_SWITCH.XML < prev next >

Wrap

Extensible Markup Language | 2005-08-29 | 191.2 KB | 1,916 lines

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>  <ZoneLabsSettings version="1.0"> <ruleset start="afterstartup" name="runningruleset" stop="onshutdown"> <applications> <default appsec="AskSD"/> <osfirewall>  <severity name="normal" rating="low" > <messages type="osfwSeverityDescription" value="normal behavior" locale="en-US" /> <messages type="osfwSeverityDescription" value="normale Verhaltensweisen" locale="de-DE" /> <messages type="osfwSeverityDescription" value="comportement normal" locale="fr-FR" /> <messages type="osfwSeverityDescription" value="µ¡úσ╕╕πü¬σïòΣ╜£" locale="jp-JA" /> <messages type="osfwSeverityDescription" value="actividad normal" locale="es-ES" /> <messages type="osfwSeverityDescription" value="comportamento normale" locale="it-IT" /> </severity> <severity name="suspicious" rating="medium" > <messages type="osfwSeverityDescription" value="suspicious behavior" locale="en-US" /> <messages type="osfwSeverityDescription" value="verd├ñchtige Verhaltensweisen" locale="de-DE" /> <messages type="osfwSeverityDescription" value="comportement normal" locale="fr-FR" /> <messages type="osfwSeverityDescription" value="τûæπéÅπüùπüäσïòΣ╜£" locale="jp-JA" /> <messages type="osfwSeverityDescription" value="actividad sospechosa" locale="es-ES" /> <messages type="osfwSeverityDescription" value="comportamento sospetto" locale="it-IT" /> <promotion from="AskSDenyD" to="AllowSDenyD" /> <promotion from="AskSD" to="AllowSAskD" /> <demotion from="AskSDenyD" to="DenySD" /> <demotion from="AskSD" to="DenySD" /> </severity> <severity name="dangerous" rating="high" > <messages type="osfwSeverityDescription" value="dangerous behavior" locale="en-US" /> <messages type="osfwSeverityDescription" value="gef├ñhrliche Verhaltensweisen" locale="de-DE" /> <messages type="osfwSeverityDescription" value="comportement dangereux" locale="fr-FR" /> <messages type="osfwSeverityDescription" value="σì▒ΘÖ║πü¬σïòΣ╜£" locale="jp-JA" /> <messages type="osfwSeverityDescription" value="actividad peligrosa" locale="es-ES" /> <messages type="osfwSeverityDescription" value="comportamento pericoloso" locale="it-IT" /> <promotion from="AskSD" to="AllowSD" /> <promotion from="AllowSAskD" to="AllowSD" /> <demotion from="AskSD" to="AskSDenyD" /> <demotion from="AllowSAskD" to="AllowSDenyD" /> </severity> <severity name="malicious" rating="high" > <messages type="osfwSeverityDescription" value="malicious behavior" locale="en-US" /> <messages type="osfwSeverityDescription" value="b├╢sartige Verhaltensweisen" locale="de-DE" /> <messages type="osfwSeverityDescription" value="comportement malveillant" locale="fr-FR" /> <messages type="osfwSeverityDescription" value="σì▒ΘÖ║πü¬σïòΣ╜£" locale="jp-JA" /> <messages type="osfwSeverityDescription" value="actividad maligna" locale="es-ES" /> <messages type="osfwSeverityDescription" value="comportamento dannoso" locale="it-IT" /> </severity>   <customevent id="1001" severityref="malicious" > <messages type="osfwPresentText" value="Warning! %process_name% is a malicious program and is trying to run on your computer" locale="en-US" /> <messages type="osfwPastText" value="%process_name% is a malicious program and was trying to run on your computer" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% is a malicious program and was prevented from running on your computer" locale="en-US" /> <messages type="osfwPresentText" value="Warnung! %process_name% ist ein b├╢sartiges Programm, das versucht, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% ist ein b├╢sartiges Programm, das versucht hat, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% ist ein b├╢sartiges Programm, das daran gehindert wurde, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" /> <messages type="osfwPresentText" value="Avertissement ! %process_name% est un programme malveillant qui tente de s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% est un programme malveillant et a tent├⌐ de s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% est un programme malveillant et n'a pas r├⌐ussi ├á s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" /> <messages type="osfwPresentText" value="Φ¡ªσæè ! %process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπüîπé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºσ«ƒΦíîπéÆΦ⌐ªπü┐πüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπüîπé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºσ«ƒΦíîπéÆΦ⌐ªπü┐πüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπü«πé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºπü«σ«ƒΦíîπüîΘÿ▓µ¡óπüòπéîπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="Advertencia: %process_name% es un programa maligno y est├í intentando ejecutarse en el equipo" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% es un programa maligno y ha intentando ejecutarse en el equipo" locale="es-ES" /> <messages type="osfwBlockedText" value="%process_name% es un programa maligno y se ha impedido su ejecuci├│n en el equipo" locale="es-ES" /> <messages type="osfwPresentText" value="Avviso! %process_name% ├¿ un programma dannoso e sta cercando di essere eseguito sul computer" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ├¿ un programma dannoso e ha cercato di essere eseguito sul computer" locale="it-IT" /> <messages type="osfwBlockedText" value="%process_name% ├¿ un programma dannoso ed ├¿ stata impedita la sua esecuzione sul computer" locale="it-IT" /> </customevent>  <customevent id="2001" severityref="malicious" > <messages type="osfwPresentText" value="Warning! %process_name% is a malicious program and is trying to run on your computer" locale="en-US" /> <messages type="osfwPastText" value="%process_name% is a malicious program and was trying to run on your computer" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% is a malicious program and was prevented from running on your computer" locale="en-US" /> <messages type="osfwPresentText" value="Warnung! %process_name% ist ein b├╢sartiges Programm, das versucht, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% ist ein b├╢sartiges Programm, das versucht hat, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% ist ein b├╢sartiges Programm, das daran gehindert wurde, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" /> <messages type="osfwPresentText" value="Avertissement ! %process_name% est un programme malveillant qui tente de s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% est un programme malveillant et a tent├⌐ de s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% est un programme malveillant et n'a pas r├⌐ussi ├á s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" /> <messages type="osfwPresentText" value="Φ¡ªσæè ! %process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπüîπé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºσ«ƒΦíîπéÆΦ⌐ªπü┐πüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπüîπé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºσ«ƒΦíîπéÆΦ⌐ªπü┐πüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπü«πé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºπü«σ«ƒΦíîπüîΘÿ▓µ¡óπüòπéîπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="Advertencia: %process_name% es un programa maligno y est├í intentando ejecutarse en el equipo" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% es un programa maligno y ha intentando ejecutarse en el equipo" locale="es-ES" /> <messages type="osfwBlockedText" value="%process_name% es un programa maligno y se ha impedido su ejecuci├│n en el equipo" locale="es-ES" /> <messages type="osfwPresentText" value="Avviso! %process_name% ├¿ un programma dannoso e sta cercando di essere eseguito sul computer" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ├¿ un programma dannoso e ha cercato di essere eseguito sul computer" locale="it-IT" /> <messages type="osfwBlockedText" value="%process_name% ├¿ un programma dannoso ed ├¿ stata impedita la sua esecuzione sul computer" locale="it-IT" /> </customevent> <customevent id="2002" severityref="malicious" > <messages type="osfwPresentText" value="%process_name% is trying to change the behavior of %product_name% by modifying the file: %file%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to change the behavior of %product_name% by modifying the file: %file%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from changing the behavior of %product_name% by modifying the file: %file%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, die Verhaltensweise von %product_name% durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, die Verhaltensweise von %product_name% durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Verhaltensweise von %product_name% durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de modifier le comportement de %product_name% en modifiant le fichier suivant : %file%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier le comportement de %product_name% en modifiant le fichier suivant : %file%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier le comportement de %product_name% en modifiant le fichier suivant : %file%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéÆµ¢╕πüìµ¢┐πüêπüª %product_name% πü«σïòΣ╜£πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ:%file%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéÆµ¢╕πüìµ¢┐πüêπüª %product_name% πü«σïòΣ╜£πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ:%file%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéÆµ¢╕πüìµ¢┐πüêπüª %product_name% πü«σïòΣ╜£πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ:%file%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar el comportamiento de %product_name% mediante la modificaci├│n del archivo: %file%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado cambiar el comportamiento de %product_name% mediante la modificaci├│n del archivo: %file%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie el comportamiento de %product_name% mediante la modificaci├│n del archivo: %file%" locale="es-ES"/> <messages type="osfwPresentText" value="%process_name% sta cercando di cambiare il comportamento di %product_name% modificando il file seguente: %file%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di cambiare il comportamento di %product_name% modificando il file seguente: %file%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di cambiare il comportamento di %product_name% modificando il file seguente: %file%" locale="it-IT" /> </customevent> <customevent id="2003" severityref="malicious" > <messages type="osfwPresentText" value="%process_name% is trying to change the settings of %product_name% by modifying the registry key: %registry_key%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to change the settings of %product_name% by modifying the registry key: %registry_key%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from changing the settings of %product_name% by modifying the registry key: %registry_key%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, die Einstellungen von %product_name% durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, die Einstellungen von %product_name% durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Einstellungen von %product_name% durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de modifier les param├¿tres de %product_name% en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier les param├¿tres de %product_name% en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier les param├¿tres de %product_name% en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬ πé¡πâ╝πéÆµ¢╕πüìµ¢┐πüêπüª %product_name% πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %registry_key%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬ πé¡πâ╝πéÆµ¢╕πüìµ¢┐πüêπüª %product_name% πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %registry_key%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬ πé¡πâ╝πéÆµ¢╕πüìµ¢┐πüêπüª %product_name% πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %registry_key%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n de %product_name% mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado cambiar la configuraci├│n de %product_name% mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n de %product_name% mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di cambiare le impostazioni di %product_name% modificando la chiave di registro seguente: %registry_key%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di cambiare le impostazioni di %product_name% modificando la chiave di registro seguente: %registry_key%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di cambiare le impostazioni di %product_name% modificando la chiave di registro seguente: %registry_key%" locale="it-IT" /> </customevent>  <customevent id="3001" severityref="dangerous" > <messages type="osfwPresentText" value="%process_name% is trying to change your network settings by modifying the file: %file%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to change your network settings by modifying the file: %file%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from changing your network settings by modifying the file: %file%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, Ihre Netzwerkeinstellungen durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, Ihre Netzwerkeinstellungen durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Ihre Netzwerkeinstellungen durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE"/> <messages type="osfwPresentText" value="%process_name% tente de modifier vos param├¿tres r├⌐seau en modifiant le fichier suivant : %file%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier vos param├¿tres r├⌐seau en modifiant le fichier suivant : %file%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier vos param├¿tres r├⌐seau en modifiant le fichier suivant : %file%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéÆµ¢╕πüìµ¢┐πüêπüªπâìπââπâêπâ»πâ╝πé»Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ:%file%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéÆµ¢╕πüìµ¢┐πüêπüªπâìπââπâêπâ»πâ╝πé»Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ:%file%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéÆµ¢╕πüìµ¢┐πüêπüªπâìπââπâêπâ»πâ╝πé»Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ:%file%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n de red mediante la modificaci├│n del archivo: %file%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado cambiar la configuraci├│n de red mediante la modificaci├│n del archivo: %file%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n de red mediante la modificaci├│n del archivo: %file%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di cambiare le impostazioni di rete modificando il file seguente: %file%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di cambiare le impostazioni di rete modificando il file seguente: %file%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di cambiare le impostazioni di rete modificando il file seguente: %file%" locale="it-IT" /> </customevent> <customevent id="3002" severityref="dangerous" > <messages type="osfwPresentText" value="%process_name% is trying to change Windows by modifying the file: %file%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to change the configuration of Windows by modifying the file: %file%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from changing the configuration of Windows by modifying the file: %file%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, Windows durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, die Konfiguration von Windows durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Konfiguration von Windows durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de modifier Windows en modifiant le fichier suivant : %file%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier Windows en modifiant le fichier suivant : %file%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier Windows en modifiant le fichier suivant : %file%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéÆµ¢╕πüìµ¢┐πüêπüª Windows πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ:%file%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéÆµ¢╕πüìµ¢┐πüêπüª Windows πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ:%file%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéÆµ¢╕πüìµ¢┐πüêπüª Windows πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ:%file%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n de Windows mediante la modificaci├│n del archivo: %file%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado cambiar la configuraci├│n de Windows mediante la modificaci├│n del archivo: %file%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n de Windows mediante la modificaci├│n del archivo: %file%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di cambiare Windows modificando il file seguente: %file%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di cambiare la configurazione di Windows %product_name% modificando il file seguente: %file%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% cambiare la configurazione di Windows %product_name% modificando il file seguente: %file%" locale="it-IT" /> </customevent> <customevent id="3003" severityref="dangerous" > <messages type="osfwPresentText" value="%process_name% is trying to reconfigure software by modifying the registry key: %registry_key%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to reconfigure software by modifying the registry key: %registry_key%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from reconfiguring software by modifying the registry key: %registry_key%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, Software durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, Software durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Software durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de modifier reconfigurer des logiciels en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier reconfigurer des logiciels en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á reconfigurer des logiciels en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬ πé¡πâ╝πéÆµ¢╕πüìµ¢┐πüêπüªπé╜πâòπâêπéªπéºπéóπéÆσåìΦ¿¡σ«Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %registry_key%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬ πé¡πâ╝πéÆµ¢╕πüìµ¢┐πüêπüªπé╜πâòπâêπéªπéºπéóπéÆσåìΦ¿¡σ«Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %registry_key%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬ πé¡πâ╝πéÆµ¢╕πüìµ¢┐πüêπüªπé╜πâòπâêπéªπéºπéóπéÆσåìΦ¿¡σ«Üπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %registry_key%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando volver a configurar el software mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado volver a configurar el software mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% vuelva a configurar el software mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di riconfigurare il software modificando la chiave di registro seguente: %registry_key%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di riconfigurare il software modificando la chiave di registro seguente: %registry_key%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di riconfigurare il software modificando la chiave di registro seguente: %registry_key%" locale="it-IT" /> </customevent> <customevent id="3004" severityref="dangerous" > <messages type="osfwPresentText" value="%process_name% is trying to read and modify physical memory" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to read and modify physical memory" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from reading and modifying physical memory" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, den physischen Speicher zu lesen und zu ├ñndern." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% versucht, den physischen Speicher zu lesen und zu ├ñndern." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% hat versucht, den physischen Speicher zu lesen und zu ├ñndern." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de lire et de modifier la m├⌐moire physique" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de lire et de modifier la m├⌐moire physique" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á lire et ├á modifier la m├⌐moire physique" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîτë⌐τÉåπâíπâóπâ¬πéÆΦ¬¡πü┐σÅûπüúπüªσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîτë⌐τÉåπâíπâóπâ¬πéÆΦ¬¡πü┐σÅûπüúπüªσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîτë⌐τÉåπâíπâóπâ¬πéÆΦ¬¡πü┐σÅûπüúπüªσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando leer y modificar la memoria f├¡sica" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado leer y modificar la memoria f├¡sica" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% lea y modifique la memoria f├¡sica" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di leggere e modificare la memoria fisica" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di leggere e modificare la memoria fisica" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di leggere e modificare la memoria fisica" locale="it-IT" /> </customevent> <customevent id="3005" severityref="dangerous" > <messages type="osfwPresentText" value="%process_name% is trying to monitor your mouse movements and keyboard strokes" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to monitor your mouse movements and keyboard strokes" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from was prevented from monitoring your mouse and keyboard strokes" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, Ihre Mausbewegungen und Tastatureingaben zu ├╝berwachen." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, Ihre Mausbewegungen und Tastatureingaben zu ├╝berwachen." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Ihre Mausbewegungen und Tastatureingaben zu ├╝berwachen." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de surveiller votre souris et votre clavier" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de surveiller votre souris et votre clavier" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á surveiller votre souris et votre clavier" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîπâ₧πéªπé╣πü«σïòΣ╜£πü¿πé¡πâ╝πâ£πâ╝πâëπü«σàÑσè¢πéÆπâóπâïπé┐πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîπâ₧πéªπé╣πü«σïòΣ╜£πü¿πé¡πâ╝πâ£πâ╝πâëπü«σàÑσè¢πéÆπâóπâïπé┐πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîπâ₧πéªπé╣πü«σïòΣ╜£πü¿πé¡πâ╝πâ£πâ╝πâëπü«σàÑσè¢πéÆπâóπâïπé┐πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando controlar las pulsaciones del teclado y la actividad del mouse" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado controlar las pulsaciones del teclado y la actividad del mouse" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% controle las pulsaciones del teclado y la actividad del mouse" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di monitorare i movimenti del mouse e la pressione dei tasti della tastiera" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di monitorare i movimenti del mouse e la pressione dei tasti della tastiera" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di monitorare il mouse e la pressione dei tasti della tastiera" locale="it-IT" /> </customevent> <customevent id="3006" severityref="dangerous" > <messages type="osfwPresentText" value="%process_name% is trying to load the driver: %driver%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to load the driver: %driver%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from loading the driver: %driver%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, den folgenden Treiber zu laden: %driver%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, den folgenden Treiber zu laden: %driver%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, den folgenden Treiber zu laden: %driver%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de charger le pilote : %driver%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de charger le pilote : %driver%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á charger le pilote : %driver%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %driver%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %driver%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %driver%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando cargar el controlador: %driver%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado cargar el controlador: %driver%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cargue el controlador: %driver%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di caricare il driver seguente: %driver%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di caricare il driver seguente: %driver%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di caricare il driver seguente: %driver%" locale="it-IT" /> </customevent>  <customevent id="4001" severityref="suspicious" > <messages type="osfwPresentText" value="%process_name% is trying to set '%registry_value%' to run each time your computer is started" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to set '%registry_value%' to run each time your computer is started" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from setting '%registry_value%' to run each time your computer is started" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% nimmt Einstellungen an '%registry_value%' vor, die bewirken, dass es bei jedem Computerstart ausgef├╝hrt wird." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat Einstellungen an '%registry_value%' vorgenommen, die bewirken, dass es bei jedem Computerstart ausgef├╝hrt wird." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Einstellungen an '%registry_value%' vorzunehmen, die bewirken, dass es bei jedem Computerstart ausgef├╝hrt wird." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de d├⌐finir '%registry_value%' pour ├¬tre ex├⌐cut├⌐ ├á chaque d├⌐marrage de l'ordinateur" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de d├⌐finir '%registry_value%' pour ├¬tre ex├⌐cut├⌐ ├á chaque d├⌐marrage de l'ordinateur" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á d├⌐finir '%registry_value%' pour ├¬tre ex├⌐cut├⌐ ├á chaque d├⌐marrage de l'ordinateur" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîπÇüπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πéÆσ«ƒΦíîπüÖπéïπéêπüåπü½Φ¿¡σ«Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîπÇüπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πéÆσ«ƒΦíîπüÖπéïπéêπüåπü½Φ¿¡σ«Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πéÆσ«ƒΦíîπüÖπéïπéêπüåπü½Φ¿¡σ«ÜπüÖπéïπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando configurar el valor '%registry_value%' para que se ejecute cada vez que se inicie el equipo" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado configurar el valor '%registry_value%' para que se ejecute cada vez que se inicie el equipo" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% configure el valor '%registry_value%' para que se ejecute cada vez que se inicie el equipo" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di impostare '%registry_value%' in modo che venga eseguito all'avvio del computer" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di impostare '%registry_value%' in modo che venga eseguito all'avvio del computer" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di impostare '%registry_value%' in modo che venga eseguito all'avvio del computer" locale="it-IT" /> </customevent> <customevent id="4002" severityref="suspicious" > <messages type="osfwPresentText" value="%process_name% is trying to unload the driver: %driver%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to unload the driver: %driver%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from unloading the driver: %driver%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, den folgenden Treiber zu entladen: %driver%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, den folgenden Treiber zu entladen: %driver%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, den folgenden Treiber zu entladen: %driver%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de d├⌐charger le pilote : %driver%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de d├⌐charger le pilote : %driver%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á d├⌐charger le pilote : %driver%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπéóπâ│πâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %driver%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπéóπâ│πâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %driver%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπéóπâ│πâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %driver%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando descargar el controlador: %driver%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado descargar el controlador: %driver%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% descargue el controlador: %driver%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di scaricare il driver seguente: %driver%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di scaricare il driver seguente: %driver%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di scaricare il driver seguente: %driver%" locale="it-IT" /> </customevent> <customevent id="4003" severityref="suspicious" > <messages type="osfwPresentText" value="%process_name% is trying to connect to the driver: %driver%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to connect to the driver: %driver%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from connecting to the driver: %driver%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, eine Verbindung zu dem folgenden Treiber herzustellen: %driver%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, eine Verbindung zu dem folgenden Treiber herzustellen: %driver%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, eine Verbindung zu dem folgenden Treiber herzustellen: %driver%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de se connecter au pilote : %driver%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de se connecter au pilote : %driver%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á se connecter au pilote : %driver%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπü½µÄÑτ╢Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %driver%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπü½µÄÑτ╢Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %driver%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπü½µÄÑτ╢Üπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %driver%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando conectarse al controlador: %driver%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado conectarse al controlador: %driver%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se conecte al controlador: %driver%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di connettersi al driver seguente: %driver%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di connettersi al driver seguente: %driver%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di connettersi al driver seguente: %driver%" locale="it-IT" /> </customevent> <customevent id="4004" severityref="suspicious" > <messages type="osfwPresentText" value="%process_name% may be trying to prevent '%registry_value%' from running each time your computer is started by modifying the registry key: %registry_key%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% may have been trying to prevent '%registry_value%' from running each time your computer is started by modifying the registry key: %registry_key%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from modifying registry key: %registry_key%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht m├╢glicherweise, '%registry_value%' durch Modifizierung des folgenden Registrierungsschl├╝ssels daran zu hindern, dass es bei jedem Computerstart ausgef├╝hrt wird: %registry_key%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat m├╢glicherweise versucht, '%registry_value%' durch Modifizierung des folgenden Registrierungsschl├╝ssels daran zu hindern, dass es bei jedem Computerstart ausgef├╝hrt: %registry_key%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, den folgenden Registrierungsschl├╝ssel zu ├ñndern: %registry_key%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente d'emp├¬cher '%registry_value%' de s'ex├⌐cuter ├á chaque d├⌐marrage de l'ordinateur en modifiant la cl├⌐ de registre : %registry_key%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ d'emp├¬cher '%registry_value%' de s'ex├⌐cuter ├á chaque d├⌐marrage de l'ordinateur en modifiant la cl├⌐ de registre : %registry_key%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifi├⌐ la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîπÇüπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πüîσ«ƒΦíîπüòπéîπü¬πüäπéêπüåπü½πüÖπéïπüƒπéüπü½πÇüµ¼íπü«πâ¼πé╕πé╣πâêπâ¬ πé¡πâ╝πéÆµ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüªπüäπéïσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖ: %registry_key%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîπÇüπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πüîσ«ƒΦíîπüòπéîπü¬πüäπéêπüåπü½πüÖπéïπüƒπéüπü½πÇüµ¼íπü«πâ¼πé╕πé╣πâêπâ¬ πé¡πâ╝πéÆµ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüªπüäπüƒσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖ: %registry_key%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬ πé¡πâ╝πéÆµ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %registry_key%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando impedir que el valor '%registry_value%' se ejecute cada vez que se inicie el equipo mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado impedir que el valor '%registry_value%' se ejecute cada vez que se inicie el equipo mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% modifique la clave de registro: %registry_key%" locale="es-ES" /> <messages type="osfwPresentText" value="Probabile tentativo da parte di %process_name% di bloccare l'esecuzione di '%registry_value%' all'avvio del computer modificando la chiave di registro seguente: %registry_key%" locale="it-IT" /> <messages type="osfwPastText" value="Probabile tentativo da parte di %process_name% di bloccare l'esecuzione di '%registry_value%' all'avvio del computer modificando la chiave di registro seguente: %registry_key%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare la chiave di registro seguente: %registry_key%" locale="it-IT" /> </customevent> <customevent id="4005" severityref="suspicious" > <messages type="osfwPresentText" value="%process_name% is trying to modify the registry value: %registry_key%\%registry_value%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to modify the registry value: %registry_key%\%registry_value%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from modifying the registry value: %registry_key%\%registry_value%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, den folgenden Registrierungswert zu ├ñndern: %registry_key%\%registry_value%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, den folgenden Registrierungswert zu ├ñndern: %registry_key%\%registry_value%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, den folgenden Registrierungswert zu ├ñndern: %registry_key%\%registry_value%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de modifier la valeur de registre : %registry_key%\%registry_value%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier la valeur de registre : %registry_key%\%registry_value%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifi├⌐ la valeur de registre suivante : %registry_key%\%registry_value%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬σÇñπéÆµ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %registry_key%\%registry_value%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬σÇñπéÆµ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %registry_key%\%registry_value%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬σÇñπéÆµ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %registry_key%\%registry_value%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando modificar el valor de registro: %registry_key%\%registry_value%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado modificar el valor de registro: %registry_key%\%registry_value%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% modifique el valor de registro: %registry_key%\%registry_value%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di modificare il valore di registro seguente: %registry_key%\%registry_value%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di modificare il valore di registro seguente: %registry_key%\%registry_value%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare il valore registro seguente: %registry_key%\%registry_value%" locale="it-IT" /> </customevent> <customevent id="4006" severityref="suspicious" > <messages type="osfwPresentText" value="%process_name% is trying to change your browser search settings" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to change your browser search settings" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from changing your browser search settings" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, die Sucheinstellungen Ihres Browsers zu ├ñndern." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, die Sucheinstellungen Ihres Browsers zu ├ñndern." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Sucheinstellungen Ihres Browsers zu ├ñndern." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de modifier les param├¿tres de recherche de votre navigateur" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier les param├¿tres de recherche de votre navigateur" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier les param├¿tres de recherche de votre navigateur" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«µñ£τ┤óΦ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«µñ£τ┤óΦ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«µñ£τ┤óΦ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n de b├║squeda del navegador" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado cambiar la configuraci├│n de b├║squeda del navegador" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n de b├║squeda del navegador" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di modificare le impostazioni di ricerca del browser" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di modificare le impostazioni di ricerca del browser" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare le impostazioni di ricerca del browser" locale="it-IT" /> </customevent> <customevent id="4007" severityref="suspicious" > <messages type="osfwPresentText" value="%process_name% is trying to change your browser home page" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to change your browser home page" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from changing your browser home page" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, die Startseite Ihres Browsers zu ├ñndern." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, die Startseite Ihres Browsers zu ├ñndern." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Startseite Ihres Browsers zu ├ñndern." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de modifier la page d'accueil de votre navigateur" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier la page d'accueil de votre navigateur" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier la page d'accueil de votre navigateur" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«πâ¢πâ╝πâá πâÜπâ╝πé╕πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«πâ¢πâ╝πâá πâÜπâ╝πé╕πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«πâ¢πâ╝πâá πâÜπâ╝πé╕πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la p├ígina de inicio del navegador" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado cambiar la p├ígina de inicio del navegador" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la p├ígina de inicio del navegador" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di modificare la pagina iniziale del browser" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di modificare la pagina iniziale del browser" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare la pagina iniziale del browser" locale="it-IT" /> </customevent>  <customevent id="5001" severityref="normal" > <messages type="osfwPresentText" value="%process_name% is trying to load the module: %module%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to load the module: %module%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from loading the module: %module%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, das folgende Modul zu laden: %module%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, das folgende Modul zu laden: %module%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, das folgende Modul zu laden: %module%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de charger le module : %module%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de charger le module : %module%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á charger le module : %module%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâóπé╕πâÑπâ╝πâ½πéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ:%module%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâóπé╕πâÑπâ╝πâ½πéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ:%module%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâóπé╕πâÑπâ╝πâ½πéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ:%module%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando cargar el m├│dulo: %module%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado cargar el m├│dulo: %module%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cargue el m├│dulo: %module%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di caricare il modulo seguente: %module%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di caricare il modulo seguente: %module%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di caricare il modulo seguente: %module%" locale="it-IT" /> </customevent>  <customevent id="6001" > <messages type="osfwPresentText" value="%process_name% is trying to communicate with %target_process% by opening its process" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% by opening its process" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from to communicating with %target_process% by opening its process" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, durch ├ûffnen des Prozesses mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, durch ├ûffnen des Prozesses mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, durch ├ûffnen des Prozesses mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de communiquer avec %target_process% en ouvrant son processus" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en ouvrant son processus" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en ouvrant son processus" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüî %target_process% πü«πâùπâ¡πé╗πé╣πéÆπé¬πâ╝πâùπâ│πüùπüªΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüî %target_process% πü«πâùπâ¡πé╗πé╣πéÆπé¬πâ╝πâùπâ│πüùπüªΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüî %target_process% πü«πâùπâ¡πé╗πé╣πéÆπé¬πâ╝πâùπâ│πüùπüªΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando comunicarse con %target_process% abriendo su proceso" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% abriendo su proceso" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% abriendo su proceso" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di comunicare con %target_process% aprendo il suo processo" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% aprendo il suo processo" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% aprendo il suo processo" locale="it-IT" /> </customevent> <customevent id="6002" > <messages type="osfwPresentText" value="%process_name% is trying to communicate with %target_process% by opening a thread" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% by opening a thread" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from communicating with %target_process% by opening a thread" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, durch ├ûffnen eines Threads mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, durch ├ûffnen eines Threads mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, durch ├ûffnen eines Threads mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de communiquer avec %target_process% en ouvrant un thread" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en ouvrant un thread" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en ouvrant un thread" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîπé╣πâ¼πââπâëπéÆπé¬πâ╝πâùπâ│πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîπé╣πâ¼πââπâëπéÆπé¬πâ╝πâùπâ│πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîπé╣πâ¼πââπâëπéÆπé¬πâ╝πâùπâ│πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando comunicarse con %target_process% abriendo un subproceso" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% abriendo un subproceso" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% abriendo un subproceso" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di comunicare con %target_process% aprendo un thread" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% aprendo un thread" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% aprendo un thread" locale="it-IT" /> </customevent> <customevent id="6003" > <messages type="osfwPresentText" value="%process_name% is trying to launch %target_process%, or use another program to gain access to privileged resources" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to launch %target_process%, or use another program to gain access to privileged resources" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from launching %target_process%, or use another program to gain access to privileged resources" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, %target_process% zu laden oder ein anderes Programm zu verwenden, um Zugriff auf berechtigte Ressourcen zu erhalten." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, %target_process% zu laden oder ein anderes Programm zu verwenden, um Zugriff auf berechtigte Ressourcen zu erhalten." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, %target_process% zu laden oder ein anderes Programm zu verwenden, um Zugriff auf berechtigte Ressourcen zu erhalten." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de lancer %target_process% ou d'utiliser un autre programme pour acc├⌐der aux ressources privil├⌐gi├⌐es" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de lancer %target_process% ou d'utiliser un autre programme pour acc├⌐der aux ressources privil├⌐gi├⌐es" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á lancer %target_process% ou utiliser un autre programme pour acc├⌐der aux ressources privil├⌐gi├⌐es" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîπÇüµ¿⌐ΘÖÉπü«σ┐àΦªüπü¬πâ¬πé╜πâ╝πé╣πü½πéóπé»πé╗πé╣πüÖπéïπüƒπéüπü½πÇü%target_process% πéÆΦ╡╖σïòπüùπÇüπü╛πüƒπü»σêÑπü«πâùπâ¡πé░πâ⌐πâáπéÆΣ╜┐τö¿πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîπÇüµ¿⌐ΘÖÉπü«σ┐àΦªüπü¬πâ¬πé╜πâ╝πé╣πü½πéóπé»πé╗πé╣πüÖπéïπüƒπéüπü½πÇü%target_process% πéÆΦ╡╖σïòπüùπÇüπü╛πüƒπü»σêÑπü«πâùπâ¡πé░πâ⌐πâáπéÆΣ╜┐τö¿πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¿⌐ΘÖÉπü«σ┐àΦªüπü¬πâ¬πé╜πâ╝πé╣πü½πéóπé»πé╗πé╣πüÖπéïπüƒπéüπü½ %target_process% πéÆΦ╡╖σïòπüùπÇüπü╛πüƒπü»σêÑπü«πâùπâ¡πé░πâ⌐πâáπéÆΣ╜┐τö¿πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando ejecutar %target_process% o utilizar otro programa para acceder a recursos con privilegios" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado ejecutar %target_process% o utilizar otro programa para acceder a recursos con privilegios" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% ejecute %target_process% o utilice otro programa para acceder a recursos con privilegios" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di avviare %target_process% o di usare un altro programma per ottenere accesso a risorse privilegiate" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di avviare %target_process% o di usare un altro programma per ottenere accesso a risorse privilegiate" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di avviare %target_process% o di usare un altro programma per ottenere accesso a risorse privilegiate" locale="it-IT" /> </customevent> <customevent id="6004" > <messages type="osfwPresentText" value="%process_name% is trying to start" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to start" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from starting" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht zu starten." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht zu starten." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde am Starten gehindert." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de d├⌐marrer" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de d├⌐marrer" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á d├⌐marrer" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πü»Φ╡╖σïòπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πü»Φ╡╖σïòπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πü«Φ╡╖σïòπéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando iniciarse" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado iniciarse" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se inicie" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di effettuare l'avvio" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di effettuare l'avvio" locale="it-IT" /> <messages type="osfwBlockedText" value="Avvio di %process_name% bloccato" locale="it-IT" /> </customevent> <customevent id="6005" > <messages type="osfwPresentText" value="%process_name% is trying to control the keyboard input of the process: %target_process%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to control the keyboard input of the process: %target_process%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from controlling the keyboard input of the process: %target_process%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, die Tastatureingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, die Tastatureingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Tastatureingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de contr├┤ler l'entr├⌐e clavier du processus : %target_process%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de contr├┤ler l'entr├⌐e clavier du processus : %target_process%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á contr├┤ler l'entr├⌐e clavier du processus : %target_process%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πé¡πâ╝πâ£πâ╝πâëσàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %target_process%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πé¡πâ╝πâ£πâ╝πâëσàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %target_process%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πé¡πâ╝πâ£πâ╝πâëσàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %target_process%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando controlar las entradas del teclado del proceso: %target_process%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado controlar las entradas del teclado del proceso: %target_process%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% controle las entradas del teclado del proceso: %target_process%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di controllare l'input da tastiera per il processo seguente: %target_process%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di controllare l'input da tastiera per il processo seguente: %target_process%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di controllare l'input da tastiera per il processo seguente: %target_process%" locale="it-IT" /> </customevent> <customevent id="6006" > <messages type="osfwPresentText" value="%process_name% is trying to control the mouse input of the process: %target_process%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to control the mouse input of the process: %target_process%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from controlling the mouse input of the process: %target_process%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, die Mauseingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, die Mauseingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Mauseingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de contr├┤ler l'entr├⌐e souris du processus : %target_process%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de contr├┤ler l'entr├⌐e souris du processus : %target_process%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á contr├┤ler l'entr├⌐e souris du processus : %target_process%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πâ₧πéªπé╣σàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %target_process%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πâ₧πéªπé╣σàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %target_process%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πâ₧πéªπé╣σàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %target_process%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando controlar las entradas del mouse del proceso: %target_process%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado controlar las entradas del mouse del proceso: %target_process%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% controle las entradas del mouse del proceso: %target_process%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di controllare l'input tramite mouse per il processo seguente: %target_process%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di controllare l'input tramite mouse per il processo seguente: %target_process%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di controllare l'input tramite mouse per il processo seguente: %target_process%" locale="it-IT" /> </customevent> <customevent id="6007" > <messages type="osfwPresentText" value="%process_name% is trying to communicate with %target_process% by using DDE" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% by using DDE" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from communicating with %target_process% by using DDE" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, durch Verwenden von DDE mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, durch Verwenden von DDE mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, durch Verwenden von DDE mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de communiquer avec %target_process% en utilisant DDE" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en utilisant DDE" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en utilisant DDE" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüî DDE πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüî DDE πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüî DDE πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando comunicarse con %target_process% mediante DDE" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% mediante DDE" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% mediante DDE" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di comunicare con %target_process% utilizzando DDE" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% utilizzando DDE" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% utilizzando DDE" locale="it-IT" /> </customevent> <customevent id="6008" > <messages type="osfwPresentText" value="%process_name% is trying to communicate with %target_process% using a programming technique called a callback" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% using a programming technique called a callback" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from to communicating with %target_process% using a programming technique called a callback" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, durch die als Callback (R├╝ckruf) bezeichnete Programmierungsmethode mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, durch die als Callback (R├╝ckruf) bezeichnete Programmierungsmethode mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, durch die als Callback (R├╝ckruf) bezeichnete Programmierungsmethode mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de communiquer avec %target_process% en utilisant une technique de programmation appel├⌐e le rappel" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en utilisant une technique de programmation appel├⌐e le rappel" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en utilisant une technique de programmation appel├⌐e le rappel" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîπé│πâ╝πâ½πâÉπââπé»πü¿πüäπüåπâùπâ¡πé░πâ⌐πâƒπâ│πé░µèÇΦíôπéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîπé│πâ╝πâ½πâÉπââπé»πü¿πüäπüåπâùπâ¡πé░πâ⌐πâƒπâ│πé░µèÇΦíôπéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîπé│πâ╝πâ½πâÉπââπé»πü¿πüäπüåπâùπâ¡πé░πâ⌐πâƒπâ│πé░µèÇΦíôπéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando comunicarse con %target_process% mediante una t├⌐cnica de programaci├│n denominada respuesta de llamada" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% mediante una t├⌐cnica de programaci├│n denominada respuesta de llamada" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% mediante una t├⌐cnica de programaci├│n denominada respuesta de llamada" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di comunicare con %target_process% utilizzando una tecnica di programmazione denominata callback" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% utilizzando una tecnica di programmazione denominata callback" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% utilizzando una tecnica di programmazione denominata callback" locale="it-IT" /> </customevent> <customevent id="6009" > <messages type="osfwPresentText" value="%process_name% is trying to inject code into: %target_process%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to inject code into: %target_process%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from injecting code into: %target_process%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, Code einzubringen in: %target_process%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, Code einzubringen in: %target_process%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Code einzubringen in: %target_process%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente d'ins├⌐rer un code dans : %target_process%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ d'ins├⌐rer un code dans : %target_process%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á ins├⌐rer un code dans : %target_process%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü½πé│πâ╝πâëπéÆµî┐σàÑπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %target_process%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü½πé│πâ╝πâëπéÆµî┐σàÑπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %target_process%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü½πé│πâ╝πâëπéÆµî┐σàÑπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %target_process%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando insertar c├│ndigo en: %target_process%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado insertar c├│ndigo en: %target_process%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% inserte c├│ndigo en: %target_process%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di inserire del codice in: %target_process%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di inserire del codice in: %target_process%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di inserire del codice in: %target_process%" locale="it-IT" /> </customevent> <customevent id="6010" > <messages type="osfwPresentText" value="%process_name% is trying to terminate: %target_process%" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to terminate: %target_process%" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from terminating: %target_process%" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, Folgendes zu beenden: %target_process%" locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, Folgendes zu beenden: %target_process%" locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Folgendes zu beenden: %target_process%" locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de terminer : %target_process%" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de terminer : %target_process%" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á terminer : %target_process%" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πéÆτ╡éΣ║åπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %target_process%" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πéÆτ╡éΣ║åπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %target_process%" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πéÆτ╡éΣ║åπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %target_process%" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando terminar: %target_process%" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado terminar: %target_process%" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% termine: %target_process%" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di terminare: %target_process%" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di terminare: %target_process%" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di terminare: %target_process%" locale="it-IT" /> </customevent> <customevent id="6011" > <messages type="osfwPresentText" value="%process_name% is trying to communicate with %target_process% using Windows messages" locale="en-US" /> <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% using Windows messages" locale="en-US" /> <messages type="osfwBlockedText" value="%process_name% was prevented from communicating with %target_process% using Windows messages" locale="en-US" /> <messages type="osfwPresentText" value="%process_name% versucht, mit Hilfe von Windows-Meldungen mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPastText" value="%process_name% hat versucht, mit Hilfe von Windows-Meldungen mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, mit Hilfe von Windows-Meldungen mit %target_process% zu kommunizieren." locale="de-DE" /> <messages type="osfwPresentText" value="%process_name% tente de communiquer avec %target_process% en utilisant les messages Windows" locale="fr-FR" /> <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en utilisant les messages Windows" locale="fr-FR" /> <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en utilisant les messages Windows" locale="fr-FR" /> <messages type="osfwPresentText" value="%process_name% πüî Windows πâíπââπé╗πâ╝πé╕πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" /> <messages type="osfwPastText" value="%process_name% πüî Windows πâíπââπé╗πâ╝πé╕πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwBlockedText" value="%process_name% πüî Windows πâíπââπé╗πâ╝πé╕πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" /> <messages type="osfwPresentText" value="%process_name% est├í intentando comunicarse con %target_process% mediante mensajes de Windows" locale="es-ES" /> <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% mediante mensajes de Windows" locale="es-ES" /> <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% mediante mensajes de Windows" locale="es-ES" /> <messages type="osfwPresentText" value="%process_name% sta cercando di comunicare con %target_process% utilizzando messaggi di Windows" locale="it-IT" /> <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% utilizzando messaggi di Windows" locale="it-IT" /> <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% utilizzando messaggi di Windows" locale="it-IT" /> </customevent>    <rulegroup name="rg-malwr-ask" customtext="2001" ask="true" />  <rulegroup name="rg-memmp-ask" customtext="3004" ask="true" /> <rulegroup name="rg-glbhook-ask" customtext="3005" ask="true" /> <rulegroup name="rg-drvld-ask" customtext="3006" ask="true" />  <rulegroup name="rg-drvud-ask" customtext="4002" ask="true" /> <rulegroup name="rg-drvct-ask" customtext="4003" ask="true" />  <rulegroup name="rg-modld-ok" customtext="5001" allow="true" notify="true" />  <rulegroup name="rg-openp-ask" customtext="6001" ask="true" /> <rulegroup name="rg-opent-ask" customtext="6002" ask="true" /> <rulegroup name="rg-spawn-ask" customtext="6003" ask="true" /> <rulegroup name="rg-start-ask" customtext="6004" ask="true" /> <rulegroup name="rg-keybd-ask" customtext="6005" ask="true" /> <rulegroup name="rg-mouse-ask" customtext="6006" ask="true" /> <rulegroup name="rg-ddein-ask" customtext="6007" ask="true" /> <rulegroup name="rg-callb-ask" customtext="6008" ask="true" /> <rulegroup name="rg-whook-ask" customtext="6009" ask="true" /> <rulegroup name="rg-termp-ask" customtext="6010" ask="true" /> <rulegroup name="rg-msg-ask" customtext="6011" ask="true" />   <rulegroup name="rg-malwr-blk" customtext="2001" allow="false" notify="true" />  <rulegroup name="rg-memmp-blk" customtext="3004" allow="false" notify="true" /> <rulegroup name="rg-glbhook-blk" customtext="3005" allow="false" notify="true" />  <rulegroup name="rg-drvld-blk" customtext="3006" allow="false" notify="true" /> <rulegroup name="rg-drvud-blk" customtext="4002" allow="false" notify="true" /> <rulegroup name="rg-drvct-blk" customtext="4003" allow="false" notify="true" /> <rulegroup name="rg-regall-blk" customtext="4005" allow="false" notify="true" />  <rulegroup name="rg-openp-blk" customtext="6001" allow="false" notify="true" /> <rulegroup name="rg-opent-blk" customtext="6002" allow="false" notify="true" /> <rulegroup name="rg-spawn-blk" customtext="6003" allow="false" notify="true" /> <rulegroup name="rg-start-blk" customtext="6004" allow="false" notify="true" /> <rulegroup name="rg-keybd-blk" customtext="6005" allow="false" notify="true" /> <rulegroup name="rg-mouse-blk" customtext="6006" allow="false" notify="true" /> <rulegroup name="rg-ddein-blk" customtext="6007" allow="false" notify="true" /> <rulegroup name="rg-callb-blk" customtext="6008" allow="false" notify="true" /> <rulegroup name="rg-whook-blk" customtext="6009" allow="false" notify="true" /> <rulegroup name="rg-termp-blk" customtext="6010" allow="false" notify="true" /> <rulegroup name="rg-msg-blk" customtext="6011" allow="false" notify="true" />  <rulegroup name="protourfiles"> <ruleentry event="file" match="any" allow="false" notify="true" customtext="2002"> <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\Internet Logs\BACKUP.RDB" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\Internet Logs\IAMDB.RDB" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\Internet Logs\ZALog.txt" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\camupd.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\dbghelp.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\osfwrules.xml" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\plugins" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\qrbase.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\qrsrecl.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\safePrograms.xml" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\scheduler.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\spyware.dat" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\srescan.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\ssleay32.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsavpro.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsdb.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsmon.exe" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsruledb.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\vsvault.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\ZLCommDB.xml" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlparser.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlquarantine.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlsre.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlasdbup.dat" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlsrepluginsupd.zip" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlsreupd.zip" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlqrtdb.dat" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\zlasdbup.dat" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsconfig.xml" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsdata.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsdatant.sys" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsinit.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsmonapi.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vspubapi.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsregexp.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsutil.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsxml.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\zlcomm.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\zlcommdb.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\alert.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\email.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\expert.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\filter.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\firewall.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\framewrk.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\idlock.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\imf_editor.exe" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\imsecure.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\multiscan.exe" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\privacy.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\programs.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\scan.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\scan.zmx" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\security.zap" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zatutor.exe" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zauninst.exe" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zlavscan.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zonealarm.exe" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\zlclient.exe" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsdb.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsinit.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsmon.exe" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsruledb.dll" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair\vsutil.dll" /> </ruleentry> </rulegroup> <rulegroup name="protourreg"> <ruleentry event="registry" match="any" allow="false" notify="true" customtext="3"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\MiniLog" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector\LocalStoreDir" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector\LogStoreDir" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ADE" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ADP" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ASX" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.BAS" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.BAT" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CHM" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CMD" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.COM" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CPL" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CRT" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.DBX" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.EXE" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.HLP" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.HTA" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.INF" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.INS" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ISP" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.JS" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.JSE" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.LNK" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDA" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDB" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDE" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDZ" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MHT" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MSC" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MSI" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MSP" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MST" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.NCH" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.PCD" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.PIF" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.PRF" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.REG" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SCF" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SCR" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SCT" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SHB" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SHS" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.URL" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.VB" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.VBE" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.VBS" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WMS" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WSC" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WSF" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WSH" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ZIP" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\Registration" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\enum" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\parameters" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\security" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsmon" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsmon\enum" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsmon\security" /> </ruleentry> </rulegroup> <rulegroup name="protourreg1"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="3"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm" /> <itementry param="value" operator="equalnocase" type="ansi" value="InstallDirectory" /> </ruleentry> </rulegroup> <rulegroup name="protourreg2"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="3"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm" /> <itementry param="value" operator="equalnocase" type="ansi" value="IntegrityMode" /> </ruleentry> </rulegroup>   <rulegroup name="blk-ie-search1"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" /> </ruleentry> </rulegroup> <rulegroup name="blk-ie-search2"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" /> </ruleentry> </rulegroup> <rulegroup name="blk-ie-search3"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" /> </ruleentry> </rulegroup> <rulegroup name="blk-ie-search4"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" /> </ruleentry> </rulegroup> <rulegroup name="blk-ie-search5"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" /> </ruleentry> </rulegroup> <rulegroup name="blk-ie-search6"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" /> </ruleentry> </rulegroup> <rulegroup name="blk-ie-search7"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer" /> <itementry param="value" operator="equalnocase" type="ansi" value="SearchUrl" /> </ruleentry> </rulegroup> <rulegroup name="blk-ie-search8"> <ruleentry event="registry" match="any" allow="false" notify="true" customtext="4006">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /> </ruleentry> </rulegroup>  <rulegroup name="blk-ie-home1"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4007">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main" /> <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" /> </ruleentry> </rulegroup> <rulegroup name="blk-ie-home2"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4007">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main" /> <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" /> </ruleentry> </rulegroup>   <rulegroup name="ask-ie-search1"> <ruleentry event="registry" match="all" ask="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" /> </ruleentry> </rulegroup> <rulegroup name="ask-ie-search2"> <ruleentry event="registry" match="all" ask="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" /> </ruleentry> </rulegroup> <rulegroup name="ask-ie-search3"> <ruleentry event="registry" match="all" ask="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" /> </ruleentry> </rulegroup> <rulegroup name="ask-ie-search4"> <ruleentry event="registry" match="all" ask="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" /> </ruleentry> </rulegroup> <rulegroup name="ask-ie-search5"> <ruleentry event="registry" match="all" ask="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" /> </ruleentry> </rulegroup> <rulegroup name="ask-ie-search6"> <ruleentry event="registry" match="all" ask="true" customtext="4006"> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" /> <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" /> </ruleentry> </rulegroup> <rulegroup name="ask-ie-search7"> <ruleentry event="registry" match="all" ask="true" customtext="4006">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer" /> <itementry param="value" operator="equalnocase" type="ansi" value="SearchUrl" /> </ruleentry> </rulegroup> <rulegroup name="ask-ie-search8"> <ruleentry event="registry" match="any" ask="true" customtext="4006">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /> </ruleentry> </rulegroup>  <rulegroup name="ask-ie-home1"> <ruleentry event="registry" match="all" ask="true" customtext="4007">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main" /> <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" /> </ruleentry> </rulegroup> <rulegroup name="ask-ie-home2"> <ruleentry event="registry" match="all" ask="true" customtext="4007">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main" /> <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" /> </ruleentry> </rulegroup>  <rulegroup name="prot-winini"> <ruleentry event="file" match="any" ask="true" customtext="3002"> <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\win.ini" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ROOT\autoexec.bat" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ROOT\config.sys" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\system.ini" /> </ruleentry> </rulegroup>  <rulegroup name="prot-hosts"> <ruleentry event="file" match="all" ask="true" customtext="3001"> <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\etc\hosts" /> </ruleentry> </rulegroup> <ruleset name="rs-files-ask" allow="true"> <rulerefentry rulegroupref="prot-hosts"/> <rulerefentry rulegroupref="protourfiles"/> </ruleset>  <rulegroup name="block-winini"> <ruleentry event="file" match="any" ask="true" customtext="3002"> <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\win.ini" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ROOT\autoexec.bat" /> <itementry param="filename" operator="equalnocase" type="ansi" value="ROOT\config.sys" /> <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\system.ini" /> </ruleentry> </rulegroup>  <rulegroup name="block-hosts"> <ruleentry event="file" match="all" ask="true" customtext="3001"> <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\etc\hosts" /> </ruleentry> </rulegroup> <ruleset name="rs-files-block" allow="true"> <rulerefentry rulegroupref="block-hosts"/> <rulerefentry rulegroupref="protourfiles"/> </ruleset>  <ruleset name="rs-files-allow" allow="true"> <rulerefentry rulegroupref="protourfiles"/> </ruleset>  <rulegroup name="protect-classes"> <ruleentry event="registry" match="any" ask="true" customtext="3003"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes\CLSID" /> </ruleentry> </rulegroup>  <rulegroup name="block-classes"> <ruleentry event="registry" match="any" allow="false" notify="true" customtext="3003"> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes\CLSID" /> </ruleentry> </rulegroup>  <rulegroup name="protect-run1"> <ruleentry event="registry" match="any" ask="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" /> </ruleentry> </rulegroup> <rulegroup name="protect-run2"> <ruleentry event="registry" match="all" ask="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /> <itementry param="value" operator="equalnocase" type="ansi" value="Run" /> </ruleentry> </rulegroup> <rulegroup name="protect-run3"> <ruleentry event="registry" match="all" ask="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /> <itementry param="value" operator="equalnocase" type="ansi" value="Load" /> </ruleentry> </rulegroup> <rulegroup name="protect-run4"> <ruleentry event="registry" match="all" ask="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /> <itementry param="value" operator="equalnocase" type="ansi" value="Userinit" /> </ruleentry> </rulegroup> <rulegroup name="protect-run5"> <ruleentry event="registry" match="all" ask="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /> <itementry param="value" operator="equalnocase" type="ansi" value="Shell" /> </ruleentry> </rulegroup>  <ruleset name="rs-rega-asdd" allow="true"> <rulerefentry rulegroupref="protect-run1"/> <rulerefentry rulegroupref="protect-run2"/> <rulerefentry rulegroupref="protect-run3"/> <rulerefentry rulegroupref="protect-run4"/> <rulerefentry rulegroupref="protect-run5"/> <rulerefentry rulegroupref="ask-ie-search1"/> <rulerefentry rulegroupref="ask-ie-search2"/> <rulerefentry rulegroupref="ask-ie-search3"/> <rulerefentry rulegroupref="ask-ie-search4"/> <rulerefentry rulegroupref="ask-ie-search5"/> <rulerefentry rulegroupref="ask-ie-search6"/> <rulerefentry rulegroupref="ask-ie-search7"/> <rulerefentry rulegroupref="ask-ie-search8"/> <rulerefentry rulegroupref="ask-ie-home1"/> <rulerefentry rulegroupref="ask-ie-home2"/> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <ruleset name="rs-rega-asad" allow="true"> <rulerefentry rulegroupref="protect-run1"/> <rulerefentry rulegroupref="protect-run2"/> <rulerefentry rulegroupref="protect-run3"/> <rulerefentry rulegroupref="protect-run4"/> <rulerefentry rulegroupref="protect-run5"/> <rulerefentry rulegroupref="ask-ie-search1"/> <rulerefentry rulegroupref="ask-ie-search2"/> <rulerefentry rulegroupref="ask-ie-search3"/> <rulerefentry rulegroupref="ask-ie-search4"/> <rulerefentry rulegroupref="ask-ie-search5"/> <rulerefentry rulegroupref="ask-ie-search6"/> <rulerefentry rulegroupref="ask-ie-search7"/> <rulerefentry rulegroupref="ask-ie-search8"/> <rulerefentry rulegroupref="ask-ie-home1"/> <rulerefentry rulegroupref="ask-ie-home2"/> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <rulegroup name="askdel-run1"> <ruleentry event="registry" match="any" ask="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" /> </ruleentry> </rulegroup> <rulegroup name="askdel-run2"> <ruleentry event="registry" match="all" ask="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /> <itementry param="value" operator="equalnocase" type="ansi" value="Run" /> </ruleentry> </rulegroup> <rulegroup name="askdel-run3"> <ruleentry event="registry" match="all" ask="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /> <itementry param="value" operator="equalnocase" type="ansi" value="Load" /> </ruleentry> </rulegroup> <rulegroup name="askdel-run4"> <ruleentry event="registry" match="all" ask="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /> <itementry param="value" operator="equalnocase" type="ansi" value="Userinit" /> </ruleentry> </rulegroup> <rulegroup name="askdel-run5"> <ruleentry event="registry" match="all" ask="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /> <itementry param="value" operator="equalnocase" type="ansi" value="Shell" /> </ruleentry> </rulegroup>  <ruleset name="rs-regd-asdd" allow="true"> <rulerefentry rulegroupref="askdel-run1"/> <rulerefentry rulegroupref="askdel-run2"/> <rulerefentry rulegroupref="askdel-run3"/> <rulerefentry rulegroupref="askdel-run4"/> <rulerefentry rulegroupref="askdel-run5"/> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <ruleset name="rs-regd-asad" allow="true"> <rulerefentry rulegroupref="askdel-run1"/> <rulerefentry rulegroupref="askdel-run2"/> <rulerefentry rulegroupref="askdel-run3"/> <rulerefentry rulegroupref="askdel-run4"/> <rulerefentry rulegroupref="askdel-run5"/> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <ruleset name="rs-regd-sad" allow="true"> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <ruleset name="rs-regd-sdd" allow="true"> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <rulegroup name="block-run1"> <ruleentry event="registry" match="any" allow="false" notify="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" /> </ruleentry> </rulegroup> <rulegroup name="block-run2"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /> <itementry param="value" operator="equalnocase" type="ansi" value="Run" /> </ruleentry> </rulegroup> <rulegroup name="block-run3"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /> <itementry param="value" operator="equalnocase" type="ansi" value="Load" /> </ruleentry> </rulegroup> <rulegroup name="block-run4"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /> <itementry param="value" operator="equalnocase" type="ansi" value="Userinit" /> </ruleentry> </rulegroup> <rulegroup name="block-run5"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4001">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /> <itementry param="value" operator="equalnocase" type="ansi" value="Shell" /> </ruleentry> </rulegroup> <ruleset name="rs-rega-block" allow="true"> <rulerefentry rulegroupref="block-run1"/> <rulerefentry rulegroupref="block-run2"/> <rulerefentry rulegroupref="block-run3"/> <rulerefentry rulegroupref="block-run4"/> <rulerefentry rulegroupref="block-run5"/> <rulerefentry rulegroupref="blk-ie-search1"/> <rulerefentry rulegroupref="blk-ie-search2"/> <rulerefentry rulegroupref="blk-ie-search3"/> <rulerefentry rulegroupref="blk-ie-search4"/> <rulerefentry rulegroupref="blk-ie-search5"/> <rulerefentry rulegroupref="blk-ie-search6"/> <rulerefentry rulegroupref="blk-ie-search7"/> <rulerefentry rulegroupref="blk-ie-search8"/> <rulerefentry rulegroupref="blk-ie-home1"/> <rulerefentry rulegroupref="blk-ie-home2"/> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <rulegroup name="block-run1"> <ruleentry event="registry" match="any" allow="false" notify="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /> <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" /> </ruleentry> </rulegroup> <rulegroup name="block-run2"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /> <itementry param="value" operator="equalnocase" type="ansi" value="Run" /> </ruleentry> </rulegroup> <rulegroup name="block-run3"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /> <itementry param="value" operator="equalnocase" type="ansi" value="Load" /> </ruleentry> </rulegroup> <rulegroup name="block-run4"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /> <itementry param="value" operator="equalnocase" type="ansi" value="Userinit" /> </ruleentry> </rulegroup> <rulegroup name="block-run5"> <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4004">  <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /> <itementry param="value" operator="equalnocase" type="ansi" value="Shell" /> </ruleentry> </rulegroup> <ruleset name="rs-regd-block" allow="true"> <rulerefentry rulegroupref="block-run1"/> <rulerefentry rulegroupref="block-run2"/> <rulerefentry rulegroupref="block-run3"/> <rulerefentry rulegroupref="block-run4"/> <rulerefentry rulegroupref="block-run5"/> <rulerefentry rulegroupref="blk-ie-search1"/> <rulerefentry rulegroupref="blk-ie-search2"/> <rulerefentry rulegroupref="blk-ie-search3"/> <rulerefentry rulegroupref="blk-ie-search4"/> <rulerefentry rulegroupref="blk-ie-search5"/> <rulerefentry rulegroupref="blk-ie-search6"/> <rulerefentry rulegroupref="blk-ie-search7"/> <rulerefentry rulegroupref="blk-ie-search8"/> <rulerefentry rulegroupref="blk-ie-home1"/> <rulerefentry rulegroupref="blk-ie-home2"/> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <ruleset name="rs-reg-allow" allow="true"> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <ruleset name="rs-rega-sdd" allow="true"> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <ruleset name="rs-rega-sad" allow="true"> <rulerefentry rulegroupref="protourreg"/> <rulerefentry rulegroupref="protourreg1"/> <rulerefentry rulegroupref="protourreg2"/> </ruleset>  <eventgroup name="DenySD" description="DenySD" weight="15" allowweightranges="0-19" severityref="normal" trustChoice="restricted" trustDisplay="restricted" trustDetail="DenySD"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-ask" /> <evententry class="srcproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" /> <evententry class="srcproc" event="message" subevent="mouse" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-ask" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-blk" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-block"/> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-block"/> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-block"/> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-block"/> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-block"/> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-block"/> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-block"/> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-blk" /> <evententry class="srcproc" event="driver" subevent="unload" rulegroupref="rg-drvud-blk" /> <evententry class="srcproc" event="driver" subevent="connect" rulegroupref="rg-drvct-blk" /> <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-blk" /> <evententry class="dstproc" event="process" subevent="openprocess" ask="true" /> <evententry class="dstproc" event="process" subevent="openthread" ask="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" ask="true" /> <evententry class="dstproc" event="message" subevent="keyboard" ask="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" ask="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" ask="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" ask="true" /> </eventgroup> <eventgroup name="AskSDenyD" description="AskSDenyD" weight="25" allowweightranges="0-29" askweightranges="30-39" severityref="suspicious" trustDisplay="restricted" trustDetail="AskSDenyD"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-ask" /> <evententry class="srcproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" /> <evententry class="srcproc" event="message" subevent="mouse" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-ask" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-blk" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-asdd"/> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-asdd"/> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-asdd"/> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-asdd"/> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-asdd"/> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-block"/> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-block"/> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-blk" /> <evententry class="srcproc" event="driver" subevent="unload" rulegroupref="rg-drvud-ask" /> <evententry class="srcproc" event="driver" subevent="connect" allow="true" /> <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-blk" /> <evententry class="dstproc" event="process" subevent="openprocess" ask="true" /> <evententry class="dstproc" event="process" subevent="openthread" ask="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" ask="true" /> <evententry class="dstproc" event="message" subevent="keyboard" ask="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" ask="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" ask="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" ask="true" /> </eventgroup> <eventgroup name="AllowSDenyD" description="AllowSDenyD" weight="35" allowweightranges="0-39" severityref="suspicious" trustDisplay="trusted" trustDetail="AllowSDenyD"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-ask" /> <evententry class="srcproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" /> <evententry class="srcproc" event="message" subevent="mouse" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-ask" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-blk" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-sdd"/> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-sdd"/> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-sdd"/> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-sdd"/> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-sdd"/> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-block"/> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-block"/> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-blk" /> <evententry class="srcproc" event="driver" subevent="unload" allow="true" /> <evententry class="srcproc" event="driver" subevent="connect" allow="true" /> <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-blk" /> <evententry class="dstproc" event="process" subevent="openprocess" ask="true" /> <evententry class="dstproc" event="process" subevent="openthread" ask="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" ask="true" /> <evententry class="dstproc" event="message" subevent="keyboard" ask="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" ask="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" ask="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" ask="true" /> </eventgroup> <eventgroup name="AskSD" description="AskSD" weight="45" allowweightranges="0-29,40-49" askweightranges="30-39,50-69" severityref="dangerous" trustChoice="ask" trustDisplay="ask" trustDetail="AskSD"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-ask" /> <evententry class="srcproc" event="process" subevent="startupprocess" ask="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" /> <evententry class="srcproc" event="message" subevent="mouse" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-ask" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-ask" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-asad"/> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-asad"/> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-asad"/> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-asad"/> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-asad"/> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-ask"/> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-ask"/> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-ask" /> <evententry class="srcproc" event="driver" subevent="unload" rulegroupref="rg-drvud-ask" /> <evententry class="srcproc" event="driver" subevent="connect" allow="true" /> <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-ask" /> <evententry class="dstproc" event="process" subevent="openprocess" ask="true" /> <evententry class="dstproc" event="process" subevent="openthread" ask="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" weight="FF" ask="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" ask="true" /> <evententry class="dstproc" event="message" subevent="keyboard" ask="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" ask="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" ask="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" ask="true" /> </eventgroup> <eventgroup name="AllowSAskD" description="AllowSAskD" weight="55" allowweightranges="0-59" askweightranges="60-69" severityref="dangerous" trustChoice="trusted" trustDisplay="trusted" trustDetail="AllowSAskD"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-ask" /> <evententry class="srcproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" /> <evententry class="srcproc" event="message" subevent="mouse" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-ask" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-ask" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-sad"/> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-sad"/> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-sad"/> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-sad"/> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-sad"/> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-ask"/> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-ask"/> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-ask" /> <evententry class="srcproc" event="driver" subevent="unload" allow="true" /> <evententry class="srcproc" event="driver" subevent="connect" allow="true" /> <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-ask" /> <evententry class="dstproc" event="process" subevent="openprocess" ask="true" /> <evententry class="dstproc" event="process" subevent="openthread" ask="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" ask="true" /> <evententry class="dstproc" event="message" subevent="keyboard" ask="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" ask="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" ask="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" ask="true" /> </eventgroup> <eventgroup name="AllowSD" description="AllowSD" weight="65" allowweightranges="0-69" severityref="dangerous" trustChoice="super" trustDisplay="super" trustDetail="AllowSD"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-ask" /> <evententry class="srcproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" /> <evententry class="srcproc" event="message" subevent="mouse" weight="66" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-ask" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" allow="true" /> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow"/> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow"/> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" allow="true" /> <evententry class="srcproc" event="driver" subevent="unload" allow="true" /> <evententry class="srcproc" event="driver" subevent="connect" allow="true" /> <evententry class="srcproc" event="physmem" subevent="map" allow="true" /> <evententry class="dstproc" event="process" subevent="openprocess" ask="true" /> <evententry class="dstproc" event="process" subevent="openthread" ask="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" ask="true" /> <evententry class="dstproc" event="message" subevent="keyboard" ask="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" ask="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" ask="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" ask="true" /> </eventgroup> <eventgroup name="sys-level1" description="sys-level1" weight="66" allowweightranges="0-69" severityref="dangerous" trustDisplay="super"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-ask" /> <evententry class="srcproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" /> <evententry class="srcproc" event="message" subevent="mouse" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-ask" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" allow="true" /> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow" /> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow" /> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" allow="true" /> <evententry class="srcproc" event="driver" subevent="unload" allow="true" /> <evententry class="srcproc" event="driver" subevent="connect" allow="true" /> <evententry class="srcproc" event="physmem" subevent="map" allow="true" /> <evententry class="dstproc" event="process" subevent="openprocess" ask="true" /> <evententry class="dstproc" event="process" subevent="openthread" ask="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" ask="true" /> <evententry class="dstproc" event="message" subevent="keyboard" ask="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" ask="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" ask="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" ask="true" /> </eventgroup>  <eventgroup name="sys-level2" description="sys-level2" weight="66" allowweightranges="0-69" severityref="dangerous" trustDisplay="super"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-ask" /> <evententry class="srcproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" /> <evententry class="srcproc" event="message" subevent="mouse" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-ask" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" allow="true" /> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-block" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-block" /> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-block" /> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-block" /> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-block" /> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow" /> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow" /> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" allow="true" /> <evententry class="srcproc" event="driver" subevent="unload" allow="true" /> <evententry class="srcproc" event="driver" subevent="connect" allow="true" /> <evententry class="srcproc" event="physmem" subevent="map" allow="true" /> <evententry class="dstproc" event="process" subevent="openprocess" ask="true" /> <evententry class="dstproc" event="process" subevent="openthread" ask="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" ask="true" /> <evententry class="dstproc" event="message" subevent="keyboard" ask="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" ask="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" ask="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" ask="true" /> </eventgroup> <eventgroup name="sys-level3" description="sys-level3" weight="66" allowweightranges="0-69" severityref="dangerous" trustDisplay="super"> <evententry class="srcproc" event="process" subevent="openprocess" weight="E1" allow="true" /> <evententry class="srcproc" event="process" subevent="openthread" weight="E1" allow="true" /> <evententry class="srcproc" event="process" subevent="spawnprocess" weight="E1" allow="true" /> <evententry class="srcproc" event="process" subevent="startupprocess" weight="E1" allow="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" weight="E1" allow="true" /> <evententry class="srcproc" event="message" subevent="keyboard" weight="E1" allow="true" /> <evententry class="srcproc" event="message" subevent="mouse" weight="E1" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" weight="E1" allow="true" /> <evententry class="srcproc" event="message" subevent="message" weight="E1" allow="true" /> <evententry class="srcproc" event="execution" subevent="callback" weight="E1" allow="true" /> <evententry class="srcproc" event="execution" subevent="windowshook" weight="E1" allow="true" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" allow="true" /> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow" /> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow" /> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" allow="true" /> <evententry class="srcproc" event="driver" subevent="unload" allow="true" /> <evententry class="srcproc" event="driver" subevent="connect" allow="true" /> <evententry class="srcproc" event="physmem" subevent="map" allow="true" /> <evententry class="dstproc" event="process" subevent="openprocess" ask="true" /> <evententry class="dstproc" event="process" subevent="openthread" ask="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" ask="true" /> <evententry class="dstproc" event="message" subevent="keyboard" ask="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" ask="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" ask="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" ask="true" /> </eventgroup> <eventgroup name="kill" description="Kill" weight="75" severityref="malicious" trustChoice="kill" trustDisplay="kill"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-blk" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-blk" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-blk" /> <evententry class="srcproc" event="process" subevent="startupprocess" rulegroupref="rg-start-blk" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-blk" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-blk" /> <evententry class="srcproc" event="message" subevent="mouse" rulegroupref="rg-mouse-blk" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-blk" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-blk" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-blk" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-blk" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-blk" /> <evententry class="srcproc" event="registry" subevent="setkey" allow="false" /> <evententry class="srcproc" event="registry" subevent="setvalue" allow="false" /> <evententry class="srcproc" event="registry" subevent="delkey" allow="false" /> <evententry class="srcproc" event="registry" subevent="delvalue" allow="false" /> <evententry class="srcproc" event="registry" subevent="createkey" allow="false" /> <evententry class="srcproc" event="file" subevent="write" allow="false" /> <evententry class="srcproc" event="file" subevent="delete" allow="false" /> <evententry class="srcproc" event="module" subevent="load" allow="false" /> <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-blk" /> <evententry class="srcproc" event="driver" subevent="unload" rulegroupref="rg-drvud-blk" /> <evententry class="srcproc" event="driver" subevent="connect" rulegroupref="rg-drvct-blk" /> <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-blk" /> <evententry class="dstproc" event="process" subevent="openprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="openthread" allow="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="false" /> <evententry class="dstproc" event="process" subevent="terminateprocess" allow="true" /> <evententry class="dstproc" event="message" subevent="keyboard" allow="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" allow="true" /> <evententry class="dstproc" event="message" subevent="message" allow="true" /> <evententry class="dstproc" event="execution" subevent="callback" allow="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" allow="true" /> </eventgroup> <eventgroup name="untrust-unprot" description="untrust-unprot" weight="20" trustDisplay="restricted"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-blk" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-blk" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-blk" /> <evententry class="srcproc" event="process" subevent="startupprocess" rulegroupref="rg-start-blk" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-blk" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-blk" /> <evententry class="srcproc" event="message" subevent="mouse" rulegroupref="rg-mouse-blk" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-blk" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-blk" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-blk" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-blk" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-blk" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-block"/> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-block"/> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-block"/> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-block"/> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-block"/> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-block"/> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-block"/> <evententry class="srcproc" event="module" subevent="load" allow="true" /> <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-blk" /> <evententry class="srcproc" event="driver" subevent="unload" rulegroupref="rg-drvud-blk" /> <evententry class="srcproc" event="driver" subevent="connect" rulegroupref="rg-drvct-blk" /> <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-blk" /> <evententry class="dstproc" event="process" subevent="openprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="openthread" allow="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" allow="true" /> <evententry class="dstproc" event="message" subevent="keyboard" allow="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" allow="true" /> <evententry class="dstproc" event="message" subevent="message" ask="true" /> <evententry class="dstproc" event="execution" subevent="callback" allow="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" allow="true" /> </eventgroup> <eventgroup name="trust-unprot" description="trust-unprot" weight="65" allowweightranges="0-69" trustDisplay="super"> <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" /> <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" /> <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-ask" /> <evententry class="srcproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" /> <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" /> <evententry class="srcproc" event="message" subevent="mouse" weight="66" allow="true" /> <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" /> <evententry class="srcproc" event="message" subevent="message" rulegroupref="rg-msg-ask" /> <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" /> <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" /> <evententry class="srcproc" event="execution" subevent="globalwindowshook" allow="true" /> <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-reg-allow" /> <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow"/> <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow"/> <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" /> <evententry class="srcproc" event="driver" subevent="load" allow="true" /> <evententry class="srcproc" event="driver" subevent="unload" allow="true" /> <evententry class="srcproc" event="driver" subevent="connect" allow="true" /> <evententry class="srcproc" event="physmem" subevent="map" allow="true" /> <evententry class="dstproc" event="process" subevent="openprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="openthread" allow="true" /> <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" /> <evententry class="dstproc" event="process" subevent="terminateprocess" allow="true" /> <evententry class="dstproc" event="message" subevent="keyboard" allow="true" /> <evententry class="dstproc" event="message" subevent="mouse" allow="true" /> <evententry class="dstproc" event="message" subevent="dde" allow="true" /> <evententry class="dstproc" event="message" subevent="message" allow="true" /> <evententry class="dstproc" event="execution" subevent="callback" allow="true" /> <evententry class="dstproc" event="execution" subevent="windowshook" allow="true" /> </eventgroup> </osfirewall> </applications> </ruleset> </ZoneLabsSettings>