Privileges Damaged 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper found that its list of privileges was damaged and had to be reset. Unfortunately, this severly compromises Gatekeeper’s ability to operate correctly. 2 Privileges Damaged Privileges Damaged Log File OFF 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was instructed NOT to maintain any record of its activities. 0 Log File OFF Log OFF Log File ON 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was instructed to maintain a record of its activities in the Gatekeeper Log file. 0 Log File ON Log ON Mode Warning OFF 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was instructed NOT to display alerts informing the user of its security mode. 0 Mode Warning OFF Mode Warning OFF Mode Warning ON 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was instructed to display alerts just after system startup to inform the user of its security mode; either “Notify & Veto” or “Notify Only” mode. 0 Mode Warning ON Mode Warning ON Alerts OFF 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was instructed to cease displaying alerts in response to important events. 0 Alerts OFF Alerts OFF Alerts ON 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was instructed to begin displaying alerts in response to important events. 0 Alerts ON Alerts ON Notify Only 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was placed in Notify Only mode by the program “8^”. In Notify Only mode, Gatekeeper monitors privilege violations, but does NOT prevent them from taking place. 0 Notify Only Notify Only Notify & Veto 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was placed in Notify & Veto mode by the program “8^”. With Notify & Veto mode engaged, Gatekeeper's security system resumed full operation. 0 Notify & Veto Notify & Veto 6^ 7^ 4^ 5^ Damaged File: …File’s Disk: Procedure: Error Code: The “6^” file on the “7^” disk is damaged or in an unknown format. Use the file with caution, and restore it from a backup if possible. 2 Damage Found Damage Found 8^ 9^ 4^ 5^ DANGEROUS. Trojan File: …File’s Disk: Carrying: Status: The “8^” file on the “9^” disk was identified as a Trojan Horse program. The program is dangerous and should be deleted as soon as possible. 2 Trojan Found Trojan Horse Found 4^ 5^ 6^ 7^ Removed. Resource Type: Resource ID/Size: Host File: …File’s Disk: Resource Status: A suspicious resource of type ‘4^’ was found in the “6^” file on the “7^” disk. The resource was removed as a precaution. 2 IL Removed IL Removed 4^ 5^ 6^ 7^ Still Present. Resource Type: Resource ID/Size: Host File: …File’s Disk: Resource Status: A suspicious resource of type ‘4^’ was found in the “6^” file on the “7^” disk. The resource was NOT removed. Disinfecting the disk would be a sensible precaution. 2 IL Found IL Found 4^ 5^ 6^ 7^ Virus Removed. Virus: Strain: Infected File: …File’s Disk: Status: The 4^ 5^ virus was found in the “6^” file on the “7^” disk and successfully removed. 2 Virus Removed Virus Removed 4^ 5^ 6^ 7^ Still Infected. Virus: Strain: Infected File: …File’s Disk: Status: The 4^ 5^ virus was found in the “6^” file on the “7^” disk. The virus could NOT be removed. Disinfect the disk as soon as possible. 2 Virus Found Virus Found Shutdown 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: System shutdown occurred and Gatekeeper ceased operation. 4 Shutdown Shutdown Startup 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: System startup occurred and Gatekeeper began operation. 3 Startup Installation Gatekeeper ON* 5^ HMS 8^ 9^ 4^ Operation: Time Limit: Current Program: …Program’s Disk: Disk Write Count: * Gatekeeper automatically turned itself on 5^ HMS after it was turned off. All of Gatekeeper’s protection features subsequently resumed full operation. 0 Gatekeeper ON* Gk Auto-Enabled Gatekeeper ON* 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: * Gatekeeper automatically turned itself on 30 minutes after it was turned off. All of Gatekeeper’s protection features subsequently resumed full operation. 0 Gatekeeper ON* Override Expired Gatekeeper ON 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was turned on by the program “8^”. With Gatekeeper on, all of its protection features resumed full operation. 0 Gatekeeper ON Override OFF Gatekeeper OFF 8^ 9^ 4^ Operation: Current Program: …Program’s Disk: Disk Write Count: Gatekeeper was turned off by the program “8^”. With Gatekeeper off, all of its protection features were disabled. 0 Gatekeeper OFF Override ON File(Self) 3^ 4^ 5^ 6^ 7^ 8^ 9^ Privilege: File Operation: Original State: Changed State: Victim File: …File’s Disk: Guilty Program: …Program’s Disk: The program “8^” violated the File(Self) privilege by calling the procedure 3^ to change itself from “4^” to “5^”. This is a very suspicious operation. 1 File(Self) File(Self) File(System) 3^ 4^ 5^ 6^ 7^ 8^ 9^ Privilege: File Operation: Original State: Changed State: Victim File: …File’s Disk: Guilty Program: …Program’s Disk: The program “8^” violated the File(System) privilege by calling the procedure 3^ to change the active System file “6^” from “4^” to “5^”. 1 File(System) File(System) File(Other) 3^ 4^ 5^ 6^ 7^ 8^ 9^ Privilege: File Operation: Original State: Changed State: Victim File: …File’s Disk: Guilty Program: …Program’s Disk: The program “8^” violated the File(Other) privilege by calling the procedure 3^ to change the file “6^” from “4^” to “5^”. 1 File(Other) File(Other) Res(Self) 3^ 4^ 5^ 6^ 7^ 8^ 9^ Privilege: Res. Operation: Resource Type: Resource ID: Victim File: …File’s Disk: Guilty Program: …Program’s Disk: The program “8^” violated the Res(Self) privilege by invoking the procedure 3^ on its own ‘4^’ resource 5^. This is a very suspicious operation. 1 Res(Self) Res(Self) Res(System) 3^ 4^ 5^ 6^ 7^ 8^ 9^ Privilege: Res. Operation: Resource Type: Resource ID: Victim File: …File’s Disk: Guilty Program: …Program’s Disk: The program “8^” violated the Res(System) privilege by invoking the procedure 3^ on the active System file’s ‘4^’ resource 5^. 1 Res(System) Res(System) Res(Other) 3^ 4^ 5^ 6^ 7^ 8^ 9^ Privilege: Res. Operation: Resource Type: Resource ID: Victim File: …File’s Disk: Guilty Program: …Program’s Disk: The program “8^” violated the Res(Other) privilege by invoking the procedure 3^ on ‘4^’ resource 5^ in the file “6^”. 1 Res(Other) Res(Other)