home *** CD-ROM | disk | FTP | other *** search
/ PC Active 2009 June / PC Active NR.226.iso / Software / firewalls / zaZA_Setup_en.exe / OSFWRULES_SWITCH.XML < prev    next >
Encoding:
Extensible Markup Language  |  2009-02-15  |  324.5 KB  |  3,188 lines
  1. <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  2. <!-- Localization comment.  The locale tag for Japanese is supposed to be reversed from the standard.
  3.      that is, it should be jp-JA to work with our application. -->
  4. <ZoneLabsSettings version="1.0">
  5.     <ruleset start="afterstartup" name="runningruleset" stop="onshutdown">
  6.         <applications>
  7.             <default appsec="AskSD"/>
  8.             <osfirewall majorVersion="1" minorVersion="15">
  9. <rulegroup name="protourfiles">
  10.     <ruleentry event="file" match="any" allow="false" notify="true" customtext="2002">
  11.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\Internet Logs\BACKUP.RDB" />
  12.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\Internet Logs\IAMDB.RDB" />
  13.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\Internet Logs\ZALog.txt" />
  14.  
  15.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs" context="dircontent" />
  16.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys" context="dircontent" />
  17.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\avsys\bases" context="dircontent" />
  18.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\lib" context="dircontent" />
  19.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\lib\pyd" context="dircontent" />
  20.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\plugins" context="dircontent" />
  21.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\plugins\rpc_server" context="dircontent" />
  22.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\plugins\vsmon_plugin" context="dircontent" />
  23.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\streamapi" context="dircontent" />
  24.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\streamapi\httpblocker" context="dircontent" />
  25.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\streamapi\imslsp" context="dircontent" />
  26.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\Updates" />
  27.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\Zonelabs\Updates\LocalCatalog.xml" />
  28.  
  29.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vswmi.dll" />
  30.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsconfig.xml" />
  31.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsdatant.sys" />
  32.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\vsconfig.xml" />
  33.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\vsdatant.sys" />
  34.         
  35.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsdata.dll" />
  36.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsinit.dll" />
  37.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsmonapi.dll" />
  38.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vspubapi.dll" />
  39.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsregexp.dll" />
  40.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsutil.dll" />
  41.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\vsxml.dll" />
  42.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\zlcomm.dll" />
  43.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\zlcommdb.dll" />
  44.         <itementry param="filename" operator="equalnocase" type="ansi" value="WINSYSDIR\zpeng25.dll" />
  45.  
  46.         <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR" context="dirpath" />
  47.         <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR" context="dircontent" />
  48.         <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Help" context="dircontent" />
  49.         <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\Images" context="dircontent" />
  50.         <itementry param="filename" operator="equalnocase" type="ansi" value="ZLDIR\repair" context="dircontent" />
  51.  
  52.     </ruleentry>
  53. </rulegroup>
  54. <rulegroup name="protourreg">
  55.     <ruleentry event="registry" match="any" allow="false" notify="true" customtext="2003">
  56.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs" />
  57.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs" />
  58.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\Monitor" />
  59.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\Monitor\DialogControl" />
  60.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\MiniLog" />
  61.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector" />
  62.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector\LocalStoreDir" />
  63.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector\LogStoreDir" />
  64.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\TrueVector\Store" />
  65.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm" />
  66.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\ZoneAlarm" />
  67.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\ZoneAlarm\Plugin" />
  68.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Zone Labs\ZoneAlarm\Plugin\obj" />
  69.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\Registration" />
  70.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm" />
  71.  
  72.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions" />
  73.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ADE" />
  74.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ADP" />
  75.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ASX" />
  76.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.BAS" />
  77.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.BAT" />
  78.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CHM" />
  79.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CMD" />
  80.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.COM" />
  81.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CPL" />
  82.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.CRT" />
  83.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.DBX" />
  84.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.DLL" />
  85.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.EML" />
  86.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.EXE" />
  87.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.HLP" />
  88.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.HTA" />
  89.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.INF" />
  90.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.INS" />
  91.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ISP" />
  92.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.JS" />
  93.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.JSE" />
  94.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.LNK" />
  95.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDA" />
  96.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDB" />
  97.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDE" />
  98.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MDZ" />
  99.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MHT" />
  100.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MSC" />
  101.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MSI" />
  102.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MSP" />
  103.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.MST" />
  104.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.NCH" />
  105.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.OCX" />
  106.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.PCD" />
  107.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.PIF" />
  108.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.PRF" />
  109.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.RAR" />
  110.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.REG" />
  111.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SCF" />
  112.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SCR" />
  113.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SCT" />
  114.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SHB" />
  115.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SHS" />
  116.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.SYS" />
  117.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.URL" />
  118.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.VB" />
  119.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.VBE" />
  120.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.VBS" />
  121.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WMS" />
  122.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WSC" />
  123.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WSF" />
  124.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.WSH" />
  125.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm\MailSafe Extensions\.ZIP" />
  126.         
  127.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant" />
  128.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\enum" />
  129.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\parameters" />
  130.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\security" />
  131.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\Instances" />
  132.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsdatant\Instances\Vsdatant - Instance" />
  133.  
  134.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsmon" />
  135.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsmon\enum" />
  136.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\Vsmon\security" />
  137.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\srescan" />
  138.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\srescan\enum" />
  139.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\srescan\parameters" />
  140.         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\srescan\security" />     
  141.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\CLASSES\ZAMailSafe" />
  142.     </ruleentry>                                                                            
  143. </rulegroup>
  144.  
  145. <rulegroup name="protourreg1">
  146.     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="2003">
  147.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm" />
  148.         <itementry param="value" operator="equalnocase" type="ansi" value="InstallDirectory" />
  149.     </ruleentry>
  150. </rulegroup>
  151.  
  152. <rulegroup name="protourreg2">
  153.     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="2003">
  154.         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm" />
  155.         <itementry param="value" operator="equalnocase" type="ansi" value="IntegrityMode" />
  156.     </ruleentry>
  157. </rulegroup>
  158.  
  159. <rulegroup name="protourreg3">
  160.   <ruleentry event="registry" match="all" allow="false" notify="true" customtext="2003">
  161.     <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm" />
  162.     <itementry param="value" operator="equalnocase" type="ansi" value="AltDirDebug" />
  163.   </ruleentry>
  164. </rulegroup>
  165.  
  166.  
  167.                 <!-- Severity (and promotion/demotion) of customized OSFW Events -->
  168.                 <severity name="normal" rating="low" >
  169.                     <messages type="osfwSeverityDescription" value="normal behavior" locale="en-US" />
  170.                     <messages type="osfwSeverityDescription" value="normale Verhaltensweisen" locale="de-DE" />
  171.                     <messages type="osfwSeverityDescription" value="comportement normal" locale="fr-FR" />
  172.                     <messages type="osfwSeverityDescription" value="µ¡úσ╕╕πü¬σïòΣ╜£" locale="jp-JA" />
  173.                     <messages type="osfwSeverityDescription" value="actividad normal" locale="es-ES" />
  174.                     <messages type="osfwSeverityDescription" value="comportamento normale" locale="it-IT" />
  175.  
  176.                 </severity>
  177.  
  178.                 <severity name="suspicious" rating="medium" >
  179.                     <messages type="osfwSeverityDescription" value="suspicious behavior" locale="en-US" />
  180.                     <messages type="osfwSeverityDescription" value="verd├ñchtige Verhaltensweisen" locale="de-DE" />
  181.                     <messages type="osfwSeverityDescription" value="comportement normal" locale="fr-FR" />
  182.                     <messages type="osfwSeverityDescription" value="τûæπéÅπüùπüäσïòΣ╜£" locale="jp-JA" />
  183.                     <messages type="osfwSeverityDescription" value="actividad sospechosa" locale="es-ES" />
  184.                     <messages type="osfwSeverityDescription" value="comportamento sospetto" locale="it-IT" />
  185.                     <promotion    from="AskSDenyD"    to="AllowSDenyD" />
  186.                     <promotion    from="AskSD"        to="AllowSAskD" />
  187.                     <demotion    from="AskSDenyD"    to="DenySD" />
  188.                     <demotion    from="AskSD"        to="DenySD" />
  189.                     <demotion    from="DenySD"       to="DenySD" />
  190.                 </severity>
  191.  
  192.                 <severity name="dangerous" rating="high" >
  193.                     <messages type="osfwSeverityDescription" value="suspicious behavior" locale="en-US" />
  194.                     <messages type="osfwSeverityDescription" value="verd├ñchtige Verhaltensweisen" locale="de-DE" />
  195.                     <messages type="osfwSeverityDescription" value="comportement normal" locale="fr-FR" />
  196.                     <messages type="osfwSeverityDescription" value="τûæπéÅπüùπüäσïòΣ╜£" locale="jp-JA" />
  197.                     <messages type="osfwSeverityDescription" value="actividad sospechosa" locale="es-ES" />
  198.                     <messages type="osfwSeverityDescription" value="comportamento sospetto" locale="it-IT" />
  199.                     <promotion    from="AskSD"        to="AllowSD" />
  200.                     <promotion    from="AllowSAskD"    to="AllowSD" />
  201.                     <demotion    from="AskSD"        to="AskSDenyD" />
  202.                     <demotion    from="AllowSAskD"    to="AllowSDenyD" />
  203.                 </severity>
  204.  
  205.                 <severity name="malicious" rating="high" >
  206.                     <messages type="osfwSeverityDescription" value="malicious behavior" locale="en-US" />
  207.                     <messages type="osfwSeverityDescription" value="b├╢sartige Verhaltensweisen" locale="de-DE" />
  208.                     <messages type="osfwSeverityDescription" value="comportement malveillant" locale="fr-FR" />
  209.                     <messages type="osfwSeverityDescription" value="σì▒ΘÖ║πü¬σïòΣ╜£" locale="jp-JA" />
  210.                     <messages type="osfwSeverityDescription" value="actividad maligna" locale="es-ES" />
  211.                     <messages type="osfwSeverityDescription" value="comportamento dannoso" locale="it-IT" />
  212.                 </severity>
  213.  
  214.                 <severity name="crit_malicious" rating="critical" >
  215.                     <messages type="osfwSeverityDescription" value="malicious behavior" locale="en-US" />
  216.                     <messages type="osfwSeverityDescription" value="b├╢sartige Verhaltensweisen" locale="de-DE" />
  217.                     <messages type="osfwSeverityDescription" value="comportement malveillant" locale="fr-FR" />
  218.                     <messages type="osfwSeverityDescription" value="σì▒ΘÖ║πü¬σïòΣ╜£" locale="jp-JA" />
  219.                     <messages type="osfwSeverityDescription" value="actividad maligna" locale="es-ES" />
  220.                     <messages type="osfwSeverityDescription" value="comportamento dannoso" locale="it-IT" />
  221.                 </severity>
  222.  
  223.                 <!-- Customization of Raw OSFW Events 
  224.  
  225.                      Note that customevent id numbers are used by AA, so they must not be changed or
  226.                      reused.
  227.                 -->
  228.  
  229.                     <!-- "miscellaneous" events (1001-1999) -->
  230.  
  231.                 <customevent id="1001" severityref="malicious" >
  232.                     <messages type="osfwPresentText" value="Warning! %process_name% is a malicious program and is trying to run on your computer" locale="en-US" />
  233.                     <messages type="osfwPastText" value="%process_name% is a malicious program and was trying to run on your computer" locale="en-US" />
  234.                     <messages type="osfwBlockedText" value="%process_name% is a malicious program and was prevented from running on your computer" locale="en-US" />
  235.                     <messages type="osfwPresentText" value="Warnung! %process_name% ist ein b├╢sartiges Programm, das versucht, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" />
  236.                     <messages type="osfwPastText" value="%process_name% ist ein b├╢sartiges Programm, das versucht hat, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" />
  237.                     <messages type="osfwBlockedText" value="%process_name% ist ein b├╢sartiges Programm, das daran gehindert wurde, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" />
  238.                     <messages type="osfwPresentText" value="Avertissement ! %process_name% est un programme malveillant qui tente de s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" />
  239.                     <messages type="osfwPastText" value="%process_name% est un programme malveillant et a tent├⌐ de s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" />
  240.                     <messages type="osfwBlockedText" value="%process_name% est un programme malveillant et n'a pas r├⌐ussi ├á s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" />
  241.                     <messages type="osfwPresentText" value="Φ¡ªσæè ! %process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπüîπé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºσ«ƒΦíîπéÆΦ⌐ªπü┐πüªπüäπü╛πüÖ" locale="jp-JA" />
  242.                     <messages type="osfwPastText" value="%process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπüîπé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºσ«ƒΦíîπéÆΦ⌐ªπü┐πüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  243.                     <messages type="osfwBlockedText" value="%process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπü«πé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºπü«σ«ƒΦíîπüîΘÿ▓µ¡óπüòπéîπü╛πüùπüƒ" locale="jp-JA" />
  244.                     <messages type="osfwPresentText" value="Advertencia: %process_name% es un programa maligno y est├í intentando ejecutarse en el equipo" locale="es-ES" />
  245.                     <messages type="osfwPastText" value="%process_name% es un programa maligno y ha intentando ejecutarse en el equipo" locale="es-ES" />
  246.                     <messages type="osfwBlockedText" value="%process_name% es un programa maligno y se ha impedido su ejecuci├│n en el equipo" locale="es-ES" />
  247.                     <messages type="osfwPresentText" value="Avviso! %process_name% ├¿ un programma dannoso e sta cercando di essere eseguito sul computer" locale="it-IT" />
  248.                     <messages type="osfwPastText" value="%process_name% ├¿ un programma dannoso e ha cercato di essere eseguito sul computer" locale="it-IT" />
  249.                     <messages type="osfwBlockedText" value="%process_name% ├¿ un programma dannoso ed ├¿ stata impedita la sua esecuzione sul computer" locale="it-IT" />
  250.                 </customevent>
  251.  
  252.                     <!-- "malicious" behavior (2001-2999) -->
  253.  
  254.                 <customevent id="2001" severityref="malicious" >
  255.                     <messages type="osfwPresentText" value="Warning! %process_name% is a malicious program and is trying to run on your computer" locale="en-US" />
  256.                     <messages type="osfwPastText" value="%process_name% is a malicious program and was trying to run on your computer" locale="en-US" />
  257.                     <messages type="osfwBlockedText" value="%process_name% is a malicious program and was prevented from running on your computer" locale="en-US" />
  258.                     <messages type="osfwPresentText" value="Warnung! %process_name% ist ein b├╢sartiges Programm, das versucht, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" />
  259.                     <messages type="osfwPastText" value="%process_name% ist ein b├╢sartiges Programm, das versucht hat, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" />
  260.                     <messages type="osfwBlockedText" value="%process_name% ist ein b├╢sartiges Programm, das daran gehindert wurde, sich auf Ihrem Computer auszuf├╝hren." locale="de-DE" />
  261.                     <messages type="osfwPresentText" value="Avertissement ! %process_name% est un programme malveillant qui tente de s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" />
  262.                     <messages type="osfwPastText" value="%process_name% est un programme malveillant et a tent├⌐ de s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" />
  263.                     <messages type="osfwBlockedText" value="%process_name% est un programme malveillant et n'a pas r├⌐ussi ├á s'ex├⌐cuter sur votre ordinateur" locale="fr-FR" />
  264.                     <messages type="osfwPresentText" value="Φ¡ªσæè ! %process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπüîπé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºσ«ƒΦíîπéÆΦ⌐ªπü┐πüªπüäπü╛πüÖ" locale="jp-JA" />
  265.                     <messages type="osfwPastText" value="%process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπüîπé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºσ«ƒΦíîπéÆΦ⌐ªπü┐πüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  266.                     <messages type="osfwBlockedText" value="%process_name% πü¿πüäπüåµé¬µäÅπü«πüéπéïπâùπâ¡πé░πâ⌐πâáπü«πé│πâ│πâöπâÑπâ╝πé┐Σ╕èπüºπü«σ«ƒΦíîπüîΘÿ▓µ¡óπüòπéîπü╛πüùπüƒ" locale="jp-JA" />
  267.                     <messages type="osfwPresentText" value="Advertencia: %process_name% es un programa maligno y est├í intentando ejecutarse en el equipo" locale="es-ES" />
  268.                     <messages type="osfwPastText" value="%process_name% es un programa maligno y ha intentando ejecutarse en el equipo" locale="es-ES" />
  269.                     <messages type="osfwBlockedText" value="%process_name% es un programa maligno y se ha impedido su ejecuci├│n en el equipo" locale="es-ES" />
  270.                     <messages type="osfwPresentText" value="Avviso! %process_name% ├¿ un programma dannoso e sta cercando di essere eseguito sul computer" locale="it-IT" />
  271.                     <messages type="osfwPastText" value="%process_name% ├¿ un programma dannoso e ha cercato di essere eseguito sul computer" locale="it-IT" />
  272.                     <messages type="osfwBlockedText" value="%process_name% ├¿ un programma dannoso ed ├¿ stata impedita la sua esecuzione sul computer" locale="it-IT" />
  273.                 </customevent>
  274.                 <customevent id="2002" severityref="malicious" >
  275.                     <messages type="osfwPresentText" value="%process_name% is trying to change the behavior of %product_name% by modifying the file: %file%" locale="en-US" />
  276.                     <messages type="osfwPastText" value="%process_name% was trying to change the behavior of %product_name% by modifying the file: %file%" locale="en-US" />
  277.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing the behavior of %product_name% by modifying the file: %file%" locale="en-US" />
  278.                     <messages type="osfwPresentText" value="%process_name% versucht, die Verhaltensweise von %product_name% durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" />
  279.                     <messages type="osfwPastText" value="%process_name% hat versucht, die Verhaltensweise von %product_name% durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" />
  280.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Verhaltensweise von %product_name% durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" />
  281.                     <messages type="osfwPresentText" value="%process_name% tente de modifier le comportement de %product_name% en modifiant le fichier suivant : %file%" locale="fr-FR" />
  282.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier le comportement de %product_name% en modifiant le fichier suivant : %file%" locale="fr-FR" />
  283.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier le comportement de %product_name% en modifiant le fichier suivant : %file%" locale="fr-FR" />
  284.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéƵ¢╕πüìµ¢┐πüêπüª %product_name% πü«σïòΣ╜£πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ:%file%" locale="jp-JA" />
  285.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéƵ¢╕πüìµ¢┐πüêπüª %product_name% πü«σïòΣ╜£πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ:%file%" locale="jp-JA" />
  286.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéƵ¢╕πüìµ¢┐πüêπüª %product_name% πü«σïòΣ╜£πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ:%file%" locale="jp-JA" />
  287.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar el comportamiento de %product_name% mediante la modificaci├│n del archivo: %file%" locale="es-ES" />
  288.                     <messages type="osfwPastText" value="%process_name% ha intentado cambiar el comportamiento de %product_name% mediante la modificaci├│n del archivo: %file%" locale="es-ES" />
  289.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie el comportamiento de %product_name% mediante la modificaci├│n del archivo: %file%" locale="es-ES"/>
  290.                     <messages type="osfwPresentText" value="%process_name% sta cercando di cambiare il comportamento di %product_name% modificando il file seguente: %file%" locale="it-IT" />
  291.                     <messages type="osfwPastText" value="%process_name% ha cercato di cambiare il comportamento di %product_name% modificando il file seguente: %file%" locale="it-IT" />
  292.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di cambiare il comportamento di %product_name% modificando il file seguente: %file%" locale="it-IT" />
  293.                 </customevent>
  294.                 <customevent id="2003" severityref="malicious" >
  295.                     <messages type="osfwPresentText" value="%process_name% is trying to change the settings of %product_name% by modifying the registry key: %registry_key%" locale="en-US" />
  296.                     <messages type="osfwPastText" value="%process_name% was trying to change the settings of %product_name% by modifying the registry key: %registry_key%" locale="en-US" />
  297.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing the settings of %product_name% by modifying the registry key: %registry_key%" locale="en-US" />
  298.                     <messages type="osfwPresentText" value="%process_name% versucht, die Einstellungen von %product_name% durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" />
  299.                     <messages type="osfwPastText" value="%process_name% hat versucht, die Einstellungen von %product_name% durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" />
  300.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Einstellungen von %product_name% durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" />
  301.                     <messages type="osfwPresentText" value="%process_name% tente de modifier les param├¿tres de %product_name% en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" />
  302.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier les param├¿tres de %product_name% en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" />
  303.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier les param├¿tres de %product_name% en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" />
  304.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπ⬠πé¡πâ╝πéƵ¢╕πüìµ¢┐πüêπüª %product_name% πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %registry_key%" locale="jp-JA" />
  305.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπ⬠πé¡πâ╝πéƵ¢╕πüìµ¢┐πüêπüª %product_name% πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %registry_key%" locale="jp-JA" />
  306.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπ⬠πé¡πâ╝πéƵ¢╕πüìµ¢┐πüêπüª %product_name% πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %registry_key%" locale="jp-JA" />
  307.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n de %product_name% mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" />
  308.                     <messages type="osfwPastText" value="%process_name% ha intentado cambiar la configuraci├│n de %product_name% mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" />
  309.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n de %product_name% mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" />
  310.                     <messages type="osfwPresentText" value="%process_name% sta cercando di cambiare le impostazioni di %product_name% modificando la chiave di registro seguente: %registry_key%" locale="it-IT" />
  311.                     <messages type="osfwPastText" value="%process_name% ha cercato di cambiare le impostazioni di %product_name% modificando la chiave di registro seguente: %registry_key%" locale="it-IT" />
  312.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di cambiare le impostazioni di %product_name% modificando la chiave di registro seguente: %registry_key%" locale="it-IT" />
  313.                 </customevent>
  314.  
  315.                     <!-- "dangerous" behavior (3001-3999) -->
  316.  
  317.                 <customevent id="3001" severityref="dangerous" >
  318.                     <messages type="osfwPresentText" value="%process_name% is trying to change your network settings by modifying the file: %file%" locale="en-US" />
  319.                     <messages type="osfwPastText" value="%process_name% was trying to change your network settings by modifying the file: %file%" locale="en-US" />
  320.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing your network settings by modifying the file: %file%" locale="en-US" />
  321.                     <messages type="osfwPresentText" value="%process_name% versucht, Ihre Netzwerkeinstellungen durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" />
  322.                     <messages type="osfwPastText" value="%process_name% hat versucht, Ihre Netzwerkeinstellungen durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" />
  323.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Ihre Netzwerkeinstellungen durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE"/>
  324.                     <messages type="osfwPresentText" value="%process_name% tente de modifier vos param├¿tres r├⌐seau en modifiant le fichier suivant : %file%" locale="fr-FR" />
  325.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier vos param├¿tres r├⌐seau en modifiant le fichier suivant : %file%" locale="fr-FR" />
  326.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier vos param├¿tres r├⌐seau en modifiant le fichier suivant : %file%" locale="fr-FR" />
  327.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéƵ¢╕πüìµ¢┐πüêπüªπâìπââπâêπâ»πâ╝πé»Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ:%file%" locale="jp-JA" />
  328.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéƵ¢╕πüìµ¢┐πüêπüªπâìπââπâêπâ»πâ╝πé»Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ:%file%" locale="jp-JA" />
  329.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéƵ¢╕πüìµ¢┐πüêπüªπâìπââπâêπâ»πâ╝πé»Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ:%file%" locale="jp-JA" />
  330.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n de red mediante la modificaci├│n del archivo: %file%" locale="es-ES" />
  331.                     <messages type="osfwPastText" value="%process_name% ha intentado cambiar la configuraci├│n de red mediante la modificaci├│n del archivo: %file%" locale="es-ES" />
  332.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n de red mediante la modificaci├│n del archivo: %file%" locale="es-ES" />
  333.                     <messages type="osfwPresentText" value="%process_name% sta cercando di cambiare le impostazioni di rete modificando il file seguente: %file%" locale="it-IT" />
  334.                     <messages type="osfwPastText" value="%process_name% ha cercato di cambiare le impostazioni di rete modificando il file seguente: %file%" locale="it-IT" />
  335.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di cambiare le impostazioni di rete modificando il file seguente: %file%" locale="it-IT" />
  336.                 </customevent>
  337.                 <customevent id="3002" severityref="dangerous" >
  338.                     <messages type="osfwPresentText" value="%process_name% is trying to change Windows by modifying the file: %file%" locale="en-US" />
  339.                     <messages type="osfwPastText" value="%process_name% was trying to change the configuration of Windows by modifying the file: %file%" locale="en-US" />
  340.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing the configuration of Windows by modifying the file: %file%" locale="en-US" />
  341.                     <messages type="osfwPresentText" value="%process_name% versucht, Windows durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" />
  342.                     <messages type="osfwPastText" value="%process_name% hat versucht, die Konfiguration von Windows durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" />
  343.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Konfiguration von Windows durch Modifizierung der folgenden Datei zu ├ñndern: %file%" locale="de-DE" />
  344.                     <messages type="osfwPresentText" value="%process_name% tente de modifier Windows en modifiant le fichier suivant : %file%" locale="fr-FR" />
  345.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier Windows en modifiant le fichier suivant : %file%" locale="fr-FR" />
  346.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier Windows en modifiant le fichier suivant : %file%" locale="fr-FR" />
  347.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéƵ¢╕πüìµ¢┐πüêπüª Windows πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ:%file%" locale="jp-JA" />
  348.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéƵ¢╕πüìµ¢┐πüêπüª Windows πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ:%file%" locale="jp-JA" />
  349.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâòπéíπéñπâ½πéƵ¢╕πüìµ¢┐πüêπüª Windows πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ:%file%" locale="jp-JA" />
  350.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n de Windows mediante la modificaci├│n del archivo: %file%" locale="es-ES" />
  351.                     <messages type="osfwPastText" value="%process_name% ha intentado cambiar la configuraci├│n de Windows mediante la modificaci├│n del archivo: %file%" locale="es-ES" />
  352.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n de Windows mediante la modificaci├│n del archivo: %file%" locale="es-ES" />
  353.                     <messages type="osfwPresentText" value="%process_name% sta cercando di cambiare Windows modificando il file seguente: %file%" locale="it-IT" />
  354.                     <messages type="osfwPastText" value="%process_name% ha cercato di cambiare la configurazione di Windows %product_name% modificando il file seguente: %file%" locale="it-IT" />
  355.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% cambiare la configurazione di Windows %product_name% modificando il file seguente: %file%" locale="it-IT" />
  356.                 </customevent>
  357.                 <customevent id="3003" severityref="dangerous" >
  358.                     <messages type="osfwPresentText" value="%process_name% is trying to reconfigure software by modifying the registry key: %registry_key%"    locale="en-US" />
  359.                     <messages type="osfwPastText" value="%process_name% was trying to reconfigure software by modifying the registry key: %registry_key%" locale="en-US" />
  360.                     <messages type="osfwBlockedText" value="%process_name% was prevented from reconfiguring software by modifying the registry key: %registry_key%" locale="en-US" />
  361.                     <messages type="osfwPresentText" value="%process_name% versucht, Software durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%"    locale="de-DE" />
  362.                     <messages type="osfwPastText" value="%process_name% hat versucht, Software durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" />
  363.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Software durch Modifizierung des folgenden Registrierungsschl├╝ssels zu ├ñndern: %registry_key%" locale="de-DE" />
  364.                     <messages type="osfwPresentText" value="%process_name% tente de modifier reconfigurer des logiciels en modifiant la cl├⌐ de registre suivante : %registry_key%"    locale="fr-FR" />
  365.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier reconfigurer des logiciels en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" />
  366.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á reconfigurer des logiciels en modifiant la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" />
  367.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπ⬠πé¡πâ╝πéƵ¢╕πüìµ¢┐πüêπüªπé╜πâòπâêπéªπéºπéóπéÆσåìΦ¿¡σ«Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %registry_key%"    locale="jp-JA" />
  368.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπ⬠πé¡πâ╝πéƵ¢╕πüìµ¢┐πüêπüªπé╜πâòπâêπéªπéºπéóπéÆσåìΦ¿¡σ«Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %registry_key%" locale="jp-JA" />
  369.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπ⬠πé¡πâ╝πéƵ¢╕πüìµ¢┐πüêπüªπé╜πâòπâêπéªπéºπéóπéÆσåìΦ¿¡σ«Üπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %registry_key%" locale="jp-JA" />
  370.                     <messages type="osfwPresentText" value="%process_name% est├í intentando volver a configurar el software mediante la modificaci├│n de la clave de registro: %registry_key%"    locale="es-ES" />
  371.                     <messages type="osfwPastText" value="%process_name% ha intentado volver a configurar el software mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" />
  372.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% vuelva a configurar el software mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" />
  373.                     <messages type="osfwPresentText" value="%process_name% sta cercando di riconfigurare il software modificando la chiave di registro seguente: %registry_key%"    locale="it-IT" />
  374.                     <messages type="osfwPastText" value="%process_name% ha cercato di riconfigurare il software modificando la chiave di registro seguente: %registry_key%" locale="it-IT" />
  375.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di riconfigurare il software modificando la chiave di registro seguente: %registry_key%" locale="it-IT" />
  376.                 </customevent>
  377.                 <customevent id="3004" severityref="dangerous" >
  378.                     <messages type="osfwPresentText" value="%process_name% is trying to read and modify physical memory" locale="en-US" />
  379.                     <messages type="osfwPastText" value="%process_name% was trying to read and modify physical memory" locale="en-US" />
  380.                     <messages type="osfwBlockedText" value="%process_name% was prevented from reading and modifying physical memory" locale="en-US" />
  381.                     <messages type="osfwPresentText" value="%process_name% versucht, den physischen Speicher zu lesen und zu ├ñndern." locale="de-DE" />
  382.                     <messages type="osfwPastText" value="%process_name% versucht, den physischen Speicher zu lesen und zu ├ñndern." locale="de-DE" />
  383.                     <messages type="osfwBlockedText" value="%process_name% hat versucht, den physischen Speicher zu lesen und zu ├ñndern." locale="de-DE" />
  384.                     <messages type="osfwPresentText" value="%process_name% tente de lire et de modifier la m├⌐moire physique" locale="fr-FR" />
  385.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de lire et de modifier la m├⌐moire physique" locale="fr-FR" />
  386.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á lire et ├á modifier la m├⌐moire physique" locale="fr-FR" />
  387.                     <messages type="osfwPresentText" value="%process_name% πüîτë⌐τÉåπâíπâóπâ¬πéÆΦ¬¡πü┐σÅûπüúπüªσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  388.                     <messages type="osfwPastText" value="%process_name% πüîτë⌐τÉåπâíπâóπâ¬πéÆΦ¬¡πü┐σÅûπüúπüªσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  389.                     <messages type="osfwBlockedText" value="%process_name% πüîτë⌐τÉåπâíπâóπâ¬πéÆΦ¬¡πü┐σÅûπüúπüªσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  390.                     <messages type="osfwPresentText" value="%process_name% est├í intentando leer y modificar la memoria f├¡sica" locale="es-ES" />
  391.                     <messages type="osfwPastText" value="%process_name% ha intentado leer y modificar la memoria f├¡sica" locale="es-ES" />
  392.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% lea y modifique la memoria f├¡sica" locale="es-ES" />
  393.                     <messages type="osfwPresentText" value="%process_name% sta cercando di leggere e modificare la memoria fisica" locale="it-IT" />
  394.                     <messages type="osfwPastText" value="%process_name% ha cercato di leggere e modificare la memoria fisica" locale="it-IT" />
  395.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di leggere e modificare la memoria fisica" locale="it-IT" />
  396.                 </customevent>
  397.                 <customevent id="3005" severityref="dangerous" >
  398.                     <messages type="osfwPresentText" value="%process_name% is attempting to monitor user activities on this computer. If allowed it may try to track or log keystrokes (user input), mouse movements/clicks, web sites visited, and other user behaviors" locale="en-US" />
  399.                     <messages type="osfwPastText" value="%process_name% was attempting to monitor user activity" locale="en-US" />
  400.                     <messages type="osfwBlockedText" value="%process_name% was prevented from monitoring user activity" locale="en-US" />
  401.                     <messages type="osfwPresentText" value="%process_name% versucht, Benutzeraktivit├ñten auf diesem Computer zu ├╝berwachen. Wenn dies gestattet wird, versucht das Programm m├╢glicherweise, Tastatureingaben (Benutzereingaben), Mausbewegungen/-klicks, besuchte Websites und andere Aktivit├ñten des Benutzers nachzuverfolgen bzw. zu protokollieren." locale="de-DE" />
  402.                     <messages type="osfwPastText" value="%process_name% hat versucht, Benutzeraktivit├ñten zu ├╝berwachen." locale="de-DE" />
  403.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Benutzeraktivit├ñten zu ├╝berwachen." locale="de-DE" />
  404.                     <messages type="osfwPresentText" value="%process_name% tente de surveiller les activit├⌐s des utilisateurs sur cet ordinateur. Si vous l'autorisez, il pourra pister et enregistrer les saisies des utilisateurs, les mouvements et les clics de la souris, ainsi que les sites Web visit├⌐s et autres comportements des utilisateurs." locale="fr-FR" />
  405.                     <messages type="osfwPastText" value="%process_name% tente de surveiller les activit├⌐s des utilisateurs" locale="fr-FR" />
  406.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á surveiller les activit├⌐s des utilisateurs" locale="fr-FR" />
  407.                     <messages type="osfwPresentText" value="%process_name% πü»πÇüπüôπü«πé│πâ│πâöπâÑπâ╝πé┐Σ╕èπü«πâªπâ╝πé╢ πéóπé»πâåπéúπâôπâåπéúπéÆτ¢úΦªûπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖπÇéπü¥πéîπéÆΦ¿▒σÅ»πüùπüƒσá┤σÉêπÇüπé¡πâ╝πé╣πâêπâ¡πâ╝πé» (πâªπâ╝πé╢σàÑσè¢)πÇüπâ₧πéªπé╣πü«σïòπüì/πé»πâ¬πââπé»πÇüπéóπé»πé╗πé╣πüùπüƒ Web πé╡πéñπâêπÇüπüèπéêπü│πü¥πü«Σ╗ûπü«πâªπâ╝πé╢Φíîτé║πéÆΦ┐╜Φ╖íπü╛πüƒπü»Φ¿ÿΘî▓πüùπéêπüåπü¿πüÖπéïσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖπÇé" locale="jp-JA" />
  408.                     <messages type="osfwPastText" value="%process_name% πüîπâªπâ╝πé╢ πéóπé»πâåπéúπâôπâåπéúπéÆτ¢úΦªûπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒπÇé" locale="jp-JA" />
  409.                     <messages type="osfwBlockedText" value="%process_name% πüîπÇüπâªπâ╝πé╢ πéóπé»πâåπéúπâôπâåπéúπü«τ¢úΦªûπéÆτªüµ¡óπüòπéîπü╛πüùπüƒπÇé" locale="jp-JA" />
  410.                     <messages type="osfwPresentText" value="%process_name% est├í intentando controlar las actividades del usuario en este equipo. Si se permite esto, es posible que intente realizar un seguimiento o registrar las pulsaciones de teclas, los clics/movimientos del rat├│n, los sitios Web visitados y otras acciones del usuario." locale="es-ES" />
  411.                     <messages type="osfwPastText" value="%process_name% estaba intentando supervisar la actividad del usuario" locale="es-ES" />
  412.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% supervise la actividad del usuario" locale="es-ES" />
  413.                     <messages type="osfwPresentText" value="%process_name% sta tentando di monitorare le attivit├á dell'utente su questo computer. Se autorizzato, potrebbe cercare di registrare o tenere traccia dei tasti premuti (input dell'utente), dei movimenti/clic del mouse, dei siti Web visitati e altri comportamenti dell'utente." locale="it-IT" />
  414.                     <messages type="osfwPastText" value="%process_name% ha cercato di monitorare l'attivit├á dell'utente" locale="it-IT" />
  415.                     <messages type="osfwBlockedText" value="A %process_name% ├¿ stato impedito il monitoraggio dell'attivit├á dell'utente" locale="it-IT" />
  416.                 </customevent>
  417.                 <customevent id="3006" severityref="dangerous" >
  418.                     <messages type="osfwPresentText" value="%process_name% is trying to load the driver: %driver%" locale="en-US" />
  419.                     <messages type="osfwPastText" value="%process_name% was trying to load the driver: %driver%" locale="en-US" />
  420.                     <messages type="osfwBlockedText" value="%process_name% was prevented from loading the driver: %driver%" locale="en-US" />
  421.                     <messages type="osfwPresentText" value="%process_name% versucht, den folgenden Treiber zu laden: %driver%" locale="de-DE" />
  422.                     <messages type="osfwPastText" value="%process_name% hat versucht, den folgenden Treiber zu laden: %driver%" locale="de-DE" />
  423.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, den folgenden Treiber zu laden: %driver%" locale="de-DE" />
  424.                     <messages type="osfwPresentText" value="%process_name% tente de charger le pilote : %driver%" locale="fr-FR" />
  425.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de charger le pilote : %driver%" locale="fr-FR" />
  426.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á charger le pilote : %driver%" locale="fr-FR" />
  427.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %driver%" locale="jp-JA" />
  428.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %driver%" locale="jp-JA" />
  429.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %driver%" locale="jp-JA" />
  430.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cargar el controlador: %driver%" locale="es-ES" />
  431.                     <messages type="osfwPastText" value="%process_name% ha intentado cargar el controlador: %driver%" locale="es-ES" />
  432.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cargue el controlador: %driver%" locale="es-ES" />
  433.                     <messages type="osfwPresentText" value="%process_name% sta cercando di caricare il driver seguente: %driver%" locale="it-IT" />
  434.                     <messages type="osfwPastText" value="%process_name% ha cercato di caricare il driver seguente: %driver%" locale="it-IT" />
  435.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di caricare il driver seguente: %driver%" locale="it-IT" />
  436.                 </customevent>
  437.  
  438.                 <customevent id="3007" severityref="dangerous" >
  439.                     <messages type="osfwPresentText" value="%process_name% is trying to install a new driver or service: %driver%" locale="en-US" />
  440.                     <messages type="osfwPastText" value="%process_name% was trying to install a new driver or service: %driver%" locale="en-US" />
  441.                     <messages type="osfwBlockedText" value="%process_name% was prevented from installing a new driver or service: %driver%" locale="en-US" />
  442.                     <messages type="osfwPresentText" value="%process_name% versucht, einen neuen Treiber oder Dienst zu installieren: %driver%" locale="de-DE" />
  443.                     <messages type="osfwPastText" value="%process_name% hat versucht, einen neuen Treiber oder Dienst zu installieren: %driver%" locale="de-DE" />
  444.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, einen neuen Treiber oder Dienst zu installieren: %driver%" locale="de-DE" />
  445.                     <messages type="osfwPresentText" value="%process_name% tente d'installer un nouveau pilote ou service : %driver%" locale="fr-FR" />
  446.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ d'installer un nouveau pilote ou service : %driver%" locale="fr-FR" />
  447.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á installer un nouveau pilote ou service : %driver%" locale="fr-FR" />
  448.                     <messages type="osfwPresentText" value="%process_name% πü»µ¼íπü«µû░πüùπüäπâëπâ⌐πéñπâÉπü╛πüƒπü»πé╡πâ╝πâôπé╣πéÆπéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %driver%" locale="jp-JA" />
  449.                     <messages type="osfwPastText" value="%process_name% πü»µ¼íπü«µû░πüùπüäπâëπâ⌐πéñπâÉπü╛πüƒπü»πé╡πâ╝πâôπé╣πéÆπéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %driver%" locale="jp-JA" />
  450.                     <messages type="osfwBlockedText" value="%process_name% πü»µ¼íπü«µû░πüùπüäπâëπâ⌐πéñπâÉπü╛πüƒπü»πé╡πâ╝πâôπé╣πéÆπéñπâ│πé╣πâêπâ╝πâ½πüºπüìπü╛πü¢πéôπüºπüùπüƒ: %driver%" locale="jp-JA" />
  451.                     <messages type="osfwPresentText" value="%process_name% est├í intentando instalar un nuevo controlador o servicio: %driver%" locale="es-ES" />
  452.                     <messages type="osfwPastText" value="%process_name% estaba intentando instalar un nuevo controlador o servicio: %driver%" locale="es-ES" />
  453.                     <messages type="osfwBlockedText" value="Se ha empedido que %process_name% instale un nuevo controlador o servicio: %driver%" locale="es-ES" />
  454.                     <messages type="osfwPresentText" value="%process_name% is trying to install a new driver or service: %driver%" locale="it-IT" />
  455.                     <messages type="osfwPresentText" value="%process_name% sta cercando di installare un nuovo driver o servizio: %driver%" locale="it-IT" />
  456.                     <messages type="osfwPastText" value="%process_name% ha cercato di installare un nuovo driver o servizio: %driver%" locale="it-IT" />
  457.                 </customevent>
  458.  
  459.                 <customevent id="3008" severityref="dangerous" >
  460.                     <messages type="osfwPresentText" value="%process_name% is trying to modify an existing driver or service: %driver%" locale="en-US" />
  461.                     <messages type="osfwPastText" value="%process_name% was trying to modify an existing driver or service: %driver%" locale="en-US" />
  462.                     <messages type="osfwBlockedText" value="%process_name% was prevented from modifying an existing driver or service: %driver%" locale="en-US" />
  463.                     <messages type="osfwPresentText" value="%process_name% versucht, einen vorhandenen Treiber oder Dienst zu ├ñndern: %driver%" locale="de-DE" />
  464.                     <messages type="osfwPastText" value="%process_name% hat versucht, einen vorhandenen Treiber oder Dienst zu ├ñndern: %driver%" locale="de-DE" />
  465.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, einen vorhandenen Treiber oder Dienst zu ├ñndern: %driver%" locale="de-DE" />
  466.                     <messages type="osfwPresentText" value="%process_name% tente de modifier un pilote ou un service existant : %driver%" locale="fr-FR" />
  467.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier un pilote ou un service existant : %driver%" locale="fr-FR" />
  468.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier un pilote ou un service existant : %driver%" locale="fr-FR" />
  469.                     <messages type="osfwPresentText" value="%process_name% πü»µ¼íπü«µùóσ¡ÿπü«πâëπâ⌐πéñπâÉπü╛πüƒπü»πé╡πâ╝πâôπé╣πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %driver%" locale="jp-JA" />
  470.                     <messages type="osfwPastText" value="%process_name% πü»µ¼íπü«µùóσ¡ÿπü«πâëπâ⌐πéñπâÉπü╛πüƒπü»πé╡πâ╝πâôπé╣πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %driver%" locale="jp-JA" />
  471.                     <messages type="osfwBlockedText" value="%process_name% πü»µ¼íπü«µùóσ¡ÿπü«πâëπâ⌐πéñπâÉπü╛πüƒπü»πé╡πâ╝πâôπé╣πéÆσñëµ¢┤πüºπüìπü╛πü¢πéôπüºπüùπüƒ: %driver%" locale="jp-JA" />
  472.                     <messages type="osfwPresentText" value="%process_name% est├í intentando modificar un controlador o servicio existente: %driver%" locale="es-ES" />
  473.                     <messages type="osfwPastText" value="%process_name% estaba intentando modificar un controlador o servicio existente: %driver%" locale="es-ES" />
  474.                     <messages type="osfwBlockedText" value="Se ha impedido que%process_name% modifique un controlador o servicio existente: %driver%" locale="es-ES" />
  475.                     <messages type="osfwPresentText" value="%process_name% sta cercando di modificare un driver o un servizio esistente: %driver%" locale="it-IT" />
  476.                     <messages type="osfwPastText" value="%process_name% ha cercato di modificare un driver o un servizio esistente: %driver%" locale="it-IT" />
  477.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di installare un nuovo driver o servizio: %driver%" locale="it-IT" />
  478.                 </customevent>
  479.  
  480.                 <customevent id="3009" severityref="dangerous" >
  481.                     <messages type="osfwPresentText" value="%process_name% is trying to remove a driver or service: %driver%" locale="en-US" />
  482.                     <messages type="osfwPastText" value="%process_name% was trying to remove a driver or service: %driver%" locale="en-US" />
  483.                     <messages type="osfwBlockedText" value="%process_name% was prevented from removing a driver or service: %driver%" locale="en-US" />
  484.                     <messages type="osfwPresentText" value="%process_name% versucht, einen Treiber oder Dienst zu entfernen: %driver%" locale="de-DE" />
  485.                     <messages type="osfwPastText" value="%process_name% hat versucht, einen Treiber oder Dienst zu entfernen: %driver%" locale="de-DE" />
  486.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, einen Treiber oder Dienst zu entfernen: %driver%" locale="de-DE" />
  487.                     <messages type="osfwPresentText" value="%process_name% tente de supprimer un pilote ou un service : %driver%" locale="fr-FR" />
  488.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de supprimer un pilote ou un service : %driver%" locale="fr-FR" />
  489.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á supprimer un pilote ou un service : %driver%" locale="fr-FR" />
  490.                     <messages type="osfwPresentText" value="%process_name% πü»µ¼íπü«πâëπâ⌐πéñπâÉπü╛πüƒπü»πé╡πâ╝πâôπé╣πéÆσëèΘÖñπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %driver%" locale="jp-JA" />
  491.                     <messages type="osfwPastText" value="%process_name% πü»µ¼íπü«πâëπâ⌐πéñπâÉπü╛πüƒπü»πé╡πâ╝πâôπé╣πéÆσëèΘÖñπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %driver%" locale="jp-JA" />
  492.                     <messages type="osfwBlockedText" value="%process_name% πü»µ¼íπü«πâëπâ⌐πéñπâÉπü╛πüƒπü»πé╡πâ╝πâôπé╣πéÆσëèΘÖñπüºπüìπü╛πü¢πéôπüºπüùπüƒ: %driver%" locale="jp-JA" />
  493.                     <messages type="osfwPresentText" value="%process_name% est├í intentando eliminar un controlador o servicio: %driver%" locale="es-ES" />
  494.                     <messages type="osfwPastText" value="%process_name% estaba intentando eliminar un controlador o servicio: %driver%" locale="es-ES" />
  495.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% elimine un controlador o servicio: %driver%" locale="es-ES" />
  496.                     <messages type="osfwPresentText" value="%process_name% sta cercando di rimuovere un driver o servizio: %driver%" locale="it-IT" />
  497.                     <messages type="osfwPastText" value="%process_name% ha cercato di rimuovere un driver o servizio: %driver%" locale="it-IT" />
  498.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di rimuovere un driver o servizio: %driver%" locale="it-IT" />
  499.                 </customevent>
  500.  
  501.  
  502.                     <!-- "suspicious" behavoir (4001-4999) -->
  503.                 <customevent id="4001" severityref="suspicious" >
  504.                     <messages type="osfwPresentText" value="%process_name% is trying to set '%registry_value%' to run each time your computer is started" locale="en-US" />
  505.                     <messages type="osfwPastText" value="%process_name% was trying to set '%registry_value%' to run each time your computer is started" locale="en-US" />
  506.                     <messages type="osfwBlockedText" value="%process_name% was prevented from setting '%registry_value%' to run each time your computer is started" locale="en-US" />
  507.                     <messages type="osfwPresentText" value="%process_name% nimmt Einstellungen an '%registry_value%' vor, die bewirken, dass es bei jedem Computerstart ausgef├╝hrt wird." locale="de-DE" />
  508.                     <messages type="osfwPastText" value="%process_name% hat Einstellungen an '%registry_value%' vorgenommen, die bewirken, dass es bei jedem Computerstart ausgef├╝hrt wird." locale="de-DE" />
  509.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Einstellungen an '%registry_value%' vorzunehmen, die bewirken, dass es bei jedem Computerstart ausgef├╝hrt wird." locale="de-DE" />
  510.                     <messages type="osfwPresentText" value="%process_name% tente de d├⌐finir '%registry_value%' pour ├¬tre ex├⌐cut├⌐ ├á chaque d├⌐marrage de l'ordinateur" locale="fr-FR" />
  511.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de d├⌐finir '%registry_value%' pour ├¬tre ex├⌐cut├⌐ ├á chaque d├⌐marrage de l'ordinateur" locale="fr-FR" />
  512.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á d├⌐finir '%registry_value%' pour ├¬tre ex├⌐cut├⌐ ├á chaque d├⌐marrage de l'ordinateur" locale="fr-FR" />
  513.                     <messages type="osfwPresentText" value="%process_name% πüîπÇüπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πéÆσ«ƒΦíîπüÖπéïπéêπüåπü½Φ¿¡σ«Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  514.                     <messages type="osfwPastText" value="%process_name% πüîπÇüπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πéÆσ«ƒΦíîπüÖπéïπéêπüåπü½Φ¿¡σ«Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  515.                     <messages type="osfwBlockedText" value="%process_name% πüîπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πéÆσ«ƒΦíîπüÖπéïπéêπüåπü½Φ¿¡σ«ÜπüÖπéïπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  516.                     <messages type="osfwPresentText" value="%process_name% est├í intentando configurar el valor '%registry_value%' para que se ejecute cada vez que se inicie el equipo" locale="es-ES" />
  517.                     <messages type="osfwPastText" value="%process_name% ha intentado configurar el valor '%registry_value%' para que se ejecute cada vez que se inicie el equipo" locale="es-ES" />
  518.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% configure el valor '%registry_value%' para que se ejecute cada vez que se inicie el equipo" locale="es-ES" />
  519.                     <messages type="osfwPresentText" value="%process_name% sta cercando di impostare '%registry_value%' in modo che venga eseguito all'avvio del computer" locale="it-IT" />
  520.                     <messages type="osfwPastText" value="%process_name% ha cercato di impostare '%registry_value%' in modo che venga eseguito all'avvio del computer" locale="it-IT" />
  521.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di impostare '%registry_value%' in modo che venga eseguito all'avvio del computer" locale="it-IT" />
  522.                 </customevent>
  523.                 <customevent id="4002" severityref="suspicious" >
  524.                     <messages type="osfwPresentText" value="%process_name% is trying to unload the driver: %driver%" locale="en-US" />
  525.                     <messages type="osfwPastText" value="%process_name% was trying to unload the driver: %driver%" locale="en-US" />
  526.                     <messages type="osfwBlockedText" value="%process_name% was prevented from unloading the driver: %driver%" locale="en-US" />
  527.                     <messages type="osfwPresentText" value="%process_name% versucht, den folgenden Treiber zu entladen: %driver%" locale="de-DE" />
  528.                     <messages type="osfwPastText" value="%process_name% hat versucht, den folgenden Treiber zu entladen: %driver%" locale="de-DE" />
  529.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, den folgenden Treiber zu entladen: %driver%" locale="de-DE" />
  530.                     <messages type="osfwPresentText" value="%process_name% tente de d├⌐charger le pilote : %driver%" locale="fr-FR" />
  531.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de d├⌐charger le pilote : %driver%" locale="fr-FR" />
  532.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á d├⌐charger le pilote : %driver%" locale="fr-FR" />
  533.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπéóπâ│πâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %driver%" locale="jp-JA" />
  534.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπéóπâ│πâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %driver%" locale="jp-JA" />
  535.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπéÆπéóπâ│πâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %driver%" locale="jp-JA" />
  536.                     <messages type="osfwPresentText" value="%process_name% est├í intentando descargar el controlador: %driver%" locale="es-ES" />
  537.                     <messages type="osfwPastText" value="%process_name% ha intentado descargar el controlador: %driver%" locale="es-ES" />
  538.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% descargue el controlador: %driver%" locale="es-ES" />
  539.                     <messages type="osfwPresentText" value="%process_name% sta cercando di scaricare il driver seguente: %driver%" locale="it-IT" />
  540.                     <messages type="osfwPastText" value="%process_name% ha cercato di scaricare il driver seguente: %driver%" locale="it-IT" />
  541.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di scaricare il driver seguente: %driver%" locale="it-IT" />
  542.                 </customevent>
  543.                 <customevent id="4003" severityref="suspicious" >
  544.                     <messages type="osfwPresentText" value="%process_name% is trying to connect to the driver: %driver%" locale="en-US" />
  545.                     <messages type="osfwPastText" value="%process_name% was trying to connect to the driver: %driver%" locale="en-US" />
  546.                     <messages type="osfwBlockedText" value="%process_name% was prevented from connecting to the driver: %driver%" locale="en-US" />
  547.                     <messages type="osfwPresentText" value="%process_name% versucht, eine Verbindung zu dem folgenden Treiber herzustellen: %driver%" locale="de-DE" />
  548.                     <messages type="osfwPastText" value="%process_name% hat versucht, eine Verbindung zu dem folgenden Treiber herzustellen: %driver%" locale="de-DE" />
  549.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, eine Verbindung zu dem folgenden Treiber herzustellen: %driver%" locale="de-DE" />
  550.                     <messages type="osfwPresentText" value="%process_name% tente de se connecter au pilote : %driver%" locale="fr-FR" />
  551.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de se connecter au pilote : %driver%" locale="fr-FR" />
  552.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á se connecter au pilote : %driver%" locale="fr-FR" />
  553.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπü½µÄÑτ╢Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %driver%" locale="jp-JA" />
  554.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπü½µÄÑτ╢Üπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %driver%" locale="jp-JA" />
  555.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâëπâ⌐πéñπâÉπü½µÄÑτ╢Üπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %driver%" locale="jp-JA" />
  556.                     <messages type="osfwPresentText" value="%process_name% est├í intentando conectarse al controlador: %driver%" locale="es-ES" />
  557.                     <messages type="osfwPastText" value="%process_name% ha intentado conectarse al controlador: %driver%" locale="es-ES" />
  558.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se conecte al controlador: %driver%" locale="es-ES" />
  559.                     <messages type="osfwPresentText" value="%process_name% sta cercando di connettersi al driver seguente: %driver%" locale="it-IT" />
  560.                     <messages type="osfwPastText" value="%process_name% ha cercato di connettersi al driver seguente: %driver%" locale="it-IT" />
  561.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di connettersi al driver seguente: %driver%" locale="it-IT" />
  562.                 </customevent>
  563.                 <customevent id="4004" severityref="suspicious" >
  564.                     <messages type="osfwPresentText" value="%process_name% may be trying to prevent '%registry_value%' from running each time your computer is started by modifying the registry key: %registry_key%" locale="en-US" />
  565.                     <messages type="osfwPastText" value="%process_name% may have been trying to prevent '%registry_value%' from running each time your computer is started by modifying the registry key: %registry_key%" locale="en-US" />
  566.                     <messages type="osfwBlockedText" value="%process_name% was prevented from modifying registry key: %registry_key%" locale="en-US" />
  567.                     <messages type="osfwPresentText" value="%process_name% versucht m├╢glicherweise, '%registry_value%' durch Modifizierung des folgenden Registrierungsschl├╝ssels daran zu hindern, dass es bei jedem Computerstart ausgef├╝hrt wird: %registry_key%" locale="de-DE" />
  568.                     <messages type="osfwPastText" value="%process_name% hat m├╢glicherweise versucht, '%registry_value%' durch Modifizierung des folgenden Registrierungsschl├╝ssels daran zu hindern, dass es bei jedem Computerstart ausgef├╝hrt: %registry_key%" locale="de-DE" />
  569.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, den folgenden Registrierungsschl├╝ssel zu ├ñndern: %registry_key%" locale="de-DE" />
  570.                     <messages type="osfwPresentText" value="%process_name% tente d'emp├¬cher '%registry_value%' de s'ex├⌐cuter ├á chaque d├⌐marrage de l'ordinateur en modifiant la cl├⌐ de registre : %registry_key%" locale="fr-FR" />
  571.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ d'emp├¬cher '%registry_value%' de s'ex├⌐cuter ├á chaque d├⌐marrage de l'ordinateur en modifiant la cl├⌐ de registre : %registry_key%" locale="fr-FR" />
  572.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifi├⌐ la cl├⌐ de registre suivante : %registry_key%" locale="fr-FR" />
  573.                     <messages type="osfwPresentText" value="%process_name% πüîπÇüπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πüîσ«ƒΦíîπüòπéîπü¬πüäπéêπüåπü½πüÖπéïπüƒπéüπü½πÇüµ¼íπü«πâ¼πé╕πé╣πâêπ⬠πé¡πâ╝πéƵ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüªπüäπéïσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖ: %registry_key%" locale="jp-JA" />
  574.                     <messages type="osfwPastText" value="%process_name% πüîπÇüπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½ '%registry_value%' πüîσ«ƒΦíîπüòπéîπü¬πüäπéêπüåπü½πüÖπéïπüƒπéüπü½πÇüµ¼íπü«πâ¼πé╕πé╣πâêπ⬠πé¡πâ╝πéƵ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüªπüäπüƒσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖ: %registry_key%" locale="jp-JA" />
  575.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπ⬠πé¡πâ╝πéƵ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %registry_key%" locale="jp-JA" />
  576.                     <messages type="osfwPresentText" value="%process_name% est├í intentando impedir que el valor '%registry_value%' se ejecute cada vez que se inicie el equipo mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" />
  577.                     <messages type="osfwPastText" value="%process_name% ha intentado impedir que el valor '%registry_value%' se ejecute cada vez que se inicie el equipo mediante la modificaci├│n de la clave de registro: %registry_key%" locale="es-ES" />
  578.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% modifique la clave de registro: %registry_key%" locale="es-ES" />
  579.                     <messages type="osfwPresentText" value="Probabile tentativo da parte di %process_name% di bloccare l'esecuzione di '%registry_value%' all'avvio del computer modificando la chiave di registro seguente: %registry_key%" locale="it-IT" />
  580.                     <messages type="osfwPastText" value="Probabile tentativo da parte di %process_name% di bloccare l'esecuzione di '%registry_value%' all'avvio del computer modificando la chiave di registro seguente: %registry_key%" locale="it-IT" />
  581.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare la chiave di registro seguente: %registry_key%" locale="it-IT" />
  582.                 </customevent>
  583.                 <customevent id="4005" severityref="suspicious" >
  584.                     <messages type="osfwPresentText" value="%process_name% is trying to modify the registry value:  %registry_key%\%registry_value%" locale="en-US" />
  585.                     <messages type="osfwPastText" value="%process_name% was trying to modify the registry value:  %registry_key%\%registry_value%" locale="en-US" />
  586.                     <messages type="osfwBlockedText" value="%process_name% was prevented from modifying the registry value:  %registry_key%\%registry_value%" locale="en-US" />
  587.                     <messages type="osfwPresentText" value="%process_name% versucht, den folgenden Registrierungswert zu ├ñndern:  %registry_key%\%registry_value%" locale="de-DE" />
  588.                     <messages type="osfwPastText" value="%process_name% hat versucht, den folgenden Registrierungswert zu ├ñndern:  %registry_key%\%registry_value%" locale="de-DE" />
  589.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, den folgenden Registrierungswert zu ├ñndern:  %registry_key%\%registry_value%" locale="de-DE" />
  590.                     <messages type="osfwPresentText" value="%process_name% tente de modifier la valeur de registre :  %registry_key%\%registry_value%" locale="fr-FR" />
  591.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier la valeur de registre :  %registry_key%\%registry_value%" locale="fr-FR" />
  592.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifi├⌐ la valeur de registre suivante :  %registry_key%\%registry_value%" locale="fr-FR" />
  593.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬σÇñπéƵ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüªπüäπü╛πüÖ:  %registry_key%\%registry_value%" locale="jp-JA" />
  594.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬σÇñπéƵ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ:  %registry_key%\%registry_value%" locale="jp-JA" />
  595.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâ¼πé╕πé╣πâêπâ¬σÇñπéƵ¢╕πüìµ¢┐πüêπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ:  %registry_key%\%registry_value%" locale="jp-JA" />
  596.                     <messages type="osfwPresentText" value="%process_name% est├í intentando modificar el valor de registro:  %registry_key%\%registry_value%" locale="es-ES" />
  597.                     <messages type="osfwPastText" value="%process_name% ha intentado modificar el valor de registro:  %registry_key%\%registry_value%" locale="es-ES" />
  598.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% modifique el valor de registro:  %registry_key%\%registry_value%" locale="es-ES" />
  599.                     <messages type="osfwPresentText" value="%process_name% sta cercando di modificare il valore di registro seguente:  %registry_key%\%registry_value%" locale="it-IT" />
  600.                     <messages type="osfwPastText" value="%process_name% ha cercato di modificare il valore di registro seguente:  %registry_key%\%registry_value%" locale="it-IT" />
  601.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare il valore registro seguente:  %registry_key%\%registry_value%" locale="it-IT" />
  602.                 </customevent>
  603.                 <customevent id="4006" severityref="suspicious" >
  604.                     <messages type="osfwPresentText" value="%process_name% is trying to change your browser search settings" locale="en-US" />
  605.                     <messages type="osfwPastText" value="%process_name% was trying to change your browser search settings" locale="en-US" />
  606.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing your browser search settings" locale="en-US" />
  607.                     <messages type="osfwPresentText" value="%process_name% versucht, die Sucheinstellungen Ihres Browsers zu ├ñndern." locale="de-DE" />
  608.                     <messages type="osfwPastText" value="%process_name% hat versucht, die Sucheinstellungen Ihres Browsers zu ├ñndern." locale="de-DE" />
  609.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Sucheinstellungen Ihres Browsers zu ├ñndern." locale="de-DE" />
  610.                     <messages type="osfwPresentText" value="%process_name% tente de modifier les param├¿tres de recherche de votre navigateur" locale="fr-FR" />
  611.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier les param├¿tres de recherche de votre navigateur" locale="fr-FR" />
  612.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier les param├¿tres de recherche de votre navigateur" locale="fr-FR" />
  613.                     <messages type="osfwPresentText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«µñ£τ┤óΦ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  614.                     <messages type="osfwPastText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«µñ£τ┤óΦ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  615.                     <messages type="osfwBlockedText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«µñ£τ┤óΦ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  616.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n de b├║squeda del navegador" locale="es-ES" />
  617.                     <messages type="osfwPastText" value="%process_name% ha intentado cambiar la configuraci├│n de b├║squeda del navegador" locale="es-ES" />
  618.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n de b├║squeda del navegador" locale="es-ES" />
  619.                     <messages type="osfwPresentText" value="%process_name% sta cercando di modificare le impostazioni di ricerca del browser" locale="it-IT" />
  620.                     <messages type="osfwPastText" value="%process_name% ha cercato di modificare le impostazioni di ricerca del browser" locale="it-IT" />
  621.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare le impostazioni di ricerca del browser" locale="it-IT" />
  622.                 </customevent>
  623.                 <customevent id="4007" severityref="suspicious" >
  624.                     <messages type="osfwPresentText" value="%process_name% is trying to change your browser home page" locale="en-US" />
  625.                     <messages type="osfwPastText" value="%process_name% was trying to change your browser home page" locale="en-US" />
  626.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing your browser home page" locale="en-US" />
  627.                     <messages type="osfwPresentText" value="%process_name% versucht, die Startseite Ihres Browsers zu ├ñndern." locale="de-DE" />
  628.                     <messages type="osfwPastText" value="%process_name% hat versucht, die Startseite Ihres Browsers zu ├ñndern." locale="de-DE" />
  629.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Startseite Ihres Browsers zu ├ñndern." locale="de-DE" />
  630.                     <messages type="osfwPresentText" value="%process_name% tente de modifier la page d'accueil de votre navigateur" locale="fr-FR" />
  631.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier la page d'accueil de votre navigateur" locale="fr-FR" />
  632.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier la page d'accueil de votre navigateur" locale="fr-FR" />
  633.                     <messages type="osfwPresentText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«πâ¢πâ╝πâá πâÜπâ╝πé╕πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  634.                     <messages type="osfwPastText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«πâ¢πâ╝πâá πâÜπâ╝πé╕πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  635.                     <messages type="osfwBlockedText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«πâ¢πâ╝πâá πâÜπâ╝πé╕πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  636.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la p├ígina de inicio del navegador" locale="es-ES" />
  637.                     <messages type="osfwPastText" value="%process_name% ha intentado cambiar la p├ígina de inicio del navegador" locale="es-ES" />
  638.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la p├ígina de inicio del navegador" locale="es-ES" />
  639.                     <messages type="osfwPresentText" value="%process_name% sta cercando di modificare la pagina iniziale del browser" locale="it-IT" />
  640.                     <messages type="osfwPastText" value="%process_name% ha cercato di modificare la pagina iniziale del browser" locale="it-IT" />
  641.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare la pagina iniziale del browser" locale="it-IT" />
  642.                 </customevent>
  643.                 <customevent id="4008" severityref="suspicious">
  644.                     <messages type="osfwPresentText" value="%process_name% is trying to change your browser main settings" locale="en-US"/>
  645.                     <messages type="osfwPastText" value="%process_name% was trying to change your browser main settings" locale="en-US"/>
  646.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing your browser main settings" locale="en-US"/>
  647.                     <messages type="osfwPresentText" value="%process_name% versucht, die Haupteinstellungen Ihres Browsers zu ├ñndern." locale="de-DE"/>
  648.                     <messages type="osfwPastText" value="%process_name% hat versucht, die Haupteinstellungen Ihres Browsers zu ├ñndern." locale="de-DE"/>
  649.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Haupteinstellungen Ihres Browsers zu ├ñndern." locale="de-DE"/>
  650.                     <messages type="osfwPresentText" value="%process_name% tente de modifier vos principaux param├¿tres de navigateur" locale="fr-FR"/>
  651.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier vos principaux param├¿tres de navigateur" locale="fr-FR"/>
  652.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier vos principaux param├¿tres de navigateur" locale="fr-FR"/>
  653.                     <messages type="osfwPresentText" value="%process_name% πü»πâûπâ⌐πéªπé╢πü«πâíπéñπâ│Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA"/>
  654.                     <messages type="osfwPastText" value="%process_name% πü»πâûπâ⌐πéªπé╢πü«πâíπéñπâ│Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA"/>
  655.                     <messages type="osfwBlockedText" value="%process_name% πü»πâûπâ⌐πéªπé╢πü«πâíπéñπâ│Φ¿¡σ«ÜπéÆσñëµ¢┤πüºπüìπü╛πü¢πéôπüºπüùπüƒ" locale="jp-JA"/>
  656.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n principal del navegador" locale="es-ES"/>
  657.                     <messages type="osfwPastText" value="%process_name% estaba intentado cambiar la configuraci├│n principal navegador" locale="es-ES"/>
  658.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n principal del navegador" locale="es-ES"/>
  659.                     <messages type="osfwPresentText" value="%process_name% sta cercando di modificare le impostazioni principali del browser" locale="it-IT"/>
  660.                     <messages type="osfwPastText" value="%process_name% ha cercato di modificare le impostazioni principali del browser" locale="it-IT"/>
  661.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare le impostazioni principali del browser" locale="it-IT"/>
  662.                 </customevent>
  663.                 <customevent id="4009" severityref="suspicious">
  664.                     <messages type="osfwPresentText" value="%process_name% is trying to change the system behavior for executable files. This may allow a suspicous program to start every time you run any application." locale="en-US" />
  665.                     <messages type="osfwPastText" value="%process_name% was trying to change the system behavior for executable files. This may allow a suspicous program to start every time you run any application." locale="en-US" />
  666.                     <messages type="osfwBlockedText" value="%process_name% was prevented from the changing system behavior for executable files. It will not allow a suspicous program to start every time you run any application." locale="en-US" />
  667.                     <messages type="osfwPresentText" value="%process_name% versucht, das Systemverhalten f├╝r Programmdateien zu ├ñndern. So kann m├╢glicherweise ein verd├ñchtiges Programm bei jeder Ausf├╝hrung einer Anwendung gestartet werden." locale="de-DE" />
  668.                     <messages type="osfwPastText" value="%process_name% hat versucht, das Systemverhalten f├╝r Programmdateien zu ├ñndern. So kann m├╢glicherweise ein verd├ñchtiges Programm bei jeder Ausf├╝hrung einer Anwendung gestartet werden." locale="de-DE" />
  669.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, das Systemverhalten f├╝r Programmdateien zu ├ñndern. Es verhindert, dass ein verd├ñchtiges Programm bei jeder Ausf├╝hrung einer Anwendung gestartet ist." locale="de-DE" />
  670.                     <messages type="osfwPresentText" value="%process_name% tente de modifier le comportement du syst├¿me pour les fichiers ex├⌐cutables. Cette op├⌐ration permettra peut-├¬tre le lancement d'un programme suspect chaque fois que vous ex├⌐cutez une application." locale="fr-FR" />
  671.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier le comportement du syst├¿me pour les fichiers ex├⌐cutables. Cette op├⌐ration permettra peut-├¬tre le lancement d'un programme suspect chaque fois que vous ex├⌐cutez une application." locale="fr-FR" />
  672.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier le comportement du syst├¿me pour les fichiers ex├⌐cutables. Cette op├⌐ration emp├¬chera le lancement d'un programme suspect chaque fois que vous ex├⌐cutez une application." locale="fr-FR" />
  673.                     <messages type="osfwPresentText" value="%process_name% πü»σ«ƒΦíîσÅ»Φâ╜πâòπéíπéñπâ½πü½ΘûóπüÖπéïπé╖πé╣πâåπâáσïòΣ╜£πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖπÇéπüôπéîπü½πéêπéèπÇüπéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│σ«ƒΦíîµÖéπü½τûæπéÅπüùπüäπâùπâ¡πé░πâ⌐πâáπüîΦ╡╖σïòπüÖπéïσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖπÇé" locale="jp-JA" />
  674.                     <messages type="osfwPastText" value="%process_name% πü»σ«ƒΦíîσÅ»Φâ╜πâòπéíπéñπâ½πü½ΘûóπüÖπéïπé╖πé╣πâåπâáσïòΣ╜£πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒπÇéπüôπéîπü½πéêπéèπÇüπéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│σ«ƒΦíîµÖéπü½τûæπéÅπüùπüäπâùπâ¡πé░πâ⌐πâáπüîΦ╡╖σïòπüÖπéïσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖπÇé" locale="jp-JA" />
  675.                     <messages type="osfwBlockedText" value="%process_name% πü»σ«ƒΦíîσÅ»Φâ╜πâòπéíπéñπâ½πü½ΘûóπüÖπéïπé╖πé╣πâåπâáσïòΣ╜£πéÆσñëµ¢┤πüºπüìπü╛πü¢πéôπüºπüùπüƒπÇéπüùπüƒπüîπüúπüªπÇüπéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│σ«ƒΦíîµÖéπü½τûæπéÅπüùπüäπâùπâ¡πé░πâ⌐πâáπüîΦ╡╖σïòπüÖπéïπüôπü¿πü»πüéπéèπü╛πü¢πéôπÇé" locale="jp-JA" />
  676.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la actividad del sistema para los archivos ejecutables. Esto puede permitir a un programa sospechoso reiniciarse cada vez que ejecute una aplicaci├│n." locale="es-ES" />
  677.                     <messages type="osfwPastText" value="%process_name% estaba intentando cambiar la actividad del sistema para los archivos ejecutables. Esto puede permitir a un programa sospechoso reiniciarse cada vez que ejecute una aplicaci├│n." locale="es-ES" />
  678.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la actividad del sistema para los archivos ejecutables. Esto no permitir├í a ning├║n programa sospechoso reiniciarse cada vez que ejecute una aplicaci├│n." locale="es-ES" />
  679.                     <messages type="osfwPresentText" value="%process_name% sta cercando di cambiare il comportamento del sistema relativamente ai file eseguibili. Questo potrebbe consentire lΓÇÖavvio di un programma sospetto allΓÇÖavvio di unΓÇÖapplicazione." locale="it-IT" />
  680.                     <messages type="osfwPastText" value="%process_name% ha cercato di cambiare il comportamento del sistema relativamente ai file eseguibili. Questo potrebbe consentire lΓÇÖavvio di un programma sospetto allΓÇÖavvio di unΓÇÖapplicazione." locale="it-IT" />
  681.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di cambiare il comportamento del sistema relativamente ai file eseguibili. Questo impedir├á lΓÇÖavvio di un programma sospetto allΓÇÖavvio di unΓÇÖapplicazione." locale="it-IT" />
  682.                 </customevent>
  683.                 <customevent id="4010" severityref="suspicious" >
  684.                     <messages type="osfwPresentText" value="%process_name% is trying to install a library that will be loaded each time your system is started" locale="en-US" />
  685.                     <messages type="osfwPastText" value="%process_name% was trying to install a library that would be loaded each time your system is started" locale="en-US" />
  686.                     <messages type="osfwBlockedText" value="%process_name% was prevented from installing a library that would be loaded each time your system is started" locale="en-US" />
  687.                     <messages type="osfwPresentText" value="%process_name% versucht, eine Bibliothek zu installieren, die bei jedem Systemstart geladen wird." locale="de-DE" />
  688.                     <messages type="osfwPastText" value="%process_name% hat versucht, eine Bibliothek zu installieren, die bei jedem Systemstart geladen wird." locale="de-DE" />
  689.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, eine Bibliothek zu installieren, die bei jedem Systemstart geladen wird." locale="de-DE" />
  690.                     <messages type="osfwPresentText" value="%process_name% tente d'installer une biblioth├¿que qui devra ├¬tre charg├⌐e ├á chaque d├⌐marrage du syst├¿me" locale="fr-FR" />
  691.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ d'installer une biblioth├¿que devant ├¬tre charg├⌐e ├á chaque d├⌐marrage du syst├¿me" locale="fr-FR" />
  692.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á installer une biblioth├¿que devant ├¬tre charg├⌐e ├á chaque d├⌐marrage du syst├¿me" locale="fr-FR" />
  693.                     <messages type="osfwPresentText" value="%process_name% πü»πé╖πé╣πâåπâáΦ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπâ⌐πéñπâûπâ⌐πâ¬πéÆπéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  694.                     <messages type="osfwPastText" value="%process_name% πü»πé╖πé╣πâåπâáΦ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπâ⌐πéñπâûπâ⌐πâ¬πéÆπéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  695.                     <messages type="osfwBlockedText" value="%process_name% πü»πé╖πé╣πâåπâáΦ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπâ⌐πéñπâûπâ⌐πâ¬πéÆπéñπâ│πé╣πâêπâ╝πâ½πüºπüìπü╛πü¢πéôπüºπüùπüƒ" locale="jp-JA" />
  696.                     <messages type="osfwPresentText" value="%process_name% est├í intentando instalar una biblioteca que se cargar├í cada vez que se inicie el sistema" locale="es-ES" />
  697.                     <messages type="osfwPastText" value="%process_name% estaba intentando instalar una biblioteca que se cargara cada vez que se iniciara el sistema" locale="es-ES" />
  698.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% intente instalar una biblioteca que se cargara cada vez que se iniciara el sistema" locale="es-ES" />
  699.                     <messages type="osfwPresentText" value="%process_name% sta cercando di installare una libreria che sar├á caricata a ogni avvio del sistema" locale="it-IT" />
  700.                     <messages type="osfwPastText" value="%process_name% ha cercato di installare una libreria che sarebbe stata caricata a ogni avvio del sistema" locale="it-IT" />
  701.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di installare una libreria che sarebbe stata caricata a ogni avvio del sistema" locale="it-IT" />
  702.                 </customevent>
  703.                 <customevent id="4011" severityref="suspicious" >
  704.                     <messages type="osfwPresentText" value="%process_name% is trying to prevent a library from being loaded each time your system is started" locale="en-US" />
  705.                     <messages type="osfwPastText" value="%process_name% was trying to prevent a library from being each time your system is started" locale="en-US" />
  706.                     <messages type="osfwBlockedText" value="%process_name% was prevented from trying to prevent a library from being loaded each time your system is started" locale="en-US" />
  707.                     <messages type="osfwPresentText" value="%process_name% versucht zu verhindern, dass eine Bibliothek bei jedem Systemstart geladen wird." locale="de-DE" />
  708.                     <messages type="osfwPastText" value="%process_name% hat versucht zu verhindern, dass eine Bibliothek bei jedem Systemstart geladen wird." locale="de-DE" />
  709.                     <messages type="osfwBlockedText" value="%process_name% wurde am Versuch gehindert, zu verhindern, dass eine Bibliothek bei jedem Systemstart geladen wird." locale="de-DE" />
  710.                     <messages type="osfwPresentText" value="%process_name% tente d'emp├¬cher le chargement d'une biblioth├¿que ├á chaque d├⌐marrage du syst├¿me" locale="fr-FR" />
  711.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ d'emp├¬cher le chargement d'une biblioth├¿que ├á chaque d├⌐marrage du syst├¿me" locale="fr-FR" />
  712.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á emp├¬cher le chargement d'une biblioth├¿que ├á chaque d├⌐marrage du syst├¿me" locale="fr-FR" />
  713.                     <messages type="osfwPresentText" value="%process_name% πü»πé╖πé╣πâåπâáΦ╡╖σïòµÖéπü½πâ⌐πéñπâûπâ⌐πâ¬πüîπâ¡πâ╝πâëπüòπéîπéïπü«πéÆΘÿ▓µ¡óπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  714.                     <messages type="osfwPastText" value="%process_name% πü»πé╖πé╣πâåπâáΦ╡╖σïòµÖéπü½πâ⌐πéñπâûπâ⌐πâ¬πüîπâ¡πâ╝πâëπüòπéîπéïπü«πéÆΘÿ▓µ¡óπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  715.                     <messages type="osfwBlockedText" value="%process_name% πü»πé╖πé╣πâåπâáΦ╡╖σïòµÖéπü½πâ⌐πéñπâûπâ⌐πâ¬πüîπâ¡πâ╝πâëπüòπéîπéïπü«πéÆΘÿ▓µ¡óπüºπüìπü╛πü¢πéôπüºπüùπüƒ" locale="jp-JA" />
  716.                     <messages type="osfwPresentText" value="%process_name% est├í intentando evitar que se cargue ninguna biblioteca cada vez que se inicie el sistema" locale="es-ES" />
  717.                     <messages type="osfwPastText" value="%process_name% estaba intentando evitar que se cargara ninguna biblioteca cada vez que se iniciara el sistema" locale="es-ES" />
  718.                     <messages type="osfwBlockedText" value="Se ha evitado que %process_name% intente evitar que se cargue ninguna biblioteca cada vez que se inicie el sistema" locale="es-ES" />
  719.                     <messages type="osfwPresentText" value="%process_name% sta cercando di impedire il caricamento di una libreria a ogni avvio del sistema" locale="it-IT" />
  720.                     <messages type="osfwPastText" value="%process_name% ha cercato di impedire il caricamento di una libreria a ogni avvio del sistema" locale="it-IT" />
  721.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di bloccare il caricamento di una libreria a ogni avvio del sistema" locale="it-IT" />
  722.                 </customevent>
  723.                 <customevent id="4012" severityref="suspicious" >
  724.                     <messages type="osfwPresentText" value="%process_name% is trying to install a library that will be loaded any time an application is started" locale="en-US" />
  725.                     <messages type="osfwPastText" value="%process_name% was trying to install a library that would be loaded any time an application is started" locale="en-US" />
  726.                     <messages type="osfwBlockedText" value="%process_name% was prevented from installing a library that would be loaded any time an application is started" locale="en-US" />
  727.                     <messages type="osfwPresentText" value="%process_name% versucht, eine Bibliothek zu installieren, die bei jedem Start einer Anwendung geladen wird." locale="de-DE" />
  728.                     <messages type="osfwPastText" value="%process_name% hat versucht, eine Bibliothek zu installieren, die bei jedem Start einer Anwendung geladen wird." locale="de-DE" />
  729.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, eine Bibliothek zu installieren, die bei jedem Start einer Anwendung geladen wird." locale="de-DE" />
  730.                     <messages type="osfwPresentText" value="%process_name% tente d'installer une biblioth├¿que qui devra ├¬tre charg├⌐e ├á chaque lancement d'application" locale="fr-FR" />
  731.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ d'installer une biblioth├¿que devant ├¬tre charg├⌐e ├á chaque lancement d'application" locale="fr-FR" />
  732.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á installer une biblioth├¿que devant ├¬tre charg├⌐e ├á chaque lancement d'application" locale="fr-FR" />
  733.                     <messages type="osfwPresentText" value="%process_name% πü»πéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│Φ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπâ⌐πéñπâûπâ⌐πâ¬πéÆπéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  734.                     <messages type="osfwPastText" value="%process_name% πü»πéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│Φ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπâ⌐πéñπâûπâ⌐πâ¬πéÆπéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  735.                     <messages type="osfwBlockedText" value="%process_name% πü»πéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│Φ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπâ⌐πéñπâûπâ⌐πâ¬πéÆπéñπâ│πé╣πâêπâ╝πâ½πüºπüìπü╛πü¢πéôπüºπüùπüƒ" locale="jp-JA" />
  736.                     <messages type="osfwPresentText" value="%process_name% est├í intentando instalar una biblioteca que se cargara cada vez que se iniciara una aplicaci├│n" locale="es-ES" />
  737.                     <messages type="osfwPastText" value="%process_name% estaba intentando instalar una biblioteca que se cargara cada vez que se iniciara una aplicaci├│n" locale="es-ES" />
  738.                     <messages type="osfwBlockedText" value="Se ha evitado que %process_name% instalara una biblioteca que se cargara cada vez que se iniciara una aplicaci├│n" locale="es-ES" />
  739.                     <messages type="osfwPresentText" value="%process_name% sta cercando di installare una libreria che sar├á caricata allΓÇÖavvio di unΓÇÖapplicazione" locale="it-IT" />
  740.                     <messages type="osfwPastText" value="%process_name% ha cercato di installare una libreria che sarebbe stata caricata allΓÇÖavvio di unΓÇÖapplicazione" locale="it-IT" />
  741.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di installare una libreria che sarebbe stata caricata allΓÇÖavvio di unΓÇÖapplicazione" locale="it-IT" />
  742.                 </customevent>
  743.                 <customevent id="4013" severityref="suspicious" >
  744.                     <messages type="osfwPresentText" value="%process_name% is trying to uninstall a library that should be loaded any time an application is started" locale="en-US" />
  745.                     <messages type="osfwPastText" value="%process_name% was trying to uninstall a library that should be loaded any time an application is started" locale="en-US" />
  746.                     <messages type="osfwBlockedText" value="%process_name% was prevented from uninstalling a library that should be loaded any time an application is started" locale="en-US" />
  747.                     <messages type="osfwPresentText" value="%process_name% versucht, eine Bibliothek zu deinstallieren, die bei jedem Start einer Anwendung geladen werden muss." locale="de-DE" />
  748.                     <messages type="osfwPastText" value="%process_name% hat versucht, eine Bibliothek zu deinstallieren, die bei jedem Start einer Anwendung geladen werden muss." locale="de-DE" />
  749.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, eine Bibliothek zu deinstallieren, die bei jedem Start einer Anwendung geladen werden muss." locale="de-DE" />
  750.                     <messages type="osfwPresentText" value="%process_name% tente de d├⌐sinstaller une biblioth├¿que devant ├¬tre charg├⌐e ├á chaque lancement d'application" locale="fr-FR" />
  751.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de d├⌐sinstaller une biblioth├¿que devant ├¬tre charg├⌐e ├á chaque lancement d'application" locale="fr-FR" />
  752.                     <messages type="osfwBlockedText" value="%process_name% n'as pas r├⌐ussi ├á d├⌐sinstaller une biblioth├¿que devant ├¬tre charg├⌐e ├á chaque lancement d'application" locale="fr-FR" />
  753.                     <messages type="osfwPresentText" value="%process_name% πü»πéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│Φ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπü╣πüìπâ⌐πéñπâûπâ⌐πâ¬πéÆπéóπâ│πéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  754.                     <messages type="osfwPastText" value="%process_name% πü»πéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│Φ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπü╣πüìπâ⌐πéñπâûπâ⌐πâ¬πéÆπéóπâ│πéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  755.                     <messages type="osfwBlockedText" value="%process_name% πü»πéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│Φ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπü╣πüìπâ⌐πéñπâûπâ⌐πâ¬πéÆπéóπâ│πéñπâ│πé╣πâêπâ╝πâ½πüºπüìπü╛πü¢πéôπüºπüùπüƒ" locale="jp-JA" />
  756.                     <messages type="osfwPresentText" value="%process_name% est├í intentando desinstalar una biblioteca que se deber├¡a cargar cada vez que se iniciara una aplicaci├│n" locale="es-ES" />
  757.                     <messages type="osfwPastText" value="%process_name% estaba intentando desinstalar una biblioteca que se deber├¡a cargar cada vez que se iniciara una aplicaci├│n" locale="es-ES" />
  758.                     <messages type="osfwBlockedText" value="Se ha evitado que %process_name% desinstalara una biblioteca que se deber├¡a cargar cada vez que se iniciara una aplicaci├│n" locale="es-ES" />
  759.                     <messages type="osfwPresentText" value="%process_name% sta cercando di disinstallare una libreria che deve essere caricata allΓÇÖavvio di unΓÇÖapplicazione" locale="it-IT" />
  760.                     <messages type="osfwPastText" value="%process_name% ha cercato di disinstallare una libreria che avrebbe dovuto essere caricata allΓÇÖavvio di unΓÇÖapplicazione" locale="it-IT" />
  761.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di disinstallare una libreria che avrebbe dovuto essere caricata allΓÇÖavvio di unΓÇÖapplicazione" locale="it-IT" />
  762.                 </customevent>
  763.                 <customevent id="4014" severityref="suspicious" >
  764.                     <messages type="osfwPresentText" value="%process_name% is trying to change the desktop background. The new background may contain a Web page with executable code." locale="en-US" />
  765.                     <messages type="osfwPastText" value="%process_name% was trying to change the desktop background. The new background may contain a Web page with executable code." locale="en-US" />
  766.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing the desktop background. The new background may contain a Web page with executable code." locale="en-US" />
  767.  
  768.                     <messages type="osfwPresentText" value="%process_name% versucht, den Hintergrund des Desktops zu ├ñndern. Der neue Hintergrund enth├ñlt m├╢glicherweise eine Webseite mit ausf├╝hrbarem Code." locale="de-DE" />
  769.                     <messages type="osfwPastText" value="%process_name% hat versucht, den Hintergrund des Desktops zu ├ñndern. Der neue Hintergrund enth├ñlt m├╢glicherweise eine Webseite mit ausf├╝hrbarem Code." locale="de-DE" />
  770.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, den Hintergrund des Desktops zu ├ñndern. Der neue Hintergrund enth├ñlt m├╢glicherweise eine Webseite mit ausf├╝hrbarem Code." locale="de-DE" />
  771.  
  772.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar el fondo de escritorio. El nuevo fondo puede contener una p├ígina Web con un c├│digo ejecutable." locale="es-ES" />
  773.                     <messages type="osfwPastText" value="%process_name% estaba intentando cambiar el fondo de escritorio. El nuevo fondo puede contener una p├ígina Web con un c├│digo ejecutable." locale="es-ES" />
  774.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambiara el fondo de escritorio. El nuevo fondo puede contener una p├ígina Web con un c├│digo ejecutable." locale="es-ES" />
  775.  
  776.                     <messages type="osfwPresentText" value="%process_name% tente de changer l'arri├¿re-plan du bureau. Le nouvel arri├¿re-plan peut contenir une page Web avec un code ex├⌐cutable." locale="fr-FR" />
  777.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de changer l'arri├¿re-plan du bureau. Le nouvel arri├¿re-plan peut contenir une page Web avec un code ex├⌐cutable." locale="fr-FR" />
  778.                     <messages type="osfwBlockedText" value="%process_name% n'a pas ├⌐t├⌐ autoris├⌐ ├á changer l'arri├¿re-plan du bureau. Le nouvel arri├¿re-plan peut contenir une page Web avec un code ex├⌐cutable." locale="fr-FR" />
  779.  
  780.                     <messages type="osfwPresentText" value="%process_name% sta cercando di modificare lo sfondo del desktop. Il nuovo sfondo potrebbe contenere una pagina Web con codice eseguibile." locale="it-IT" />
  781.                     <messages type="osfwPastText" value="%process_name% ha cercato di modificare lo sfondo del desktop. Il nuovo sfondo potrebbe contenere una pagina Web con codice eseguibile." locale="it-IT" />
  782.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare lo sfondo del desktop. Il nuovo sfondo potrebbe contenere una pagina Web con codice eseguibile." locale="it-IT" />
  783.  
  784.                     <messages type="osfwPresentText" value="%process_name% πü»πâçπé╣πé»πâêπââπâù πâÉπââπé»πé░πâ⌐πéªπâ│πâëπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖπÇéµû░πüùπüäπâÉπââπé»πé░πâ⌐πéªπâ│πâëπü»σ«ƒΦíîσÅ»Φâ╜πé│πâ╝πâëπéÆσɽπéÇ Web πâÜπâ╝πé╕πéÆσɽπéôπüºπüäπéïπüôπü¿πüîπüéπéèπü╛πüÖπÇé" locale="jp-JA" />
  785.                     <messages type="osfwPastText" value="%process_name% πü»πâçπé╣πé»πâêπââπâù πâÉπââπé»πé░πâ⌐πéªπâ│πâëπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒπÇéµû░πüùπüäπâÉπââπé»πé░πâ⌐πéªπâ│πâëπü»σ«ƒΦíîσÅ»Φâ╜πé│πâ╝πâëπéÆσɽπéÇ Web πâÜπâ╝πé╕πéÆσɽπéôπüºπüäπéïπüôπü¿πüîπüéπéèπü╛πüÖπÇé" locale="jp-JA" />
  786.                     <messages type="osfwBlockedText" value="%process_name% πüîπâçπé╣πé»πâêπââπâù πâÉπââπé»πé░πâ⌐πéªπâ│πâëπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ╗µ¡óπüùπü╛πüùπüƒπÇéµû░πüùπüäπâÉπââπé»πé░πâ⌐πéªπâ│πâëπü»σ«ƒΦíîσÅ»Φâ╜πé│πâ╝πâëπéÆσɽπéÇ Web πâÜπâ╝πé╕πéÆσɽπéôπüºπüäπéïπüôπü¿πüîπüéπéèπü╛πüÖπÇé" locale="jp-JA" />
  787.  
  788.                 </customevent>
  789.                 <customevent id="4015" severityref="suspicious" >
  790.                     <messages type="osfwPresentText" value="%process_name% is trying to change your browser settings or options." locale="en-US" />
  791.                     <messages type="osfwPastText" value="%process_name% was trying to change your browser settings or options." locale="en-US" />
  792.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing your browser settings or options." locale="en-US" />
  793.  
  794.                     <messages type="osfwPresentText" value="%process_name% versucht, die Einstellungen oder Optionen Ihres Browsers zu ├ñndern." locale="de-DE" />
  795.                     <messages type="osfwPastText" value="%process_name% hat versucht, die Einstellungen oder Optionen Ihres Browsers zu ├ñndern." locale="de-DE" />
  796.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Einstellungen oder Optionen Ihres Browsers zu ├ñndern." locale="de-DE" />
  797.  
  798.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n o las opciones del navegador" locale="es-ES" />
  799.                     <messages type="osfwPastText" value="%process_name% estaba intentando cambiar la configuraci├│n o las opciones del navegador" locale="es-ES" />
  800.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambie la configuraci├│n o las opciones del navegador" locale="es-ES" />
  801.  
  802.                     <messages type="osfwPresentText" value="%process_name% tente de modifier les param├¿tres ou les options de votre navigateur." locale="fr-FR" />
  803.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier les param├¿tres ou les options de votre navigateur." locale="fr-FR" />
  804.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier les param├¿tres ou les options de votre navigateur." locale="fr-FR" />
  805.  
  806.                     <messages type="osfwPresentText" value="%process_name% sta cercando di modificare le impostazioni o le opzioni del browser." locale="it-IT" />
  807.                     <messages type="osfwPastText" value="%process_name% ha cercato di modificare le impostazioni o le opzioni del browser." locale="it-IT" />
  808.                     <messages type="osfwBlockedText" value="%process_name% ha impedito la modifica delle impostazioni o delle opzioni del browser." locale="it-IT" />
  809.  
  810.                     <messages type="osfwPresentText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«Φ¿¡σ«Üπüéπéïπüäπü»πé¬πâùπé╖πâºπâ│πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  811.                     <messages type="osfwPastText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«Φ¿¡σ«Üπüéπéïπüäπü»πé¬πâùπé╖πâºπâ│πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  812.                     <messages type="osfwBlockedText" value="%process_name% πüîπâûπâ⌐πéªπé╢πü«Φ¿¡σ«Üπüéπéïπüäπü»πé¬πâùπé╖πâºπâ│πéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  813.  
  814.                 </customevent>
  815.  
  816.                 <customevent id="4016" severityref="suspicious" >
  817.                     <messages type="osfwPresentText" value="%process_name% is trying to change your screen saver settings. This may allow a suspicous program to run every time the screen saver is activated." locale="en-US" />
  818.                     <messages type="osfwPastText" value="%process_name% was trying to change your screen saver settings. This may allow a suspicous program to run every time the screen saver is activated." locale="en-US" />
  819.                     <messages type="osfwBlockedText" value="%process_name% was prevented from changing your screen saver settings. This may allow a suspicous program to run every time the screen saver is activated." locale="en-US" />
  820.  
  821.                     <messages type="osfwPresentText" value="%process_name% tente de modifier les param├¿tres de votre ├⌐conomiseur d'├⌐cran. Cette op├⌐ration risque d'autoriser l'ex├⌐cution d'un programme suspect chaque fois que l'├⌐conomiseur d'├⌐cran est activ├⌐." locale="fr-FR" />
  822.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de modifier les param├¿tres de votre ├⌐conomiseur d'├⌐cran. Cette op├⌐ration risque d'autoriser l'ex├⌐cution d'un programme suspect chaque fois que l'├⌐conomiseur d'├⌐cran est activ├⌐." locale="fr-FR"/>
  823.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á modifier les param├¿tres de votre ├⌐conomiseur d'├⌐cran. Cette op├⌐ration risque d'autoriser l'ex├⌐cution d'un programme suspect chaque fois que l'├⌐conomiseur d'├⌐cran est activ├⌐." locale="fr-FR" />
  824.  
  825.                     <messages type="osfwPresentText" value="%process_name% versucht, Ihre Bildschirmschoner-Einstellungen zu ├ñndern. So kann m├╢glicherweise ein verd├ñchtiges Programm bei jeder Aktivierung des Bildschirmschoners ausgef├╝hrt werden." locale="de-DE" />
  826.                     <messages type="osfwPastText" value="%process_name% hat versucht, Ihre Bildschirmschoner-Einstellungen zu ├ñndern. So kann m├╢glicherweise ein verd├ñchtiges Programm bei jeder Aktivierung des Bildschirmschoners ausgef├╝hrt werden." locale="de-DE" />
  827.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Ihre Bildschirmschoner-Einstellungen zu ├ñndern. So kann m├╢glicherweise ein verd├ñchtiges Programm bei jeder Aktivierung des Bildschirmschoners ausgef├╝hrt werden." locale="de-DE" />
  828.  
  829.                     <messages type="osfwPresentText" value="%process_name% sta cercando di modificare le impostazioni dello screensaver. Questo potrebbe consentire lΓÇÖavvio di un programma sospetto allΓÇÖattivazione dello screensaver." locale="it-IT" />
  830.                     <messages type="osfwPastText" value="%process_name% ha cercato di modificare le impostazioni dello screensaver. Questo potrebbe consentire lΓÇÖavvio di un programma sospetto allΓÇÖattivazione dello screensaver." locale="it-IT" />
  831.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di modificare le impostazioni dello screensaver. Questo potrebbe consentire lΓÇÖavvio di un programma sospetto allΓÇÖattivazione dello screensaver." locale="it-IT" />
  832.  
  833.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cambiar la configuraci├│n del protector de pantalla. Esto puede permitir a los programas sospechosos ejecutarse cada vez que el protector de pantalla se active." locale="es-ES" />
  834.                     <messages type="osfwPastText" value="%process_name% estaba intentando cambiar la configuraci├│n del protector de pantalla. Esto puede permitir a los programas sospechosos ejecutarse cada vez que el protector de pantalla se active." locale="es-ES" />
  835.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cambiara la configuraci├│n del protector de pantalla. Esto puede permitir a los programas sospechosos ejecutarse cada vez que el protector de pantalla se active." locale="es-ES" />
  836.  
  837.                     <messages type="osfwPresentText" value="%process_name% πüîπé╣πé»πâ¬πâ╝πâ│ πé╗πâ╝πâÉπâ╝πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖπÇéπüôπéîπü½πéêπéèπÇüπé╣πé»πâ¬πâ╝πâ│ πé╗πâ╝πâÉπâ╝πü«Φ╡╖σïòµÖéπü½τûæπéÅπüùπüäπâùπâ¡πé░πâ⌐πâáπüîσ«ƒΦíîπüòπéîπéïσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖπÇé" locale="jp-JA" />
  838.                     <messages type="osfwPastText" value="%process_name% πüîπé╣πé»πâ¬πâ╝πâ│ πé╗πâ╝πâÉπâ╝πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒπÇéπüôπéîπü½πéêπéèπÇüπé╣πé»πâ¬πâ╝πâ│ πé╗πâ╝πâÉπâ╝πü«Φ╡╖σïòµÖéπü½τûæπéÅπüùπüäπâùπâ¡πé░πâ⌐πâáπüîσ«ƒΦíîπüòπéîπéïσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖπÇé" locale="jp-JA" />
  839.                     <messages type="osfwBlockedText" value="%process_name% πüîπé╣πé»πâ¬πâ╝πâ│ πé╗πâ╝πâÉπâ╝πü«Φ¿¡σ«ÜπéÆσñëµ¢┤πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒπÇéπüôπéîπü½πéêπéèπÇüπé╣πé»πâ¬πâ╝πâ│ πé╗πâ╝πâÉπâ╝πü«Φ╡╖σïòµÖéπü½τûæπéÅπüùπüäπâùπâ¡πé░πâ⌐πâáπüîσ«ƒΦíîπüòπéîπéïσÅ»Φâ╜µÇºπüîπüéπéèπü╛πüÖπÇé" locale="jp-JA" />
  840.                 </customevent>
  841.  
  842.                 <customevent id="4017" severityref="suspicious" >
  843.                     <messages type="osfwPresentText" value="%process_name% is trying to install an application to run each time your computer is started." locale="en-US" />
  844.                     <messages type="osfwPastText" value="%process_name% was trying to install an application to run each time your computer is started." locale="en-US" />
  845.                     <messages type="osfwBlockedText" value="%process_name% was prevented from installing an application to run each time your computer is started." locale="en-US" />
  846.  
  847.                     <messages type="osfwPresentText" value="%process_name% tente d'installer une application qui sera ex├⌐cut├⌐e ├á chaque d├⌐marrage de l'ordinateur." locale="fr-FR" />
  848.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ d'installer une application dont le lancement s'effectue ├á chaque d├⌐marrage de l'ordinateur." locale="fr-FR" />
  849.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á installer une application dont le lancement s'effectue ├á chaque d├⌐marrage de l'ordinateur." locale="fr-FR" />
  850.  
  851.                     <messages type="osfwPresentText" value="%process_name% versucht, eine Anwendung zu installieren, die bei jedem Computerstart ausgef├╝hrt wird." locale="de-DE" />
  852.                     <messages type="osfwPastText" value="%process_name% hat versucht, eine Anwendung zu installieren, die bei jedem Computerstart ausgef├╝hrt wird." locale="de-DE" />
  853.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, eine Anwendung zu installieren, die bei jedem Computerstart ausgef├╝hrt wird." locale="de-DE" />
  854.  
  855.                     <messages type="osfwPresentText" value="%process_name% sta cercando di installare unΓÇÖapplicazione che verr├á eseguita a ogni avvio del computer." locale="it-IT" />
  856.                     <messages type="osfwPastText" value="%process_name% ha cercato di installare unΓÇÖapplicazione che verr├á eseguita a ogni avvio del computer." locale="it-IT" />
  857.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di installare unΓÇÖapplicazione che avrebbe dovuto essere eseguita a ogni avvio del computer." locale="it-IT" />
  858.  
  859.                     <messages type="osfwPresentText" value="%process_name% est├í intentando instalar una aplicaci├│n para ejecutar cada vez que el equipo se inicie." locale="es-ES" />
  860.                     <messages type="osfwPastText" value="%process_name% estaba intentando instalar una aplicaci├│n para ejecutar cada vez que el equipo se inicie." locale="es-ES" />
  861.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% instale una aplicaci├│n para ejecutar cada vez que el equipo se inicie." locale="es-ES" />
  862.  
  863.                     <messages type="osfwPresentText" value="%process_name% πüîπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½πéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│πéÆπéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖπÇé" locale="jp-JA" />
  864.                     <messages type="osfwPastText" value="%process_name% πüîπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½πéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│πéÆπéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒπÇé" locale="jp-JA" />
  865.                     <messages type="osfwBlockedText" value="%process_name% πüîπé│πâ│πâöπâÑπâ╝πé┐πü«Φ╡╖σïòπü«πüƒπü│πü½πéóπâùπâ¬πé▒πâ╝πé╖πâºπâ│πéÆπéñπâ│πé╣πâêπâ╝πâ½πüùπéêπüåπü¿πüùπüªπüäπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒπÇé" locale="jp-JA" />
  866.                 </customevent>
  867.  
  868.                 <!-- Normal behavior (5001-5999) -->
  869.  
  870.                 <customevent id="5001" severityref="normal" >
  871.                     <messages type="osfwPresentText" value="%process_name% is trying to load the module: %module%" locale="en-US" />
  872.                     <messages type="osfwPastText" value="%process_name% was trying to load the module: %module%" locale="en-US" />
  873.                     <messages type="osfwBlockedText" value="%process_name% was prevented from loading the module: %module%" locale="en-US" />
  874.                     <messages type="osfwPresentText" value="%process_name% versucht, das folgende Modul zu laden: %module%" locale="de-DE" />
  875.                     <messages type="osfwPastText" value="%process_name% hat versucht, das folgende Modul zu laden: %module%" locale="de-DE" />
  876.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, das folgende Modul zu laden: %module%" locale="de-DE" />
  877.                     <messages type="osfwPresentText" value="%process_name% tente de charger le module : %module%" locale="fr-FR" />
  878.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de charger le module : %module%" locale="fr-FR" />
  879.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á charger le module : %module%" locale="fr-FR" />
  880.                     <messages type="osfwPresentText" value="%process_name% πüîµ¼íπü«πâóπé╕πâÑπâ╝πâ½πéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ:%module%" locale="jp-JA" />
  881.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâóπé╕πâÑπâ╝πâ½πéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ:%module%" locale="jp-JA" />
  882.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâóπé╕πâÑπâ╝πâ½πéÆπâ¡πâ╝πâëπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ:%module%" locale="jp-JA" />
  883.                     <messages type="osfwPresentText" value="%process_name% est├í intentando cargar el m├│dulo: %module%" locale="es-ES" />
  884.                     <messages type="osfwPastText" value="%process_name% ha intentado cargar el m├│dulo: %module%" locale="es-ES" />
  885.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% cargue el m├│dulo: %module%" locale="es-ES" />
  886.                     <messages type="osfwPresentText" value="%process_name% sta cercando di caricare il modulo seguente: %module%" locale="it-IT" />
  887.                     <messages type="osfwPastText" value="%process_name% ha cercato di caricare il modulo seguente: %module%" locale="it-IT" />
  888.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di caricare il modulo seguente: %module%" locale="it-IT" />
  889.                 </customevent>
  890.  
  891.                 <!-- Severity depends upon the target process for the event (6001-6999) -->
  892.  
  893.                 <customevent id="6001" >
  894.                     <messages type="osfwPresentText"  value="%process_name% is trying to communicate with %target_process% by opening its process" locale="en-US" />
  895.                     <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% by opening its process" locale="en-US" />
  896.                     <messages type="osfwBlockedText" value="%process_name% was prevented from to communicating with %target_process% by opening its process" locale="en-US" />
  897.                     <messages type="osfwPresentText"  value="%process_name% versucht, durch ├ûffnen des Prozesses mit %target_process% zu kommunizieren." locale="de-DE" />
  898.                     <messages type="osfwPastText" value="%process_name% hat versucht, durch ├ûffnen des Prozesses mit %target_process% zu kommunizieren." locale="de-DE" />
  899.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, durch ├ûffnen des Prozesses mit %target_process% zu kommunizieren." locale="de-DE" />
  900.                     <messages type="osfwPresentText"  value="%process_name% a tent├⌐ de communiquer avec %target_process% en ouvrant son processus" locale="fr-FR" />
  901.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en ouvrant son processus" locale="fr-FR" />
  902.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en ouvrant son processus" locale="fr-FR" />
  903.                     <messages type="osfwPresentText"  value="%process_name% πüî %target_process% πü«πâùπâ¡πé╗πé╣πéÆπé¬πâ╝πâùπâ│πüùπüªΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  904.                     <messages type="osfwPastText" value="%process_name% πüî %target_process% πü«πâùπâ¡πé╗πé╣πéÆπé¬πâ╝πâùπâ│πüùπüªΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  905.                     <messages type="osfwBlockedText" value="%process_name% πüî %target_process% πü«πâùπâ¡πé╗πé╣πéÆπé¬πâ╝πâùπâ│πüùπüªΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  906.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando comunicarse con %target_process% abriendo su proceso" locale="es-ES" />
  907.                     <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% abriendo su proceso" locale="es-ES" />
  908.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% abriendo su proceso" locale="es-ES" />
  909.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di comunicare con %target_process% aprendo il suo processo" locale="it-IT" />
  910.                     <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% aprendo il suo processo" locale="it-IT" />
  911.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% aprendo il suo processo" locale="it-IT" />
  912.                 </customevent>
  913.                 <customevent id="6002" >
  914.                     <messages type="osfwPresentText"  value="%process_name% is trying to communicate with %target_process% by opening a thread" locale="en-US" />
  915.                     <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% by opening a thread" locale="en-US" />
  916.                     <messages type="osfwBlockedText" value="%process_name% was prevented from communicating with %target_process% by opening a thread" locale="en-US" />
  917.                     <messages type="osfwPresentText"  value="%process_name% versucht, durch ├ûffnen eines Threads mit %target_process% zu kommunizieren." locale="de-DE" />
  918.                     <messages type="osfwPastText" value="%process_name% hat versucht, durch ├ûffnen eines Threads mit %target_process% zu kommunizieren." locale="de-DE" />
  919.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, durch ├ûffnen eines Threads mit %target_process% zu kommunizieren." locale="de-DE" />
  920.                     <messages type="osfwPresentText"  value="%process_name% tente de communiquer avec %target_process% en ouvrant un thread" locale="fr-FR" />
  921.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en ouvrant un thread" locale="fr-FR" />
  922.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en ouvrant un thread" locale="fr-FR" />
  923.                     <messages type="osfwPresentText"  value="%process_name% πüîπé╣πâ¼πââπâëπéÆπé¬πâ╝πâùπâ│πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  924.                     <messages type="osfwPastText" value="%process_name% πüîπé╣πâ¼πââπâëπéÆπé¬πâ╝πâùπâ│πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  925.                     <messages type="osfwBlockedText" value="%process_name% πüîπé╣πâ¼πââπâëπéÆπé¬πâ╝πâùπâ│πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  926.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando comunicarse con %target_process% abriendo un subproceso" locale="es-ES" />
  927.                     <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% abriendo un subproceso" locale="es-ES" />
  928.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% abriendo un subproceso" locale="es-ES" />
  929.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di comunicare con %target_process% aprendo un thread" locale="it-IT" />
  930.                     <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% aprendo un thread" locale="it-IT" />
  931.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% aprendo un thread" locale="it-IT" />
  932.                 </customevent>
  933.                 <customevent id="6003" >
  934.                     <messages type="osfwPresentText"  value="%process_name% is trying to launch %target_process%, or use another program to gain access to privileged resources" locale="en-US" />
  935.                     <messages type="osfwPastText" value="%process_name% was trying to launch %target_process%, or use another program to gain access to privileged resources" locale="en-US" />
  936.                     <messages type="osfwBlockedText" value="%process_name% was prevented from launching %target_process%, or use another program to gain access to privileged resources" locale="en-US" />
  937.                     <messages type="osfwPresentText"  value="%process_name% versucht, %target_process% zu laden oder ein anderes Programm zu verwenden, um Zugriff auf berechtigte Ressourcen zu erhalten." locale="de-DE" />
  938.                     <messages type="osfwPastText" value="%process_name% hat versucht, %target_process% zu laden oder ein anderes Programm zu verwenden, um Zugriff auf berechtigte Ressourcen zu erhalten." locale="de-DE" />
  939.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, %target_process% zu laden oder ein anderes Programm zu verwenden, um Zugriff auf berechtigte Ressourcen zu erhalten." locale="de-DE" />
  940.                     <messages type="osfwPresentText"  value="%process_name% tente de lancer %target_process% ou d'utiliser un autre programme pour acc├⌐der aux ressources privil├⌐gi├⌐es" locale="fr-FR" />
  941.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de lancer %target_process% ou d'utiliser un autre programme pour acc├⌐der aux ressources privil├⌐gi├⌐es" locale="fr-FR" />
  942.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á lancer %target_process% ou utiliser un autre programme pour acc├⌐der aux ressources privil├⌐gi├⌐es" locale="fr-FR" />
  943.                     <messages type="osfwPresentText"  value="%process_name% πüîπÇüµ¿⌐ΘÖÉπü«σ┐àΦªüπü¬πâ¬πé╜πâ╝πé╣πü½πéóπé»πé╗πé╣πüÖπéïπüƒπéüπü½πÇü%target_process% πéÆΦ╡╖σïòπüùπÇüπü╛πüƒπü»σêÑπü«πâùπâ¡πé░πâ⌐πâáπéÆΣ╜┐τö¿πüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  944.                     <messages type="osfwPastText" value="%process_name% πüîπÇüµ¿⌐ΘÖÉπü«σ┐àΦªüπü¬πâ¬πé╜πâ╝πé╣πü½πéóπé»πé╗πé╣πüÖπéïπüƒπéüπü½πÇü%target_process% πéÆΦ╡╖σïòπüùπÇüπü╛πüƒπü»σêÑπü«πâùπâ¡πé░πâ⌐πâáπéÆΣ╜┐τö¿πüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  945.                     <messages type="osfwBlockedText" value="%process_name% πü⌐ΘÖÉπü«σ┐àΦªüπü¬πâ¬πé╜πâ╝πé╣πü½πéóπé»πé╗πé╣πüÖπéïπüƒπéüπü½ %target_process% πéÆΦ╡╖σïòπüùπÇüπü╛πüƒπü»σêÑπü«πâùπâ¡πé░πâ⌐πâáπéÆΣ╜┐τö¿πüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  946.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando ejecutar %target_process% o utilizar otro programa para acceder a recursos con privilegios" locale="es-ES" />
  947.                     <messages type="osfwPastText" value="%process_name% ha intentado ejecutar %target_process% o utilizar otro programa para acceder a recursos con privilegios" locale="es-ES" />
  948.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% ejecute %target_process% o utilice otro programa para acceder a recursos con privilegios" locale="es-ES" />
  949.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di avviare %target_process% o di usare un altro programma per ottenere accesso a risorse privilegiate" locale="it-IT" />
  950.                     <messages type="osfwPastText" value="%process_name% ha cercato di avviare %target_process% o di usare un altro programma per ottenere accesso a risorse privilegiate" locale="it-IT" />
  951.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di avviare %target_process% o di usare un altro programma per ottenere accesso a risorse privilegiate" locale="it-IT" />
  952.                 </customevent>
  953.                 <customevent id="6004" >
  954.                     <messages type="osfwPresentText"  value="%process_name% is trying to start" locale="en-US" />
  955.                     <messages type="osfwPastText" value="%process_name% was trying to start" locale="en-US" />
  956.                     <messages type="osfwBlockedText" value="%process_name% was prevented from starting" locale="en-US" />
  957.                     <messages type="osfwPresentText"  value="%process_name% versucht zu starten." locale="de-DE" />
  958.                     <messages type="osfwPastText" value="%process_name% hat versucht zu starten." locale="de-DE" />
  959.                     <messages type="osfwBlockedText" value="%process_name% wurde am Starten gehindert." locale="de-DE" />
  960.                     <messages type="osfwPresentText"  value="%process_name% tente de d├⌐marrer" locale="fr-FR" />
  961.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de d├⌐marrer" locale="fr-FR" />
  962.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á d├⌐marrer" locale="fr-FR" />
  963.                     <messages type="osfwPresentText"  value="%process_name% πü»Φ╡╖σïòπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  964.                     <messages type="osfwPastText" value="%process_name% πü»Φ╡╖σïòπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  965.                     <messages type="osfwBlockedText" value="%process_name% πü«Φ╡╖σïòπéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  966.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando iniciarse" locale="es-ES" />
  967.                     <messages type="osfwPastText" value="%process_name% ha intentado iniciarse" locale="es-ES" />
  968.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se inicie" locale="es-ES" />
  969.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di effettuare l'avvio" locale="it-IT" />
  970.                     <messages type="osfwPastText" value="%process_name% ha cercato di effettuare l'avvio" locale="it-IT" />
  971.                     <messages type="osfwBlockedText" value="Avvio di %process_name% bloccato" locale="it-IT" />
  972.                 </customevent>
  973.                 <customevent id="6005" >
  974.                     <messages type="osfwPresentText"  value="%process_name% is trying to control the keyboard input of the process: %target_process%" locale="en-US" />
  975.                     <messages type="osfwPastText" value="%process_name% was trying to control the keyboard input of the process: %target_process%" locale="en-US" />
  976.                     <messages type="osfwBlockedText" value="%process_name% was prevented from controlling the keyboard input of the process: %target_process%" locale="en-US" />
  977.                     <messages type="osfwPresentText"  value="%process_name% versucht, die Tastatureingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" />
  978.                     <messages type="osfwPastText" value="%process_name% hat versucht, die Tastatureingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" />
  979.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Tastatureingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" />
  980.                     <messages type="osfwPresentText"  value="%process_name% tente de contr├┤ler l'entr├⌐e clavier du processus : %target_process%" locale="fr-FR" />
  981.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de contr├┤ler l'entr├⌐e clavier du processus : %target_process%" locale="fr-FR" />
  982.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á contr├┤ler l'entr├⌐e clavier du processus : %target_process%" locale="fr-FR" />
  983.                     <messages type="osfwPresentText"  value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πé¡πâ╝πâ£πâ╝πâëσàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %target_process%" locale="jp-JA" />
  984.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πé¡πâ╝πâ£πâ╝πâëσàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %target_process%" locale="jp-JA" />
  985.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πé¡πâ╝πâ£πâ╝πâëσàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %target_process%" locale="jp-JA" />
  986.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando controlar las entradas del teclado del proceso: %target_process%" locale="es-ES" />
  987.                     <messages type="osfwPastText" value="%process_name% ha intentado controlar las entradas del teclado del proceso: %target_process%" locale="es-ES" />
  988.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% controle las entradas del teclado del proceso: %target_process%" locale="es-ES" />
  989.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di controllare l'input da tastiera per il processo seguente: %target_process%" locale="it-IT" />
  990.                     <messages type="osfwPastText" value="%process_name% ha cercato di controllare l'input da tastiera per il processo seguente: %target_process%" locale="it-IT" />
  991.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di controllare l'input da tastiera per il processo seguente: %target_process%" locale="it-IT" />
  992.                 </customevent>
  993.                 <customevent id="6006" >
  994.                     <messages type="osfwPresentText"  value="%process_name% is trying to control the mouse input of the process: %target_process%" locale="en-US" />
  995.                     <messages type="osfwPastText" value="%process_name% was trying to control the mouse input of the process: %target_process%" locale="en-US" />
  996.                     <messages type="osfwBlockedText" value="%process_name% was prevented from controlling the mouse input of the process: %target_process%" locale="en-US" />
  997.                     <messages type="osfwPresentText"  value="%process_name% versucht, die Mauseingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" />
  998.                     <messages type="osfwPastText" value="%process_name% hat versucht, die Mauseingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" />
  999.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, die Mauseingaben des folgenden Prozesses zu steuern: %target_process%" locale="de-DE" />
  1000.                     <messages type="osfwPresentText"  value="%process_name% tente de contr├┤ler l'entr├⌐e souris du processus : %target_process%" locale="fr-FR" />
  1001.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de contr├┤ler l'entr├⌐e souris du processus : %target_process%" locale="fr-FR" />
  1002.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á contr├┤ler l'entr├⌐e souris du processus : %target_process%" locale="fr-FR" />
  1003.                     <messages type="osfwPresentText"  value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πâ₧πéªπé╣σàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %target_process%" locale="jp-JA" />
  1004.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πâ₧πéªπé╣σàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %target_process%" locale="jp-JA" />
  1005.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü«πâ₧πéªπé╣σàÑσè¢πéÆσê╢σ╛íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %target_process%" locale="jp-JA" />
  1006.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando controlar las entradas del mouse del proceso: %target_process%" locale="es-ES" />
  1007.                     <messages type="osfwPastText" value="%process_name% ha intentado controlar las entradas del mouse del proceso: %target_process%" locale="es-ES" />
  1008.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% controle las entradas del mouse del proceso: %target_process%" locale="es-ES" />
  1009.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di controllare l'input tramite mouse per il processo seguente: %target_process%" locale="it-IT" />
  1010.                     <messages type="osfwPastText" value="%process_name% ha cercato di controllare l'input tramite mouse per il processo seguente: %target_process%" locale="it-IT" />
  1011.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di controllare l'input tramite mouse per il processo seguente: %target_process%" locale="it-IT" />
  1012.                 </customevent>
  1013.                 <customevent id="6007" >
  1014.                     <messages type="osfwPresentText"  value="%process_name% is trying to communicate with %target_process% by using DDE" locale="en-US" />
  1015.                     <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% by using DDE" locale="en-US" />
  1016.                     <messages type="osfwBlockedText" value="%process_name% was prevented from communicating with %target_process% by using DDE" locale="en-US" />
  1017.                     <messages type="osfwPresentText"  value="%process_name% versucht, durch Verwenden von DDE mit %target_process% zu kommunizieren." locale="de-DE" />
  1018.                     <messages type="osfwPastText" value="%process_name% hat versucht, durch Verwenden von DDE mit %target_process% zu kommunizieren." locale="de-DE" />
  1019.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, durch Verwenden von DDE mit %target_process% zu kommunizieren." locale="de-DE" />
  1020.                     <messages type="osfwPresentText"  value="%process_name% tente de communiquer avec %target_process% en utilisant DDE" locale="fr-FR" />
  1021.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en utilisant DDE" locale="fr-FR" />
  1022.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en utilisant DDE" locale="fr-FR" />
  1023.                     <messages type="osfwPresentText"  value="%process_name% πüî DDE πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  1024.                     <messages type="osfwPastText" value="%process_name% πüî DDE πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  1025.                     <messages type="osfwBlockedText" value="%process_name% πüî DDE πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  1026.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando comunicarse con %target_process% mediante DDE" locale="es-ES" />
  1027.                     <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% mediante DDE" locale="es-ES" />
  1028.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% mediante DDE" locale="es-ES" />
  1029.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di comunicare con %target_process% utilizzando DDE" locale="it-IT" />
  1030.                     <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% utilizzando DDE" locale="it-IT" />
  1031.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% utilizzando DDE" locale="it-IT" />
  1032.                 </customevent> 
  1033.                 <customevent id="6008" >
  1034.                     <messages type="osfwPresentText"  value="%process_name% is trying to communicate with %target_process% using a programming technique called a callback" locale="en-US" />
  1035.                     <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% using a programming technique called a callback" locale="en-US" />
  1036.                     <messages type="osfwBlockedText" value="%process_name% was prevented from to communicating with %target_process% using a programming technique called a callback" locale="en-US" />
  1037.                     <messages type="osfwPresentText"  value="%process_name% versucht, durch die als Callback (R├╝ckruf) bezeichnete Programmierungsmethode mit %target_process% zu kommunizieren." locale="de-DE" />
  1038.                     <messages type="osfwPastText" value="%process_name% hat versucht, durch die als Callback (R├╝ckruf) bezeichnete Programmierungsmethode mit %target_process% zu kommunizieren." locale="de-DE" />
  1039.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, durch die als Callback (R├╝ckruf) bezeichnete Programmierungsmethode mit %target_process% zu kommunizieren." locale="de-DE" />
  1040.                     <messages type="osfwPresentText"  value="%process_name% tente de communiquer avec %target_process% en utilisant une technique de programmation appel├⌐e le rappel" locale="fr-FR" />
  1041.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en utilisant une technique de programmation appel├⌐e le rappel" locale="fr-FR" />
  1042.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en utilisant une technique de programmation appel├⌐e le rappel" locale="fr-FR" />
  1043.                     <messages type="osfwPresentText"  value="%process_name% πüîπé│πâ╝πâ½πâÉπââπé»πü¿πüäπüåπâùπâ¡πé░πâ⌐πâƒπâ│πé░µèÇΦíôπéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  1044.                     <messages type="osfwPastText" value="%process_name% πüîπé│πâ╝πâ½πâÉπââπé»πü¿πüäπüåπâùπâ¡πé░πâ⌐πâƒπâ│πé░µèÇΦíôπéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  1045.                     <messages type="osfwBlockedText" value="%process_name% πüîπé│πâ╝πâ½πâÉπââπé»πü¿πüäπüåπâùπâ¡πé░πâ⌐πâƒπâ│πé░µèÇΦíôπéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  1046.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando comunicarse con %target_process% mediante una t├⌐cnica de programaci├│n denominada respuesta de llamada" locale="es-ES" />
  1047.                     <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% mediante una t├⌐cnica de programaci├│n denominada respuesta de llamada" locale="es-ES" />
  1048.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% mediante una t├⌐cnica de programaci├│n denominada respuesta de llamada" locale="es-ES" />
  1049.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di comunicare con %target_process% utilizzando una tecnica di programmazione denominata callback" locale="it-IT" />
  1050.                     <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% utilizzando una tecnica di programmazione denominata callback" locale="it-IT" />
  1051.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% utilizzando una tecnica di programmazione denominata callback" locale="it-IT" />
  1052.                 </customevent> 
  1053.                 <customevent id="6009" >
  1054.                     <messages type="osfwPresentText"  value="%process_name% is trying to inject code into: %target_process%" locale="en-US" />
  1055.                     <messages type="osfwPastText" value="%process_name% was trying to inject code into: %target_process%" locale="en-US" />
  1056.                     <messages type="osfwBlockedText" value="%process_name% was prevented from injecting code into: %target_process%" locale="en-US" />
  1057.                     <messages type="osfwPresentText"  value="%process_name% versucht, Code einzubringen in: %target_process%" locale="de-DE" />
  1058.                     <messages type="osfwPastText" value="%process_name% hat versucht, Code einzubringen in: %target_process%" locale="de-DE" />
  1059.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Code einzubringen in: %target_process%" locale="de-DE" />
  1060.                     <messages type="osfwPresentText"  value="%process_name% tente d'ins├⌐rer un code dans : %target_process%" locale="fr-FR" />
  1061.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ d'ins├⌐rer un code dans : %target_process%" locale="fr-FR" />
  1062.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á ins├⌐rer un code dans : %target_process%" locale="fr-FR" />
  1063.                     <messages type="osfwPresentText"  value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü½πé│πâ╝πâëπéƵî┐σàÑπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %target_process%" locale="jp-JA" />
  1064.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü½πé│πâ╝πâëπéƵî┐σàÑπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %target_process%" locale="jp-JA" />
  1065.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πü½πé│πâ╝πâëπéƵî┐σàÑπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %target_process%" locale="jp-JA" />
  1066.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando insertar c├│ndigo en: %target_process%" locale="es-ES" />
  1067.                     <messages type="osfwPastText" value="%process_name% ha intentado insertar c├│ndigo en: %target_process%" locale="es-ES" />
  1068.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% inserte c├│ndigo en: %target_process%" locale="es-ES" />
  1069.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di inserire del codice in: %target_process%" locale="it-IT" />
  1070.                     <messages type="osfwPastText" value="%process_name% ha cercato di inserire del codice in: %target_process%" locale="it-IT" />
  1071.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di inserire del codice in: %target_process%" locale="it-IT" />
  1072.                 </customevent>
  1073.                 <customevent id="6010" >
  1074.                     <messages type="osfwPresentText"  value="%process_name% is trying to terminate: %target_process%" locale="en-US" />
  1075.                     <messages type="osfwPastText" value="%process_name% was trying to terminate: %target_process%" locale="en-US" />
  1076.                     <messages type="osfwBlockedText" value="%process_name% was prevented from terminating: %target_process%" locale="en-US" />
  1077.                     <messages type="osfwPresentText"  value="%process_name% versucht, Folgendes zu beenden: %target_process%" locale="de-DE" />
  1078.                     <messages type="osfwPastText" value="%process_name% hat versucht, Folgendes zu beenden: %target_process%" locale="de-DE" />
  1079.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, Folgendes zu beenden: %target_process%" locale="de-DE" />
  1080.                     <messages type="osfwPresentText"  value="%process_name% tente de terminer : %target_process%" locale="fr-FR" />
  1081.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de terminer : %target_process%" locale="fr-FR" />
  1082.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á terminer : %target_process%" locale="fr-FR" />
  1083.                     <messages type="osfwPresentText"  value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πéÆτ╡éΣ║åπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ: %target_process%" locale="jp-JA" />
  1084.                     <messages type="osfwPastText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πéÆτ╡éΣ║åπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ: %target_process%" locale="jp-JA" />
  1085.                     <messages type="osfwBlockedText" value="%process_name% πüîµ¼íπü«πâùπâ¡πé╗πé╣πéÆτ╡éΣ║åπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ: %target_process%" locale="jp-JA" />
  1086.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando terminar: %target_process%" locale="es-ES" />
  1087.                     <messages type="osfwPastText" value="%process_name% ha intentado terminar: %target_process%" locale="es-ES" />
  1088.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% termine: %target_process%" locale="es-ES" />
  1089.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di terminare: %target_process%" locale="it-IT" />
  1090.                     <messages type="osfwPastText" value="%process_name% ha cercato di terminare: %target_process%" locale="it-IT" />
  1091.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di terminare: %target_process%" locale="it-IT" />
  1092.                 </customevent> 
  1093.                 <customevent id="6011" >
  1094.                     <messages type="osfwPresentText"  value="%process_name% is trying to communicate with %target_process% using Windows messages" locale="en-US" />
  1095.                     <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% using Windows messages" locale="en-US" />
  1096.                     <messages type="osfwBlockedText" value="%process_name% was prevented from communicating with %target_process% using Windows messages" locale="en-US" />
  1097.                     <messages type="osfwPresentText"  value="%process_name% versucht, mit Hilfe von Windows-Meldungen mit %target_process% zu kommunizieren." locale="de-DE" />
  1098.                     <messages type="osfwPastText" value="%process_name% hat versucht, mit Hilfe von Windows-Meldungen mit %target_process% zu kommunizieren." locale="de-DE" />
  1099.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, mit Hilfe von Windows-Meldungen mit %target_process% zu kommunizieren." locale="de-DE" />
  1100.                     <messages type="osfwPresentText"  value="%process_name% tente de communiquer avec %target_process% en utilisant les messages Windows" locale="fr-FR" />
  1101.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% en utilisant les messages Windows" locale="fr-FR" />
  1102.                     <messages type="osfwBlockedText" value="%process_name% n'a pas r├⌐ussi ├á communiquer avec %target_process% en utilisant les messages Windows" locale="fr-FR" />
  1103.                     <messages type="osfwPresentText"  value="%process_name% πüî Windows πâíπââπé╗πâ╝πé╕πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  1104.                     <messages type="osfwPastText" value="%process_name% πüî Windows πâíπââπé╗πâ╝πé╕πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  1105.                     <messages type="osfwBlockedText" value="%process_name% πüî Windows πâíπââπé╗πâ╝πé╕πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüƒπü«πéÆΘÿ▓µ¡óπüùπü╛πüùπüƒ" locale="jp-JA" />
  1106.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando comunicarse con %target_process% mediante mensajes de Windows" locale="es-ES" />
  1107.                     <messages type="osfwPastText" value="%process_name% ha intentado comunicarse con %target_process% mediante mensajes de Windows" locale="es-ES" />
  1108.                     <messages type="osfwBlockedText" value="Se ha impedido que %process_name% se comunique con %target_process% mediante mensajes de Windows" locale="es-ES" />
  1109.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di comunicare con %target_process% utilizzando messaggi di Windows" locale="it-IT" />
  1110.                     <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% utilizzando messaggi di Windows" locale="it-IT" />
  1111.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% utilizzando messaggi di Windows" locale="it-IT" />
  1112.                 </customevent>
  1113.                 <customevent id="6012" >
  1114.                     <messages type="osfwPresentText"  value="%process_name% is trying to communicate with %target_process% using OLE or COM" locale="en-US" />
  1115.                     <messages type="osfwPastText" value="%process_name% was trying to communicate with %target_process% using OLE or COM" locale="en-US" />
  1116.                     <messages type="osfwBlockedText" value="%process_name% was prevented from communicating with %target_process% using OLE or COM" locale="en-US" />
  1117.                     <messages type="osfwPresentText"  value="%process_name% versucht, mit Hilfe von OLE oder COM mit %target_process% zu kommunizieren." locale="de-DE" />
  1118.                     <messages type="osfwPastText" value="%process_name% hat versucht, mit Hilfe von OLE oder COM mit %target_process% zu kommunizieren." locale="de-DE" />
  1119.                     <messages type="osfwBlockedText" value="%process_name% wurde daran gehindert, mit Hilfe von OLE oder COM mit %target_process% zu kommunizieren." locale="de-DE" />
  1120.                     <messages type="osfwPresentText"  value="%process_name% tente de communiquer avec %target_process% via OLE ou COM" locale="fr-FR" />
  1121.                     <messages type="osfwPastText" value="%process_name% a tent├⌐ de communiquer avec %target_process% via OLE ou COM" locale="fr-FR" />
  1122.                     <messages type="osfwBlockedText" value="%process_name% n'as pas r├⌐ussi ├á communiquer avec %target_process% via OLE ou COM" locale="fr-FR" />
  1123.                     <messages type="osfwPresentText"  value="%process_name% πü» OLE πü╛πüƒπü» COM πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüÖ" locale="jp-JA" />
  1124.                     <messages type="osfwPastText" value="%process_name% πü» OLE πü╛πüƒπü» COM πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüùπéêπüåπü¿πüùπüªπüäπü╛πüùπüƒ" locale="jp-JA" />
  1125.                     <messages type="osfwBlockedText" value="%process_name% πü» OLE πü╛πüƒπü» COM πéÆΣ╜┐τö¿πüùπüª %target_process% πü¿ΘÇÜΣ┐íπüºπüìπü╛πü¢πéôπüºπüùπüƒ" locale="jp-JA" />
  1126.                     <messages type="osfwPresentText"  value="%process_name% est├í intentando comunicarse con %target_process% mediante OLE o COM" locale="es-ES" />
  1127.                     <messages type="osfwPastText" value="%process_name% estaba intentando comunicarse con %target_process% mediante OLE o COM" locale="es-ES" />
  1128.                     <messages type="osfwBlockedText" value="Se ha evitado que %process_name% se comunicara con %target_process% mediante OLE o COM" locale="es-ES" />
  1129.                     <messages type="osfwPresentText"  value="%process_name% sta cercando di comunicare con %target_process% utilizzando OLE o COM" locale="it-IT" />
  1130.                     <messages type="osfwPastText" value="%process_name% ha cercato di comunicare con %target_process% utilizzando OLE o COM" locale="it-IT" />
  1131.                     <messages type="osfwBlockedText" value="├ê stato impedito a %process_name% di comunicare con %target_process% utilizzando OLE o COM" locale="it-IT" />
  1132.                 </customevent>
  1133.  
  1134.                 <!-- 
  1135.                      Rulegroups used soley to map events to customevents.  We
  1136.                      can get rid of this if the evententry element is ever
  1137.                      extended to allow specification of customtext.
  1138.                 -->
  1139.                 <!-- ASKING -->
  1140.  
  1141.                 <!-- Malicious behavior -->
  1142.  
  1143.                 <rulegroup name="rg-malwr-ask" customtext="2001" ask="true" />
  1144.  
  1145.                 <!-- Dangerous behavior -->
  1146.  
  1147.                 <rulegroup name="rg-memmp-ask" customtext="3004" ask="true" />
  1148.                 <rulegroup name="rg-glbhook-ask" customtext="3005" ask="true" />
  1149.                 <rulegroup name="rg-drvld-ask" customtext="3006" ask="true" />
  1150.                 <rulegroup name="rg-drvcr-ask" customtext="3007" ask="true" />
  1151.                 <rulegroup name="rg-drvmd-ask" customtext="3008" ask="true" />
  1152.                 <rulegroup name="rg-drvdl-ask" customtext="3009" ask="true" />
  1153.  
  1154.                 <!-- Suspicious behavior -->
  1155.  
  1156.                 <rulegroup name="rg-drvud-ask" customtext="4002" ask="true" />
  1157.                 <rulegroup name="rg-drvct-ask" customtext="4003" ask="true" />
  1158.  
  1159.                 <!-- Normal behavior -->
  1160.  
  1161.                 <rulegroup name="rg-modld-ok" customtext="5001" allow="true" notify="true" />
  1162.  
  1163.                 <!-- Severity depends upon the target process -->
  1164.  
  1165.                 <rulegroup name="rg-openp-ask" customtext="6001" ask="true" />
  1166.                 <rulegroup name="rg-opent-ask" customtext="6002" ask="true" />
  1167.                 <rulegroup name="rg-spawn-ask" customtext="6003" ask="true" />
  1168.                 <rulegroup name="rg-start-ask" customtext="6004" ask="true" />
  1169.                 <rulegroup name="rg-keybd-ask" customtext="6005" ask="true" />
  1170.                 <rulegroup name="rg-mouse-ask" customtext="6006" ask="true" />
  1171.                 <rulegroup name="rg-ddein-ask" customtext="6007" ask="true" />
  1172.                 <rulegroup name="rg-callb-ask" customtext="6008" ask="true" />
  1173.                 <rulegroup name="rg-whook-ask" customtext="6009" ask="true" />
  1174.                 <rulegroup name="rg-termp-ask" customtext="6010" ask="true" />
  1175.                 <rulegroup name="rg-msg-ask" customtext="6011" ask="true" />
  1176.                 <rulegroup name="rg-olecn-ask" customtext="6012" ask="true" />
  1177.  
  1178.  
  1179.                 <!-- BLOCKING -->
  1180.                 <!-- Malicious behavior -->
  1181.  
  1182.                 <rulegroup name="rg-malwr-blk" customtext="2001" allow="false" notify="true" />
  1183.  
  1184.                 <!-- Dangerous behavior -->
  1185.  
  1186.                 <rulegroup name="rg-memmp-blk" customtext="3004" allow="false" notify="true" />
  1187.                 <rulegroup name="rg-glbhook-blk" customtext="3005" allow="false" notify="true" />
  1188.                 <rulegroup name="rg-drvld-blk" customtext="3006" allow="false" notify="true" />
  1189.                 <rulegroup name="rg-drvcr-blk" customtext="3007" allow="false" notify="true" />
  1190.                 <rulegroup name="rg-drvmd-blk" customtext="3008" allow="false" notify="true" />
  1191.                 <rulegroup name="rg-drvdl-blk" customtext="3009" allow="false" notify="true" />
  1192.  
  1193.  
  1194.                 <!-- Suspicious behavior -->
  1195.  
  1196.                 <rulegroup name="rg-drvud-blk" customtext="4002" allow="false" notify="true" />
  1197.                 <rulegroup name="rg-drvct-blk" customtext="4003" allow="false" notify="true" />
  1198.  
  1199.  
  1200.                 <rulegroup name="rg-regall-blk" customtext="4005" allow="false" notify="true" />
  1201.  
  1202.    
  1203.                                 <!-- Severity depends upon the target process -->
  1204.  
  1205.                 <rulegroup name="rg-openp-blk" customtext="6001" allow="false" notify="true" />
  1206.                 <rulegroup name="rg-opent-blk" customtext="6002" allow="false" notify="true" />
  1207.                 <rulegroup name="rg-spawn-blk" customtext="6003" allow="false" notify="true" />
  1208.                 <rulegroup name="rg-start-blk" customtext="6004" allow="false" notify="true" />
  1209.                 <rulegroup name="rg-keybd-blk" customtext="6005" allow="false" notify="true" />
  1210.                 <rulegroup name="rg-mouse-blk" customtext="6006" allow="false" notify="true" />
  1211.                 <rulegroup name="rg-ddein-blk" customtext="6007" allow="false" notify="true" />
  1212.                 <rulegroup name="rg-callb-blk" customtext="6008" allow="false" notify="true" />
  1213.                 <rulegroup name="rg-whook-blk" customtext="6009" allow="false" notify="true" />
  1214.                 <rulegroup name="rg-termp-blk" customtext="6010" allow="false" notify="true" />
  1215.                 <rulegroup name="rg-msg-blk" customtext="6011" allow="false" notify="true" />
  1216.                 <rulegroup name="rg-olecn-blk" customtext="6012" allow="false" notify="true" />
  1217.  
  1218.                 <!-- Protect IE Settings -->
  1219.  
  1220.                 <!-- Allow IE Settings -->
  1221.  
  1222.                 <!-- Default search page -->
  1223.                 <rulegroup name="a-ie-srchdef">
  1224.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1225.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1226.                         <itementry param="value" operator="equalnocase" type="ansi" value="Default_Search_URL"/>
  1227.                     </ruleentry>
  1228.                 </rulegroup>
  1229.  
  1230.                 <!-- Allow default search URL -->
  1231.                 <rulegroup name="a-ie-search1">
  1232.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1233.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" />
  1234.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" />
  1235.                     </ruleentry>
  1236.                 </rulegroup>
  1237.                 <rulegroup name="a-ie-search2">
  1238.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1239.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" />
  1240.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" />
  1241.                     </ruleentry>
  1242.                 </rulegroup>
  1243.                 <rulegroup name="a-ie-search3">
  1244.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1245.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" />
  1246.                         <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" />
  1247.                     </ruleentry>
  1248.                 </rulegroup>
  1249.                 <rulegroup name="a-ie-search4">
  1250.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1251.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" />
  1252.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" />
  1253.                     </ruleentry>
  1254.                 </rulegroup>
  1255.                 <rulegroup name="a-ie-search5">
  1256.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1257.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" />
  1258.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" />
  1259.                     </ruleentry>
  1260.                 </rulegroup>
  1261.                 <rulegroup name="a-ie-search6">
  1262.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1263.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" />
  1264.                         <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" />
  1265.                     </ruleentry>
  1266.                 </rulegroup>
  1267.                 <rulegroup name="a-ie-search7">
  1268.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1269.                         <!-- Defines Internet Search Engines -->
  1270.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer" />
  1271.                         <itementry param="value" operator="equalnocase" type="ansi" value="SearchUrl" />
  1272.                     </ruleentry>
  1273.                 </rulegroup>
  1274.                 <rulegroup name="a-ie-search8">
  1275.                     <ruleentry event="registry" match="any" allow="true" customtext="4006">
  1276.                         <!-- CLSID of App (URL Search Hook object) that defines a custom network protocol -->
  1277.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" />
  1278.                     </ruleentry>
  1279.                 </rulegroup>
  1280.                 <rulegroup name="a-ie-search9">
  1281.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1282.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1283.                         <itementry param="value" operator="equalnocase" type="ansi" value="Search Page"/>
  1284.                     </ruleentry>
  1285.                 </rulegroup>
  1286.                 <rulegroup name="a-ie-search10">
  1287.                     <ruleentry event="registry" match="all" allow="true" customtext="4006">
  1288.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main"/>
  1289.                         <itementry param="value" operator="equalnocase" type="ansi" value="Search Page"/>
  1290.                     </ruleentry>
  1291.                 </rulegroup>
  1292.  
  1293.                 <!-- Allow IE Home Page -->
  1294.                 <rulegroup name="a-ie-home1">
  1295.                     <ruleentry event="registry" match="all" allow="true" customtext="4007">
  1296.                         <!-- Defines Internet Search Engines -->
  1297.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main" />
  1298.                         <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" />
  1299.                     </ruleentry>
  1300.                 </rulegroup>
  1301.                 <rulegroup name="a-ie-home2">
  1302.                     <ruleentry event="registry" match="all" allow="true" customtext="4007">
  1303.                         <!-- Defines Internet Search Engines -->
  1304.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main" />
  1305.                         <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" />
  1306.                     </ruleentry>
  1307.                 </rulegroup>
  1308.  
  1309.                 <!-- Allow ActiveX installation -->
  1310.                 <rulegroup name="allow-classes">
  1311.                     <ruleentry event="registry" match="any" allow="true" customtext="3003">
  1312.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes" />
  1313.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes\CLSID" />
  1314.                     </ruleentry>
  1315.                 </rulegroup>
  1316.  
  1317.                 <!-- Allow Startup -->
  1318.                 <rulegroup name="allow-run1">
  1319.                     <ruleentry event="registry" match="any" allow="true" customtext="4001">
  1320.                         <!-- Windows AutoRuns Registry Keys -->
  1321.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Run" />
  1322.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  1323.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" />
  1324.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" />
  1325.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" />
  1326.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  1327.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  1328.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" />
  1329.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  1330.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" />
  1331.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" />
  1332.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" />
  1333.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  1334.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  1335.                     </ruleentry>
  1336.                 </rulegroup>
  1337.                 <rulegroup name="allow-run2">
  1338.                     <ruleentry event="registry" match="all" allow="true" customtext="4001">
  1339.                         <!-- Windows AutoRuns Registry Values -->
  1340.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  1341.                         <itementry param="value" operator="equalnocase" type="ansi" value="Run" />
  1342.                     </ruleentry>
  1343.                 </rulegroup>
  1344.                 <rulegroup name="allow-run3">
  1345.                     <ruleentry event="registry" match="all" allow="true" customtext="4001">
  1346.                         <!-- Windows AutoRuns Registry Values -->
  1347.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  1348.                         <itementry param="value" operator="equalnocase" type="ansi" value="Load" />
  1349.                     </ruleentry>
  1350.                 </rulegroup>
  1351.                 <rulegroup name="allow-run4">
  1352.                     <ruleentry event="registry" match="all" allow="true" customtext="4001">
  1353.                         <!-- Windows AutoRuns Registry Values -->
  1354.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  1355.                         <itementry param="value" operator="equalnocase" type="ansi" value="Userinit" />
  1356.                     </ruleentry>
  1357.                 </rulegroup>
  1358.                 <rulegroup name="allow-run5">
  1359.                     <ruleentry event="registry" match="all" allow="true" customtext="4001">
  1360.                         <!-- Windows AutoRuns Registry Values -->
  1361.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  1362.                         <itementry param="value" operator="equalnocase" type="ansi" value="Shell" />
  1363.                     </ruleentry>
  1364.                 </rulegroup>
  1365.                 <rulegroup name="allow-run6">
  1366.                     <ruleentry event="registry" match="all" allow="true" customtext="4010">
  1367.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" />
  1368.                     </ruleentry>
  1369.                 </rulegroup>
  1370.  
  1371.                 <!-- Default local page -->
  1372.                 <rulegroup name="blk-ie-lcpage1">
  1373.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4008">
  1374.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1375.                         <itementry param="value" operator="equalnocase" type="ansi" value="Local Page"/>
  1376.                     </ruleentry>
  1377.                 </rulegroup>
  1378.  
  1379.                 <rulegroup name="blk-ie-lcpage2">
  1380.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4008">
  1381.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main"/>
  1382.                         <itementry param="value" operator="equalnocase" type="ansi" value="Local Page"/>
  1383.                     </ruleentry>
  1384.                 </rulegroup>
  1385.  
  1386.                 <!-- Default start page -->
  1387.                 <rulegroup name="blk-ie-stpgdef">
  1388.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4008">
  1389.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1390.                         <itementry param="value" operator="equalnocase" type="ansi" value="Default_Page_URL"/>
  1391.                     </ruleentry>
  1392.                 </rulegroup>
  1393.  
  1394.                 <!-- Default search page -->
  1395.                 <rulegroup name="blk-ie-srchdef">
  1396.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1397.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1398.                         <itementry param="value" operator="equalnocase" type="ansi" value="Default_Search_URL"/>
  1399.                     </ruleentry>
  1400.                 </rulegroup>
  1401.  
  1402.                 <!-- Block default search URL -->
  1403.                 <rulegroup name="blk-ie-search1">
  1404.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1405.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" />
  1406.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" />
  1407.                     </ruleentry>
  1408.                 </rulegroup>
  1409.                 <rulegroup name="blk-ie-search2">
  1410.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1411.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" />
  1412.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" />
  1413.                     </ruleentry>
  1414.                 </rulegroup>
  1415.                 <rulegroup name="blk-ie-search3">
  1416.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1417.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" />
  1418.                         <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" />
  1419.                     </ruleentry>
  1420.                 </rulegroup>
  1421.                 <rulegroup name="blk-ie-search4">
  1422.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1423.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" />
  1424.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" />
  1425.                     </ruleentry>
  1426.                 </rulegroup>
  1427.                 <rulegroup name="blk-ie-search5">
  1428.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1429.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" />
  1430.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" />
  1431.                     </ruleentry>
  1432.                 </rulegroup>
  1433.                 <rulegroup name="blk-ie-search6">
  1434.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1435.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" />
  1436.                         <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" />
  1437.                     </ruleentry>
  1438.                 </rulegroup>
  1439.                 <rulegroup name="blk-ie-search7">
  1440.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1441.                         <!-- Defines Internet Search Engines -->
  1442.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer" />
  1443.                         <itementry param="value" operator="equalnocase" type="ansi" value="SearchUrl" />
  1444.                     </ruleentry>
  1445.                 </rulegroup>
  1446.                 <rulegroup name="blk-ie-search8">
  1447.                     <ruleentry event="registry" match="any" allow="false" notify="true" customtext="4006">
  1448.                         <!-- CLSID of App (URL Search Hook object) that defines a custom network protocol -->
  1449.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" />
  1450.                     </ruleentry>
  1451.                 </rulegroup>
  1452.                 <rulegroup name="blk-ie-search9">
  1453.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1454.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1455.                         <itementry param="value" operator="equalnocase" type="ansi" value="Search Page"/>
  1456.                     </ruleentry>
  1457.                 </rulegroup>
  1458.                 <rulegroup name="blk-ie-search10">
  1459.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4006">
  1460.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main"/>
  1461.                         <itementry param="value" operator="equalnocase" type="ansi" value="Search Page"/>
  1462.                     </ruleentry>
  1463.                 </rulegroup>
  1464.  
  1465.                 <!-- Block IE Home Page -->
  1466.                 <rulegroup name="blk-ie-home1">
  1467.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4007">
  1468.                         <!-- Defines Internet Search Engines -->
  1469.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main" />
  1470.                         <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" />
  1471.                     </ruleentry>
  1472.                 </rulegroup>
  1473.                 <rulegroup name="blk-ie-home2">
  1474.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4007">
  1475.                         <!-- Defines Internet Search Engines -->
  1476.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main" />
  1477.                         <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" />
  1478.                     </ruleentry>
  1479.                 </rulegroup>
  1480.  
  1481.                 <!-- Allow hosts -->
  1482.                 <rulegroup name="allow-hosts">
  1483.                     <ruleentry event="file" match="any" allow="true" customtext="3001">
  1484.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\etc\hosts" />
  1485.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\etc\lmhosts" />
  1486.                     </ruleentry>
  1487.                 </rulegroup>
  1488.  
  1489.                 <!-- Ask IE Settings -->
  1490.  
  1491.                 <!-- Default local page -->
  1492.                 <rulegroup name="ask-ie-lcpage1">
  1493.                     <ruleentry event="registry" match="all" ask="true" customtext="4008">
  1494.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1495.                         <itementry param="value" operator="equalnocase" type="ansi" value="Local Page"/>
  1496.                     </ruleentry>
  1497.                 </rulegroup>
  1498.  
  1499.                 <rulegroup name="ask-ie-lcpage2">
  1500.                     <ruleentry event="registry" match="all" ask="true" customtext="4008">
  1501.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main"/>
  1502.                         <itementry param="value" operator="equalnocase" type="ansi" value="Local Page"/>
  1503.                     </ruleentry>
  1504.                 </rulegroup>
  1505.  
  1506.                 <!-- Default start page -->
  1507.                 <rulegroup name="ask-ie-stpgdef">
  1508.                     <ruleentry event="registry" match="all" ask="true" customtext="4008">
  1509.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1510.                         <itementry param="value" operator="equalnocase" type="ansi" value="Default_Page_URL"/>
  1511.                     </ruleentry>
  1512.                 </rulegroup>
  1513.  
  1514.                 <!-- Default search page -->
  1515.                 <rulegroup name="ask-ie-srchdef">
  1516.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1517.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1518.                         <itementry param="value" operator="equalnocase" type="ansi" value="Default_Search_URL"/>
  1519.                     </ruleentry>
  1520.                 </rulegroup>
  1521.  
  1522.                 <!-- Ask default search URL -->
  1523.                 <rulegroup name="ask-ie-search1">
  1524.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1525.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" />
  1526.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" />
  1527.                     </ruleentry>
  1528.                 </rulegroup>
  1529.                 <rulegroup name="ask-ie-search2">
  1530.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1531.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" />
  1532.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" />
  1533.                     </ruleentry>
  1534.                 </rulegroup>
  1535.                 <rulegroup name="ask-ie-search3">
  1536.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1537.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Search" />
  1538.                         <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" />
  1539.                     </ruleentry>
  1540.                 </rulegroup>
  1541.                 <rulegroup name="ask-ie-search4">
  1542.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1543.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" />
  1544.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomizeSearch" />
  1545.                     </ruleentry>
  1546.                 </rulegroup>
  1547.                 <rulegroup name="ask-ie-search5">
  1548.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1549.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" />
  1550.                         <itementry param="value" operator="equalnocase" type="ansi" value="CustomSearch" />
  1551.                     </ruleentry>
  1552.                 </rulegroup>
  1553.                 <rulegroup name="ask-ie-search6">
  1554.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1555.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Search" />
  1556.                         <itementry param="value" operator="equalnocase" type="ansi" value="SearchAssistant" />
  1557.                     </ruleentry>
  1558.                 </rulegroup>
  1559.                 <rulegroup name="ask-ie-search7">
  1560.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1561.                         <!-- Defines Internet Search Engines -->
  1562.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer" />
  1563.                         <itementry param="value" operator="equalnocase" type="ansi" value="SearchUrl" />
  1564.                     </ruleentry>
  1565.                 </rulegroup>
  1566.                 <rulegroup name="ask-ie-search8">
  1567.                     <ruleentry event="registry" match="any" ask="true" customtext="4006">
  1568.                         <!-- CLSID of App (URL Search Hook object) that defines a custom network protocol -->
  1569.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" />
  1570.                     </ruleentry>
  1571.                 </rulegroup>
  1572.                 <rulegroup name="ask-ie-search9">
  1573.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1574.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main"/>
  1575.                         <itementry param="value" operator="equalnocase" type="ansi" value="Search Page"/>
  1576.                     </ruleentry>
  1577.                 </rulegroup>
  1578.  
  1579.                 <rulegroup name="ask-ie-search10">
  1580.                     <ruleentry event="registry" match="all" ask="true" customtext="4006">
  1581.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main"/>
  1582.                         <itementry param="value" operator="equalnocase" type="ansi" value="Search Page"/>
  1583.                     </ruleentry>
  1584.                 </rulegroup>
  1585.  
  1586.                 <!-- Ask IE Home Page -->
  1587.                 <rulegroup name="ask-ie-home1">
  1588.                     <ruleentry event="registry" match="all" ask="true" customtext="4007">
  1589.                         <!-- Defines Internet Search Engines -->
  1590.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Main" />
  1591.                         <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" />
  1592.                     </ruleentry>
  1593.                 </rulegroup>
  1594.                 <rulegroup name="ask-ie-home2">
  1595.                     <ruleentry event="registry" match="all" ask="true" customtext="4007">
  1596.                         <!-- Defines Internet Search Engines -->
  1597.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Internet Explorer\Main" />
  1598.                         <itementry param="value" operator="equalnocase" type="ansi" value="Start Page" />
  1599.                     </ruleentry>
  1600.                 </rulegroup>
  1601.  
  1602.                 <!-- Ask about Windows initialization -->
  1603.                 <rulegroup name="prot-winini">
  1604.                     <ruleentry event="file" match="any" ask="true" customtext="3002">
  1605.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\win.ini" />
  1606.                         <itementry param="filename" operator="equalnocase" type="ansi" value="ROOT\autoexec.bat" />
  1607.                         <itementry param="filename" operator="equalnocase" type="ansi" value="ROOT\config.sys" />
  1608.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\system.ini" />
  1609.                     </ruleentry>
  1610.                 </rulegroup>
  1611.                 <!-- Ask about hosts -->
  1612.                 <rulegroup name="prot-hosts">
  1613.                     <ruleentry event="file" match="any" ask="true" customtext="3001">
  1614.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\etc\hosts" />
  1615.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\etc\lmhosts" />
  1616.                     </ruleentry>
  1617.                 </rulegroup>
  1618.                 <rulegroup name="askStartupFolder">
  1619.                     <ruleentry event="file" match="any" ask="true" customtext="4017">
  1620.                         <itementry param="filename" operator="equalnocase" type="ansi" value="STARTUP" context="startupdir" />
  1621.                     </ruleentry>
  1622.                 </rulegroup>
  1623.                 <ruleset name="rs-files-ask" allow="true">
  1624.                     <rulerefentry rulegroupref="prot-hosts"/>
  1625.                     <rulerefentry rulegroupref="askStartupFolder"/>
  1626.                     <rulerefentry rulegroupref="protourfiles"/>
  1627.                 </ruleset>
  1628.  
  1629.                 <!-- Ask IE Desktop Wallpaper -->
  1630.                 <rulegroup name="ask-ie-desktop-wp">
  1631.                     <ruleentry event="registry" match="any" ask="true" customtext="4014">
  1632.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Desktop\General" />
  1633.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Internet Explorer\Desktop\Components" />
  1634.                     </ruleentry>
  1635.                 </rulegroup>
  1636.  
  1637.                 <!-- Ask deletion of Advanced Tab -->
  1638.                 <rulegroup name="prot-ie-advanced-tab">
  1639.                     <ruleentry event="registry" match="all" ask="true" customtext="4015">
  1640.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" />
  1641.                         <itementry param="value" operator="equalnocase" type="ansi" value="AdvancedTab" />
  1642.                     </ruleentry>
  1643.                 </rulegroup>
  1644.  
  1645.                 <!-- Ask deletion of Connections Tab -->
  1646.                 <rulegroup name="prot-ie-connections-tab">
  1647.                     <ruleentry event="registry" match="all" ask="true" customtext="4015">
  1648.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" />
  1649.                         <itementry param="value" operator="equalnocase" type="ansi" value="ConnectionsTab" />
  1650.                     </ruleentry>
  1651.                 </rulegroup>
  1652.  
  1653.                 <!-- Ask deletion of Content Tab -->
  1654.                 <rulegroup name="prot-ie-content-tab">
  1655.                     <ruleentry event="registry" match="all" ask="true" customtext="4015">
  1656.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" />
  1657.                         <itementry param="value" operator="equalnocase" type="ansi" value="ContentTab" />
  1658.                     </ruleentry>
  1659.                 </rulegroup>
  1660.  
  1661.                 <!-- Ask deletion of General Tab -->
  1662.                 <rulegroup name="prot-ie-general-tab">
  1663.                     <ruleentry event="registry" match="all" ask="true" customtext="4015">
  1664.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" />
  1665.                         <itementry param="value" operator="equalnocase" type="ansi" value="GeneralTab" />
  1666.                     </ruleentry>
  1667.                 </rulegroup>
  1668.  
  1669.                 <!-- Ask disable setting of IE HomePage -->
  1670.                 <rulegroup name="prot-ie-homepage">
  1671.                     <ruleentry event="registry" match="all" ask="true" customtext="4015">
  1672.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" />
  1673.                         <itementry param="value" operator="equalnocase" type="ansi" value="HomePage" />
  1674.                     </ruleentry>
  1675.                 </rulegroup>
  1676.  
  1677.                 <!-- Ask deletion of Privacy Tab -->
  1678.                 <rulegroup name="prot-ie-privacy-tab">
  1679.                     <ruleentry event="registry" match="all" ask="true" customtext="4015">
  1680.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" />
  1681.                         <itementry param="value" operator="equalnocase" type="ansi" value="PrivacyTab" />
  1682.                     </ruleentry>
  1683.                 </rulegroup>
  1684.  
  1685.                 <!-- Ask deletion of Programms Tab -->
  1686.                 <rulegroup name="prot-ie-programs-tab">
  1687.                     <ruleentry event="registry" match="all" ask="true" customtext="4015">
  1688.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" />
  1689.                         <itementry param="value" operator="equalnocase" type="ansi" value="ProgramsTab" />
  1690.                     </ruleentry>
  1691.                 </rulegroup>
  1692.  
  1693.                 <!-- Ask deletion of Security Tab -->
  1694.                 <rulegroup name="prot-ie-security-tab">
  1695.                     <ruleentry event="registry" match="all" ask="true" customtext="4015">
  1696.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel" />
  1697.                         <itementry param="value" operator="equalnocase" type="ansi" value="SecurityTab" />
  1698.                     </ruleentry>
  1699.                 </rulegroup>
  1700.  
  1701.                 <rulegroup name="protsysStartup">
  1702.                     <ruleentry event="registry" match="any" ask="true" customtext="4017">
  1703.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup" />
  1704.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts" />
  1705.                     </ruleentry>
  1706.                 </rulegroup>
  1707.  
  1708.                 <rulegroup name="protScreenSaver">
  1709.                     <ruleentry event="registry" match="all" ask="true" customtext="4016">
  1710.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Control Panel\Desktop" />
  1711.                         <itementry param="value" operator="equalnocase" type="ansi" value="Scrnsave.exe" />
  1712.                     </ruleentry>
  1713.                 </rulegroup>
  1714.                 
  1715.                 <!-- Block Windows initialization -->
  1716.                 <rulegroup name="block-winini">
  1717.                     <ruleentry event="file" match="any" ask="true" customtext="3002">
  1718.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\win.ini" />
  1719.                         <itementry param="filename" operator="equalnocase" type="ansi" value="ROOT\autoexec.bat" />
  1720.                         <itementry param="filename" operator="equalnocase" type="ansi" value="ROOT\config.sys" />
  1721.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDIR\system.ini" />
  1722.                     </ruleentry>
  1723.                 </rulegroup>
  1724.                 <!-- Block hosts -->
  1725.                 <rulegroup name="block-hosts">
  1726.                     <ruleentry event="file" match="any" allow="false" notify="true" customtext="3001">
  1727.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\etc\hosts" />
  1728.                         <itementry param="filename" operator="equalnocase" type="ansi" value="WINDRVDIR\etc\lmhosts" />
  1729.                     </ruleentry>
  1730.                 </rulegroup>
  1731.                 <rulegroup name="blockStartupFolder">
  1732.                     <ruleentry event="file" match="any" allow="false" notify="true" customtext="4017">
  1733.                         <itementry param="filename" operator="equalnocase" type="ansi" value="STARTUP" context="startupdir" />
  1734.                     </ruleentry>
  1735.                 </rulegroup>
  1736.  
  1737.                 <ruleset name="rs-files-block" allow="true">
  1738.                     <rulerefentry rulegroupref="block-hosts"/>
  1739.                     <rulerefentry rulegroupref="blockStartupFolder"/>
  1740.                     <rulerefentry rulegroupref="protourfiles"/>
  1741.                 </ruleset>
  1742.  
  1743.                 <!-- Protect our files -->
  1744.                 <ruleset name="rs-files-allow" allow="true">
  1745.                     <rulerefentry rulegroupref="protourfiles"/>
  1746.                 </ruleset>
  1747.  
  1748.                 <!-- Ask about ActiveX installation -->
  1749.                 <rulegroup name="protect-classes">
  1750.                     <ruleentry event="registry" match="any" ask="true" customtext="3003">
  1751.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes" />
  1752.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes\CLSID" />
  1753.                     </ruleentry>
  1754.                 </rulegroup>
  1755.  
  1756.                 <!-- Block ActiveX installation -->
  1757.                 <rulegroup name="block-classes">
  1758.                     <ruleentry event="registry" match="any" allow="false" notify="true" customtext="3003">
  1759.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes" />
  1760.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes\CLSID" />
  1761.                     </ruleentry>
  1762.                 </rulegroup>
  1763.  
  1764.                 <!-- Ask about Startup -->
  1765.                 <rulegroup name="protect-run1">
  1766.                     <ruleentry event="registry" match="any" ask="true" customtext="4001">
  1767.                         <!-- Windows AutoRuns Registry Keys -->
  1768.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Run" />
  1769.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  1770.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" />
  1771.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" />
  1772.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" />
  1773.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  1774.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  1775.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" />
  1776.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  1777.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" />
  1778.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" />
  1779.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" />
  1780.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  1781.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  1782.                     </ruleentry>
  1783.                 </rulegroup>
  1784.                 <rulegroup name="protect-run2">
  1785.                     <ruleentry event="registry" match="all" ask="true" customtext="4001">
  1786.                         <!-- Windows AutoRuns Registry Values -->
  1787.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  1788.                         <itementry param="value" operator="equalnocase" type="ansi" value="Run" />
  1789.                     </ruleentry>
  1790.                 </rulegroup>
  1791.                 <rulegroup name="protect-run3">
  1792.                     <ruleentry event="registry" match="all" ask="true" customtext="4001">
  1793.                         <!-- Windows AutoRuns Registry Values -->
  1794.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  1795.                         <itementry param="value" operator="equalnocase" type="ansi" value="Load" />
  1796.                     </ruleentry>
  1797.                 </rulegroup>
  1798.                 <rulegroup name="protect-run4">
  1799.                     <ruleentry event="registry" match="all" ask="true" customtext="4001">
  1800.                         <!-- Windows AutoRuns Registry Values -->
  1801.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  1802.                         <itementry param="value" operator="equalnocase" type="ansi" value="Userinit" />
  1803.                     </ruleentry>
  1804.                 </rulegroup>
  1805.                 <rulegroup name="protect-run5">
  1806.                     <ruleentry event="registry" match="all" ask="true" customtext="4001">
  1807.                         <!-- Windows AutoRuns Registry Values -->
  1808.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  1809.                         <itementry param="value" operator="equalnocase" type="ansi" value="Shell" />
  1810.                     </ruleentry>
  1811.                 </rulegroup>
  1812.                 <rulegroup name="protect-run5U">
  1813.                     <ruleentry event="registry" match="all" ask="true" customtext="4001">
  1814.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  1815.                         <itementry param="value" operator="equalnocase" type="ansi" value="Shell" />
  1816.                     </ruleentry>
  1817.                 </rulegroup>
  1818.                 <rulegroup name="protlogonSys">
  1819.                     <ruleentry event="registry" match="all" ask="true" customtext="4017">
  1820.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  1821.                         <itementry param="value" operator="equalnocase" type="ansi" value="System" />
  1822.                     </ruleentry>
  1823.                 </rulegroup>
  1824.                 <rulegroup name="protlogonSysU">
  1825.                     <ruleentry event="registry" match="all" ask="true" customtext="4017">
  1826.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  1827.                         <itementry param="value" operator="equalnocase" type="ansi" value="System" />
  1828.                     </ruleentry>
  1829.                 </rulegroup>
  1830.                 <rulegroup name="protlogonGina">
  1831.                     <ruleentry event="registry" match="all" ask="true" customtext="4017">
  1832.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  1833.                         <itementry param="value" operator="equalnocase" type="ansi" value="GinaDLL" />
  1834.                     </ruleentry>
  1835.                 </rulegroup>
  1836.                 <rulegroup name="protlogonTMan">
  1837.                     <ruleentry event="registry" match="all" ask="true" customtext="4017">
  1838.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  1839.                         <itementry param="value" operator="equalnocase" type="ansi" value="Taskman" />
  1840.                     </ruleentry>
  1841.                 </rulegroup>
  1842.                 <rulegroup name="protect-run6">
  1843.                     <ruleentry event="registry" match="all" ask="true" customtext="4010">
  1844.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" />
  1845.                     </ruleentry>
  1846.                 </rulegroup>
  1847.                 <rulegroup name="protImageFExec">
  1848.                     <ruleentry event="registry" match="all" ask="true" customtext="4009">
  1849.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" />
  1850.                     </ruleentry>
  1851.                 </rulegroup>
  1852.                 <rulegroup name="protourExecs">
  1853.                     <ruleentry event="registry" match="any" allow="false" notify="true" customtext="2003">
  1854.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe" />
  1855.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe" />
  1856.                     </ruleentry>
  1857.                 </rulegroup>
  1858.                 <rulegroup name="protAvDatVersion">
  1859.                   <ruleentry event="registry" match="all" allow="false" notify="true" customtext="2003">
  1860.                     <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm" />
  1861.                     <itementry param="value" operator="equalnocase" type="ansi" value="AVDatVersion" />
  1862.                   </ruleentry>
  1863.                 </rulegroup>
  1864.  
  1865.                 <rulegroup name="protAvEngVersion">
  1866.                   <ruleentry event="registry" match="all" allow="false" notify="true" customtext="2003">
  1867.                     <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm" />
  1868.                     <itementry param="value" operator="equalnocase" type="ansi" value="AVEngineVer" />
  1869.                   </ruleentry>
  1870.                 </rulegroup>
  1871.  
  1872.                 <rulegroup name="protAvSDKVersion">
  1873.                   <ruleentry event="registry" match="all" allow="false" notify="true" customtext="2003">
  1874.                     <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Zone Labs\ZoneAlarm" />
  1875.                     <itementry param="value" operator="equalnocase" type="ansi" value="AVSDKVersion" />
  1876.                   </ruleentry>
  1877.                 </rulegroup>
  1878.                 <rulegroup name="protZaRunReg">
  1879.                   <ruleentry event="registry" match="all" allow="false" notify="true" customtext="2003">
  1880.                     <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" />
  1881.                     <itementry param="value" operator="equalnocase" type="ansi" value="ZoneAlarm Client" />
  1882.                   </ruleentry>
  1883.                 </rulegroup>
  1884.                 <rulegroup name="proIFMapWLogon">
  1885.                     <ruleentry event="registry" match="all" ask="true" customtext="4017">
  1886.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini" />
  1887.                         <itementry param="value" operator="equalnocase" type="ansi" value="Winlogon" />
  1888.                     </ruleentry>
  1889.                 </rulegroup>
  1890.                 <rulegroup name="prot-shellex">
  1891.                     <ruleentry event="registry" match="any" ask="true" customtext="4009">
  1892.                         <!-- Executable behavior -->
  1893.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes\exefile\shell\open\command" />
  1894.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes\exefile\shell\runas\command" />
  1895.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Classes\exefile\shell\open\command" />
  1896.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Classes\exefile\shell\runas\command" />
  1897.                     </ruleentry>
  1898.                 </rulegroup>
  1899.                 <rulegroup name="prot-appinit">
  1900.                     <ruleentry event="registry" match="all" ask="true" customtext="4012">
  1901.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" />
  1902.                         <itementry param="value" operator="equalnocase" type="ansi" value="AppInit_DLLs" />
  1903.                     </ruleentry>
  1904.                 </rulegroup>
  1905.                 <rulegroup name="protcmdAutoRun">
  1906.                     <ruleentry event="registry" match="all" ask="true" customtext="4009">
  1907.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Command Processor" />
  1908.                         <itementry param="value" operator="equalnocase" type="ansi" value="AutoRun" />
  1909.                     </ruleentry>
  1910.                 </rulegroup>
  1911.                 <rulegroup name="protcmdAutoRunU">
  1912.                     <ruleentry event="registry" match="all" ask="true" customtext="4009">
  1913.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Microsoft\Command Processor" />
  1914.                         <itementry param="value" operator="equalnocase" type="ansi" value="AutoRun" />
  1915.                     </ruleentry>
  1916.                 </rulegroup>
  1917.                 <rulegroup name="protSecuPack">
  1918.                     <ruleentry event="registry" match="all" ask="true" customtext="4017">
  1919.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Control\Lsa" />
  1920.                         <itementry param="value" operator="equalnocase" type="ansi" value="Security Packages" />
  1921.                     </ruleentry>
  1922.                 </rulegroup>
  1923.                 <rulegroup name="protAuthPack">
  1924.                     <ruleentry event="registry" match="all" ask="true" customtext="4001">
  1925.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Control\Lsa" />
  1926.                         <itementry param="value" operator="equalnocase" type="ansi" value="Authentication Packages" />
  1927.                     </ruleentry>
  1928.                 </rulegroup>
  1929.                 <rulegroup name="protNotiPack">
  1930.                     <ruleentry event="registry" match="all" ask="true" customtext="4001">
  1931.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Control\Lsa" />
  1932.                         <itementry param="value" operator="equalnocase" type="ansi" value="Notification Packages" />
  1933.                     </ruleentry>
  1934.                 </rulegroup>
  1935.                 <rulegroup name="protSessManager">
  1936.                     <ruleentry event="registry" match="all" ask="true" customtext="4017">
  1937.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Control\Session Manager" />
  1938.                         <itementry param="value" operator="equalnocase" type="ansi" value="BootExecute" />
  1939.                     </ruleentry>
  1940.                 </rulegroup>
  1941.                 <rulegroup name="protBootImage">
  1942.                     <ruleentry event="registry" match="all" ask="true" customtext="4017">
  1943.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Control\BootVerificationProgram" />
  1944.                         <itementry param="value" operator="equalnocase" type="ansi" value="ImagePath" />
  1945.                     </ruleentry>
  1946.                 </rulegroup>
  1947.                 <rulegroup name="protDNSLibPath">
  1948.                     <ruleentry event="registry" match="all" ask="true" customtext="4012">
  1949.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCS\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002" />
  1950.                         <itementry param="value" operator="equalnocase" type="ansi" value="LibraryPath" />
  1951.                     </ruleentry>
  1952.                 </rulegroup>
  1953.                 <rulegroup name="protSTScheduler">
  1954.                     <ruleentry event="registry" match="any" ask="true" customtext="4009">
  1955.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" />
  1956.                     </ruleentry>
  1957.                 </rulegroup>
  1958.                 <rulegroup name="protShExecHooks">
  1959.                     <ruleentry event="registry" match="any" ask="true" customtext="4009">
  1960.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" />
  1961.                     </ruleentry>
  1962.                 </rulegroup>
  1963.  
  1964.                 <!-- AskSDenyD registry protection -->
  1965.                 <ruleset name="rs-rega-asdd" allow="true">
  1966.                     <rulerefentry rulegroupref="protect-run1"/>
  1967.                     <rulerefentry rulegroupref="protect-run2"/>
  1968.                     <rulerefentry rulegroupref="protect-run3"/>
  1969.                     <rulerefentry rulegroupref="protect-run4"/>
  1970.                     <rulerefentry rulegroupref="protect-run5"/>
  1971.                     <rulerefentry rulegroupref="prot-shellex"/>
  1972.                     <rulerefentry rulegroupref="prot-appinit"/>
  1973.                     <rulerefentry rulegroupref="ask-ie-srchdef"/>
  1974.                     <rulerefentry rulegroupref="ask-ie-search1"/>
  1975.                     <rulerefentry rulegroupref="ask-ie-search2"/>
  1976.                     <rulerefentry rulegroupref="ask-ie-search3"/>
  1977.                     <rulerefentry rulegroupref="ask-ie-search4"/>
  1978.                     <rulerefentry rulegroupref="ask-ie-search5"/>
  1979.                     <rulerefentry rulegroupref="ask-ie-search6"/>
  1980.                     <rulerefentry rulegroupref="ask-ie-search7"/>
  1981.                     <rulerefentry rulegroupref="ask-ie-search8"/>
  1982.                     <rulerefentry rulegroupref="ask-ie-search9"/>
  1983.                     <rulerefentry rulegroupref="ask-ie-search10"/>
  1984.                     <rulerefentry rulegroupref="ask-ie-home1"/>
  1985.                     <rulerefentry rulegroupref="ask-ie-home2"/>
  1986.                     <rulerefentry rulegroupref="ask-ie-lcpage1"/>
  1987.                     <rulerefentry rulegroupref="ask-ie-lcpage2"/>
  1988.                     <rulerefentry rulegroupref="ask-ie-stpgdef"/>
  1989.                     <rulerefentry rulegroupref="protourreg"/>
  1990.                     <rulerefentry rulegroupref="protourreg1"/>
  1991.                     <rulerefentry rulegroupref="protourreg2"/>
  1992.                     <rulerefentry rulegroupref="protourreg3"/>
  1993.                     <rulerefentry rulegroupref="protZaRunReg"/>
  1994.                     <rulerefentry rulegroupref="protourExecs"/>
  1995.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  1996.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  1997.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  1998.                     <rulerefentry rulegroupref="ask-ie-desktop-wp"/>
  1999.                     <rulerefentry rulegroupref="prot-ie-advanced-tab"/>
  2000.                     <rulerefentry rulegroupref="prot-ie-connections-tab"/>
  2001.                     <rulerefentry rulegroupref="prot-ie-content-tab"/>
  2002.                     <rulerefentry rulegroupref="prot-ie-general-tab"/>
  2003.                     <rulerefentry rulegroupref="prot-ie-homepage"/>
  2004.                     <rulerefentry rulegroupref="prot-ie-privacy-tab"/>
  2005.                     <rulerefentry rulegroupref="prot-ie-programs-tab"/>
  2006.                     <rulerefentry rulegroupref="prot-ie-security-tab"/>
  2007.                     <rulerefentry rulegroupref="protect-run5U"/>
  2008.                     <rulerefentry rulegroupref="protScreenSaver"/>
  2009.                     <rulerefentry rulegroupref="protlogonGina"/>
  2010.                     <rulerefentry rulegroupref="protlogonSys"/>
  2011.                     <rulerefentry rulegroupref="protlogonSysU"/>
  2012.                     <rulerefentry rulegroupref="protlogonTMan"/>
  2013.                     <rulerefentry rulegroupref="protsysStartup"/>
  2014.                     <rulerefentry rulegroupref="protcmdAutoRun"/>
  2015.                     <rulerefentry rulegroupref="protcmdAutoRunU"/>
  2016.                     <rulerefentry rulegroupref="protSecuPack"/>
  2017.                     <rulerefentry rulegroupref="protAuthPack"/>
  2018.                     <rulerefentry rulegroupref="protNotiPack"/>
  2019.                     <rulerefentry rulegroupref="protSessManager"/>
  2020.                     <rulerefentry rulegroupref="protBootImage"/>
  2021.                     <rulerefentry rulegroupref="protImageFExec"/>
  2022.                     <rulerefentry rulegroupref="proIFMapWLogon"/>
  2023.                     <rulerefentry rulegroupref="protDNSLibPath"/>
  2024.                     <rulerefentry rulegroupref="protSTScheduler"/>
  2025.                     <rulerefentry rulegroupref="protShExecHooks"/>
  2026.  
  2027.                 </ruleset>
  2028.  
  2029.                 <!-- AskSD registry protection -->
  2030.                 <ruleset name="rs-rega-asad" allow="true">
  2031.                     <rulerefentry rulegroupref="protect-run1"/>
  2032.                     <rulerefentry rulegroupref="protect-run2"/>
  2033.                     <rulerefentry rulegroupref="protect-run3"/>
  2034.                     <rulerefentry rulegroupref="protect-run4"/>
  2035.                     <rulerefentry rulegroupref="protect-run5"/>
  2036.                     <rulerefentry rulegroupref="protect-run6"/>
  2037.                     <rulerefentry rulegroupref="prot-shellex"/>
  2038.                     <rulerefentry rulegroupref="prot-appinit"/>
  2039.                     <rulerefentry rulegroupref="ask-ie-srchdef"/>
  2040.                     <rulerefentry rulegroupref="ask-ie-search1"/>
  2041.                     <rulerefentry rulegroupref="ask-ie-search2"/>
  2042.                     <rulerefentry rulegroupref="ask-ie-search3"/>
  2043.                     <rulerefentry rulegroupref="ask-ie-search4"/>
  2044.                     <rulerefentry rulegroupref="ask-ie-search5"/>
  2045.                     <rulerefentry rulegroupref="ask-ie-search6"/>
  2046.                     <rulerefentry rulegroupref="ask-ie-search7"/>
  2047.                     <rulerefentry rulegroupref="ask-ie-search8"/>
  2048.                     <rulerefentry rulegroupref="ask-ie-search9"/>
  2049.                     <rulerefentry rulegroupref="ask-ie-search10"/>
  2050.                     <rulerefentry rulegroupref="ask-ie-home1"/>
  2051.                     <rulerefentry rulegroupref="ask-ie-home2"/>
  2052.                     <rulerefentry rulegroupref="ask-ie-lcpage1"/>
  2053.                     <rulerefentry rulegroupref="ask-ie-lcpage2"/>
  2054.                     <rulerefentry rulegroupref="ask-ie-stpgdef"/>
  2055.                     <rulerefentry rulegroupref="protourreg"/>
  2056.                     <rulerefentry rulegroupref="protourreg1"/>
  2057.                     <rulerefentry rulegroupref="protourreg2"/>
  2058.                     <rulerefentry rulegroupref="protourreg3"/>
  2059.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2060.                     <rulerefentry rulegroupref="protourExecs"/>
  2061.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2062.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2063.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2064.                     <rulerefentry rulegroupref="ask-ie-desktop-wp"/>
  2065.                     <rulerefentry rulegroupref="prot-ie-advanced-tab"/>
  2066.                     <rulerefentry rulegroupref="prot-ie-connections-tab"/>
  2067.                     <rulerefentry rulegroupref="prot-ie-content-tab"/>
  2068.                     <rulerefentry rulegroupref="prot-ie-general-tab"/>
  2069.                     <rulerefentry rulegroupref="prot-ie-homepage"/>
  2070.                     <rulerefentry rulegroupref="prot-ie-privacy-tab"/>
  2071.                     <rulerefentry rulegroupref="prot-ie-programs-tab"/>
  2072.                     <rulerefentry rulegroupref="prot-ie-security-tab"/>
  2073.                     <rulerefentry rulegroupref="protect-run5U"/>
  2074.                     <rulerefentry rulegroupref="protScreenSaver"/>
  2075.                     <rulerefentry rulegroupref="protlogonGina"/>
  2076.                     <rulerefentry rulegroupref="protlogonSys"/>
  2077.                     <rulerefentry rulegroupref="protlogonSysU"/>
  2078.                     <rulerefentry rulegroupref="protlogonTMan"/>
  2079.                     <rulerefentry rulegroupref="protsysStartup"/>
  2080.                     <rulerefentry rulegroupref="protcmdAutoRun"/>
  2081.                     <rulerefentry rulegroupref="protcmdAutoRunU"/>
  2082.                     <rulerefentry rulegroupref="protSecuPack"/>
  2083.                     <rulerefentry rulegroupref="protAuthPack"/>
  2084.                     <rulerefentry rulegroupref="protNotiPack"/>
  2085.                     <rulerefentry rulegroupref="protSessManager"/>
  2086.                     <rulerefentry rulegroupref="protBootImage"/>
  2087.                     <rulerefentry rulegroupref="protImageFExec"/>
  2088.                     <rulerefentry rulegroupref="proIFMapWLogon"/>
  2089.                     <rulerefentry rulegroupref="protDNSLibPath"/>
  2090.                     <rulerefentry rulegroupref="protSTScheduler"/>
  2091.                     <rulerefentry rulegroupref="protShExecHooks"/>
  2092.  
  2093.                 </ruleset>
  2094.  
  2095.                 <!-- Ask about Deleting Startup -->
  2096.                 <rulegroup name="askdel-run1">
  2097.                     <ruleentry event="registry" match="any" ask="true" customtext="4004">
  2098.                         <!-- Windows AutoRuns Registry Keys -->
  2099.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Run" />
  2100.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  2101.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  2102.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  2103.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" />
  2104.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  2105.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  2106.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  2107.                     </ruleentry>
  2108.                 </rulegroup>
  2109.                 <rulegroup name="askdel-run2">
  2110.                     <ruleentry event="registry" match="all" ask="true" customtext="4004">
  2111.                         <!-- Windows AutoRuns Registry Values -->
  2112.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  2113.                         <itementry param="value" operator="equalnocase" type="ansi" value="Run" />
  2114.                     </ruleentry>
  2115.                 </rulegroup>
  2116.                 <rulegroup name="askdel-run3">
  2117.                     <ruleentry event="registry" match="all" ask="true" customtext="4004">
  2118.                         <!-- Windows AutoRuns Registry Values -->
  2119.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  2120.                         <itementry param="value" operator="equalnocase" type="ansi" value="Load" />
  2121.                     </ruleentry>
  2122.                 </rulegroup>
  2123.                 <rulegroup name="askdel-run4">
  2124.                     <ruleentry event="registry" match="all" ask="true" customtext="4004">
  2125.                         <!-- Windows AutoRuns Registry Values -->
  2126.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  2127.                         <itementry param="value" operator="equalnocase" type="ansi" value="Userinit" />
  2128.                     </ruleentry>
  2129.                 </rulegroup>
  2130.                 <rulegroup name="askdel-run5">
  2131.                     <ruleentry event="registry" match="all" ask="true" customtext="4004">
  2132.                         <!-- Windows AutoRuns Registry Values -->
  2133.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  2134.                         <itementry param="value" operator="equalnocase" type="ansi" value="Shell" />
  2135.                     </ruleentry>
  2136.                 </rulegroup>
  2137.                 <rulegroup name="askdel-run6">
  2138.                     <ruleentry event="registry" match="all" ask="true" customtext="4011">
  2139.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" />
  2140.                     </ruleentry>
  2141.                 </rulegroup>
  2142.                 <rulegroup name="askdel-appinit">
  2143.                     <ruleentry event="registry" match="all" ask="true" customtext="4013">
  2144.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" />
  2145.                         <itementry param="value" operator="equalnocase" type="ansi" value="AppInit_DLLs" />
  2146.                     </ruleentry>
  2147.                 </rulegroup>
  2148.                 
  2149.                 <!-- AskSDenyD delete registry protection -->
  2150.                 <ruleset name="rs-regd-asdd" allow="true">
  2151.                     <rulerefentry rulegroupref="askdel-run1"/>
  2152.                     <rulerefentry rulegroupref="askdel-run2"/>
  2153.                     <rulerefentry rulegroupref="askdel-run3"/>
  2154.                     <rulerefentry rulegroupref="askdel-run4"/>
  2155.                     <rulerefentry rulegroupref="askdel-run5"/>
  2156.                     <rulerefentry rulegroupref="askdel-run6"/>
  2157.                     <rulerefentry rulegroupref="askdel-appinit"/>
  2158.                     <rulerefentry rulegroupref="protourreg"/>
  2159.                     <rulerefentry rulegroupref="protourreg1"/>
  2160.                     <rulerefentry rulegroupref="protourreg2"/>
  2161.                     <rulerefentry rulegroupref="protourreg3"/>
  2162.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2163.                     <rulerefentry rulegroupref="protourExecs"/>
  2164.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2165.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2166.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2167.                 </ruleset>
  2168.  
  2169.                 <!-- AskSD delete registry protection -->
  2170.                 <ruleset name="rs-regd-asad" allow="true">
  2171.                     <rulerefentry rulegroupref="askdel-run1"/>
  2172.                     <rulerefentry rulegroupref="askdel-run2"/>
  2173.                     <rulerefentry rulegroupref="askdel-run3"/>
  2174.                     <rulerefentry rulegroupref="askdel-run4"/>
  2175.                     <rulerefentry rulegroupref="askdel-run5"/>
  2176.                     <rulerefentry rulegroupref="askdel-run6"/>
  2177.                     <rulerefentry rulegroupref="askdel-appinit"/>
  2178.                     <rulerefentry rulegroupref="protourreg"/>
  2179.                     <rulerefentry rulegroupref="protourreg1"/>
  2180.                     <rulerefentry rulegroupref="protourreg2"/>
  2181.                     <rulerefentry rulegroupref="protourreg3"/>
  2182.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2183.                     <rulerefentry rulegroupref="protourExecs"/>
  2184.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2185.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2186.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2187.                 </ruleset>
  2188.  
  2189.                 <!-- AllowSAskD delete registry protection -->
  2190.                 <ruleset name="rs-regd-sad" allow="true">
  2191.                     <rulerefentry rulegroupref="protourreg"/>
  2192.                     <rulerefentry rulegroupref="protourreg1"/>
  2193.                     <rulerefentry rulegroupref="protourreg2"/>
  2194.                     <rulerefentry rulegroupref="protourreg3"/>
  2195.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2196.                     <rulerefentry rulegroupref="protourExecs"/>
  2197.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2198.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2199.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2200.                 </ruleset>
  2201.  
  2202.                 <!-- AllowSDenyD delete registry protection -->
  2203.                 <ruleset name="rs-regd-sdd" allow="true">
  2204.                     <rulerefentry rulegroupref="protourreg"/>
  2205.                     <rulerefentry rulegroupref="protourreg1"/>
  2206.                     <rulerefentry rulegroupref="protourreg2"/>
  2207.                     <rulerefentry rulegroupref="protourreg3"/>
  2208.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2209.                     <rulerefentry rulegroupref="protourExecs"/>
  2210.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2211.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2212.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2213.                 </ruleset>
  2214.  
  2215.                 <!-- Block Adding Startup -->
  2216.                 <rulegroup name="block-run1">
  2217.                     <ruleentry event="registry" match="any" allow="false" notify="true" customtext="4001">
  2218.                         <!-- Windows AutoRuns Registry Keys -->
  2219.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Run" />
  2220.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  2221.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" />
  2222.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" />
  2223.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" />
  2224.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  2225.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  2226.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" />
  2227.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  2228.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" />
  2229.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" />
  2230.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" />
  2231.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  2232.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  2233.                     </ruleentry>
  2234.                 </rulegroup>
  2235.                 <rulegroup name="block-run2">
  2236.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4001">
  2237.                         <!-- Windows AutoRuns Registry Values -->
  2238.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  2239.                         <itementry param="value" operator="equalnocase" type="ansi" value="Run" />
  2240.                     </ruleentry>
  2241.                 </rulegroup>
  2242.                 <rulegroup name="block-run3">
  2243.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4001">
  2244.                         <!-- Windows AutoRuns Registry Values -->
  2245.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  2246.                         <itementry param="value" operator="equalnocase" type="ansi" value="Load" />
  2247.                     </ruleentry>
  2248.                 </rulegroup>
  2249.                 <rulegroup name="block-run4">
  2250.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4001">
  2251.                         <!-- Windows AutoRuns Registry Values -->
  2252.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  2253.                         <itementry param="value" operator="equalnocase" type="ansi" value="Userinit" />
  2254.                     </ruleentry>
  2255.                 </rulegroup>
  2256.                 <rulegroup name="block-run5">
  2257.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4001">
  2258.                         <!-- Windows AutoRuns Registry Values -->
  2259.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  2260.                         <itementry param="value" operator="equalnocase" type="ansi" value="Shell" />
  2261.                     </ruleentry>
  2262.                 </rulegroup>
  2263.                 <rulegroup name="block-run6">
  2264.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4010">
  2265.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" />
  2266.                     </ruleentry>
  2267.                 </rulegroup>
  2268.                 <rulegroup name="block-shellex">
  2269.                     <ruleentry event="registry" match="any" allow="false" notify="true" customtext="4009">
  2270.                         <!-- Executable behavior -->
  2271.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes\exefile\shell\open\command" />
  2272.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Classes\exefile\shell\runas\command" />
  2273.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Classes\exefile\shell\open\command" />
  2274.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\SOFTWARE\Classes\exefile\shell\runas\command" />
  2275.                     </ruleentry>
  2276.                  </rulegroup>
  2277.                 <rulegroup name="block-appinit">
  2278.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4013">
  2279.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" />
  2280.                         <itementry param="value" operator="equalnocase" type="ansi" value="AppInit_DLLs" />
  2281.                     </ruleentry>
  2282.                 </rulegroup>
  2283.  
  2284.                 <ruleset name="rs-rega-block" allow="true">
  2285.                     <rulerefentry rulegroupref="block-run1"/>
  2286.                     <rulerefentry rulegroupref="block-run2"/>
  2287.                     <rulerefentry rulegroupref="block-run3"/>
  2288.                     <rulerefentry rulegroupref="block-run4"/>
  2289.                     <rulerefentry rulegroupref="block-run5"/>
  2290.                     <rulerefentry rulegroupref="block-run6"/>
  2291.                     <rulerefentry rulegroupref="block-shellex"/>
  2292.                     <rulerefentry rulegroupref="block-appinit"/>
  2293.                     <rulerefentry rulegroupref="blk-ie-search1"/>
  2294.                     <rulerefentry rulegroupref="blk-ie-search2"/>
  2295.                     <rulerefentry rulegroupref="blk-ie-search3"/>
  2296.                     <rulerefentry rulegroupref="blk-ie-search4"/>
  2297.                     <rulerefentry rulegroupref="blk-ie-search5"/>
  2298.                     <rulerefentry rulegroupref="blk-ie-search6"/>
  2299.                     <rulerefentry rulegroupref="blk-ie-search7"/>
  2300.                     <rulerefentry rulegroupref="blk-ie-search8"/>
  2301.                     <rulerefentry rulegroupref="blk-ie-search9"/>
  2302.                     <rulerefentry rulegroupref="blk-ie-search10"/>
  2303.                     <rulerefentry rulegroupref="blk-ie-srchdef" />
  2304.                     <rulerefentry rulegroupref="blk-ie-home1"/>
  2305.                     <rulerefentry rulegroupref="blk-ie-home2"/>
  2306.                     <rulerefentry rulegroupref="blk-ie-lcpage1"/>
  2307.                     <rulerefentry rulegroupref="blk-ie-lcpage2"/>
  2308.                     <rulerefentry rulegroupref="blk-ie-stpgdef"/>
  2309.                     <rulerefentry rulegroupref="protourreg"/>
  2310.                     <rulerefentry rulegroupref="protourreg1"/>
  2311.                     <rulerefentry rulegroupref="protourreg2"/>
  2312.                     <rulerefentry rulegroupref="protourreg3"/>
  2313.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2314.                     <rulerefentry rulegroupref="protourExecs"/>
  2315.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2316.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2317.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2318.                     <rulerefentry rulegroupref="ask-ie-desktop-wp"/>
  2319.                     <rulerefentry rulegroupref="prot-ie-advanced-tab"/>
  2320.                     <rulerefentry rulegroupref="prot-ie-connections-tab"/>
  2321.                     <rulerefentry rulegroupref="prot-ie-content-tab"/>
  2322.                     <rulerefentry rulegroupref="prot-ie-general-tab"/>
  2323.                     <rulerefentry rulegroupref="prot-ie-homepage"/>
  2324.                     <rulerefentry rulegroupref="prot-ie-privacy-tab"/>
  2325.                     <rulerefentry rulegroupref="prot-ie-programs-tab"/>
  2326.                     <rulerefentry rulegroupref="prot-ie-security-tab"/>
  2327.                     <rulerefentry rulegroupref="protect-run5U"/>
  2328.                     <rulerefentry rulegroupref="protScreenSaver"/>
  2329.                     <rulerefentry rulegroupref="protlogonGina"/>
  2330.                     <rulerefentry rulegroupref="protlogonSys"/>
  2331.                     <rulerefentry rulegroupref="protlogonSysU"/>
  2332.                     <rulerefentry rulegroupref="protlogonTMan"/>
  2333.                     <rulerefentry rulegroupref="protsysStartup"/>
  2334.                     <rulerefentry rulegroupref="protcmdAutoRun"/>
  2335.                     <rulerefentry rulegroupref="protcmdAutoRunU"/>
  2336.                     <rulerefentry rulegroupref="protSecuPack"/>
  2337.                     <rulerefentry rulegroupref="protAuthPack"/>
  2338.                     <rulerefentry rulegroupref="protNotiPack"/>
  2339.                     <rulerefentry rulegroupref="protSessManager"/>
  2340.                     <rulerefentry rulegroupref="protBootImage"/>
  2341.                     <rulerefentry rulegroupref="protImageFExec"/>
  2342.                     <rulerefentry rulegroupref="proIFMapWLogon"/>
  2343.                     <rulerefentry rulegroupref="protDNSLibPath"/>
  2344.                     <rulerefentry rulegroupref="protSTScheduler"/>
  2345.                     <rulerefentry rulegroupref="protShExecHooks"/>
  2346.  
  2347.                 </ruleset>
  2348.  
  2349.                 <!-- Block Deleting Startup -->
  2350.                 <rulegroup name="block-run1">
  2351.                     <ruleentry event="registry" match="any" allow="false" notify="true" customtext="4004">
  2352.                         <!-- Windows AutoRuns Registry Keys -->
  2353.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Run" />
  2354.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  2355.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" />
  2356.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" />
  2357.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" />
  2358.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  2359.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  2360.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Run" />
  2361.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices" />
  2362.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" />
  2363.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce" />
  2364.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx" />
  2365.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" />
  2366.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" />
  2367.                     </ruleentry>
  2368.                 </rulegroup>
  2369.                 <rulegroup name="block-run2">
  2370.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4004">
  2371.                         <!-- Windows AutoRuns Registry Values -->
  2372.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  2373.                         <itementry param="value" operator="equalnocase" type="ansi" value="Run" />
  2374.                     </ruleentry>
  2375.                 </rulegroup>
  2376.                 <rulegroup name="block-run3">
  2377.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4004">
  2378.                         <!-- Windows AutoRuns Registry Values -->
  2379.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" />
  2380.                         <itementry param="value" operator="equalnocase" type="ansi" value="Load" />
  2381.                     </ruleentry>
  2382.                 </rulegroup>
  2383.                 <rulegroup name="block-run4">
  2384.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4004">
  2385.                         <!-- Windows AutoRuns Registry Values -->
  2386.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  2387.                         <itementry param="value" operator="equalnocase" type="ansi" value="Userinit" />
  2388.                     </ruleentry>
  2389.                 </rulegroup>
  2390.                 <rulegroup name="block-run5">
  2391.                     <ruleentry event="registry" match="all" allow="false" notify="true" customtext="4004">
  2392.                         <!-- Windows AutoRuns Registry Values -->
  2393.                         <itementry param="key" operator="equalnocase" type="ansi" value="HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" />
  2394.                         <itementry param="value" operator="equalnocase" type="ansi" value="Shell" />
  2395.                     </ruleentry>
  2396.                 </rulegroup>
  2397.  
  2398.                 <ruleset name="rs-regd-block" allow="true">
  2399.                     <rulerefentry rulegroupref="block-run1"/>
  2400.                     <rulerefentry rulegroupref="block-run2"/>
  2401.                     <rulerefentry rulegroupref="block-run3"/>
  2402.                     <rulerefentry rulegroupref="block-run4"/>
  2403.                     <rulerefentry rulegroupref="block-run5"/>
  2404.                     <rulerefentry rulegroupref="block-shellex"/>
  2405.                     <rulerefentry rulegroupref="block-appinit"/>
  2406.                     <rulerefentry rulegroupref="blk-ie-search1"/>
  2407.                     <rulerefentry rulegroupref="blk-ie-search2"/>
  2408.                     <rulerefentry rulegroupref="blk-ie-search3"/>
  2409.                     <rulerefentry rulegroupref="blk-ie-search4"/>
  2410.                     <rulerefentry rulegroupref="blk-ie-search5"/>
  2411.                     <rulerefentry rulegroupref="blk-ie-search6"/>
  2412.                     <rulerefentry rulegroupref="blk-ie-search7"/>
  2413.                     <rulerefentry rulegroupref="blk-ie-search8"/>
  2414.                     <rulerefentry rulegroupref="blk-ie-search9"/>
  2415.                     <rulerefentry rulegroupref="blk-ie-search10"/>
  2416.                     <rulerefentry rulegroupref="blk-ie-srchdef" />
  2417.                     <rulerefentry rulegroupref="blk-ie-home1"/>
  2418.                     <rulerefentry rulegroupref="blk-ie-home2"/>
  2419.                     <rulerefentry rulegroupref="blk-ie-lcpage1"/>
  2420.                     <rulerefentry rulegroupref="blk-ie-lcpage2"/>
  2421.                     <rulerefentry rulegroupref="blk-ie-stpgdef"/>
  2422.                     <rulerefentry rulegroupref="protourreg"/>
  2423.                     <rulerefentry rulegroupref="protourreg1"/>
  2424.                     <rulerefentry rulegroupref="protourreg2"/>
  2425.                     <rulerefentry rulegroupref="protourreg3"/>
  2426.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2427.                     <rulerefentry rulegroupref="protourExecs"/>
  2428.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2429.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2430.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2431.                 </ruleset>
  2432.  
  2433.                 <!-- AllowSD and Protect our keys -->
  2434.                 <ruleset name="rs-reg-allow" allow="true">
  2435.                     <rulerefentry rulegroupref="protourreg"/>
  2436.                     <rulerefentry rulegroupref="protourreg1"/>
  2437.                     <rulerefentry rulegroupref="protourreg2"/>
  2438.                     <rulerefentry rulegroupref="protourreg3"/>
  2439.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2440.                     <rulerefentry rulegroupref="protourExecs"/>
  2441.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2442.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2443.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2444.                 </ruleset>
  2445.  
  2446.                 <!-- AllowSAskD and Protect our keys -->
  2447.                 <ruleset name="rs-rega-sdd" allow="true">
  2448.                     <rulerefentry rulegroupref="protourreg"/>
  2449.                     <rulerefentry rulegroupref="protourreg1"/>
  2450.                     <rulerefentry rulegroupref="protourreg2"/>
  2451.                     <rulerefentry rulegroupref="protourreg3"/>
  2452.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2453.                     <rulerefentry rulegroupref="protourExecs"/>
  2454.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2455.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2456.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2457.                 </ruleset>
  2458.  
  2459.                 <!-- AllowSDenyD and Protect our keys -->
  2460.                 <ruleset name="rs-rega-sad" allow="true">
  2461.                     <rulerefentry rulegroupref="protourreg"/>
  2462.                     <rulerefentry rulegroupref="protourreg1"/>
  2463.                     <rulerefentry rulegroupref="protourreg2"/>
  2464.                     <rulerefentry rulegroupref="protourreg3"/>
  2465.                     <rulerefentry rulegroupref="protZaRunReg"/>
  2466.                     <rulerefentry rulegroupref="protourExecs"/>
  2467.                     <rulerefentry rulegroupref="protAvDatVersion"/>
  2468.                     <rulerefentry rulegroupref="protAvEngVersion"/>
  2469.                     <rulerefentry rulegroupref="protAvSDKVersion"/>
  2470.                 </ruleset>
  2471.  
  2472.                 <!-- Public Event Groups In Ascending Order of Weight -->
  2473.  
  2474.                 <eventgroup name="DenySD" description="DenySD" weight="15" allowweightranges="0-19,FE-FE" severityref="normal" trustChoice="restricted" trustDisplay="restricted" trustDetail="DenySD">
  2475.  
  2476.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2477.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  2478.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  2479.                     <evententry class="srcproc" event="process" subevent="startupprocess" allow="true" />
  2480.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2481.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2482.                     <evententry class="srcproc" event="message" subevent="keyboard"  rulegroupref="rg-keybd-ask" />
  2483.                     <evententry class="srcproc" event="message" subevent="mouse"  allow="true" />
  2484.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  2485.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2486.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  2487.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  2488.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-blk" />
  2489.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-block"/>
  2490.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-block"/>
  2491.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-block"/>
  2492.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-block"/>
  2493.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-block"/>
  2494.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-block"/>
  2495.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-block"/>
  2496.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2497.                     <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-blk" />
  2498.                     <evententry class="srcproc" event="driver" subevent="unload" rulegroupref="rg-drvud-blk" />
  2499.                     <evententry class="srcproc" event="driver" subevent="connect" rulegroupref="rg-drvct-blk" />
  2500.                     <evententry class="srcproc" event="driver" subevent="create" rulegroupref="rg-drvcr-blk" />
  2501.                     <evententry class="srcproc" event="driver" subevent="modify" rulegroupref="rg-drvmd-blk" />
  2502.                     <evententry class="srcproc" event="driver" subevent="delete" rulegroupref="rg-drvdl-blk" />
  2503.                     <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-blk" />
  2504.  
  2505.                     <evententry class="dstproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2506.                     <evententry class="dstproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" />
  2507.                     <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" />
  2508.                     <evententry class="dstproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2509.                     <evententry class="dstproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2510.                     <evententry class="dstproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" />
  2511.                     <evententry class="dstproc" event="message" subevent="mouse" allow="true" />
  2512.                     <evententry class="dstproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" />
  2513.                     <evententry class="dstproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2514.                     <evententry class="dstproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" />
  2515.                     <evententry class="dstproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" />
  2516.  
  2517.                 </eventgroup>
  2518.  
  2519.                 <eventgroup name="AskSDenyD" description="AskSDenyD" weight="25" allowweightranges="0-29,FE-FE" askweightranges="30-39" severityref="suspicious" trustDisplay="restricted" trustDetail="AskSDenyD">
  2520.  
  2521.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2522.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  2523.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  2524.                     <evententry class="srcproc" event="process" subevent="startupprocess"  allow="true" />
  2525.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2526.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2527.                     <evententry class="srcproc" event="message" subevent="keyboard"  rulegroupref="rg-keybd-ask" />
  2528.                     <evententry class="srcproc" event="message" subevent="mouse" allow="true" />
  2529.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  2530.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2531.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  2532.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  2533.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-blk" />
  2534.                     <evententry class="srcproc" event="registry" subevent="setkey"  rulesetref="rs-rega-asdd"/>
  2535.                     <evententry class="srcproc" event="registry" subevent="setvalue"  rulesetref="rs-rega-asdd"/>
  2536.                     <evententry class="srcproc" event="registry" subevent="delkey"  rulesetref="rs-regd-asdd"/>
  2537.                     <evententry class="srcproc" event="registry" subevent="delvalue"  rulesetref="rs-regd-asdd"/>
  2538.                     <evententry class="srcproc" event="registry" subevent="createkey"  rulesetref="rs-rega-asdd"/>
  2539.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-block"/>
  2540.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-block"/>
  2541.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2542.                     <evententry class="srcproc" event="driver" subevent="load"  rulegroupref="rg-drvld-blk" />
  2543.                     <evententry class="srcproc" event="driver" subevent="unload"  rulegroupref="rg-drvud-ask" />
  2544.                     <evententry class="srcproc" event="driver" subevent="connect"  allow="true" />
  2545.                     <evententry class="srcproc" event="driver" subevent="create" rulegroupref="rg-drvcr-blk" />
  2546.                     <evententry class="srcproc" event="driver" subevent="modify" rulegroupref="rg-drvmd-blk" />
  2547.                     <evententry class="srcproc" event="driver" subevent="delete" rulegroupref="rg-drvdl-blk" />
  2548.                     <evententry class="srcproc" event="physmem" subevent="map"  rulegroupref="rg-memmp-blk" />
  2549.  
  2550.                     <evententry class="dstproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2551.                     <evententry class="dstproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" />
  2552.                     <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" />
  2553.                     <evententry class="dstproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2554.                     <evententry class="dstproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2555.                     <evententry class="dstproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" />
  2556.                     <evententry class="dstproc" event="message" subevent="mouse" allow="true" />
  2557.                     <evententry class="dstproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" />
  2558.                     <evententry class="dstproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2559.                     <evententry class="dstproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" />
  2560.                     <evententry class="dstproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" />
  2561.  
  2562.                 </eventgroup>
  2563.  
  2564.                 <eventgroup name="AllowSDenyD" description="AllowSDenyD" weight="35" allowweightranges="0-39,FE-FE" severityref="suspicious" trustDisplay="trusted" trustDetail="AllowSDenyD">
  2565.  
  2566.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2567.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  2568.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  2569.                     <evententry class="srcproc" event="process" subevent="startupprocess"  allow="true" />
  2570.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2571.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2572.                     <evententry class="srcproc" event="message" subevent="keyboard"  rulegroupref="rg-keybd-ask" />
  2573.                     <evententry class="srcproc" event="message" subevent="mouse"  allow="true" />
  2574.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  2575.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2576.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  2577.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  2578.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook" rulegroupref="rg-glbhook-blk" />
  2579.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-sdd"/>
  2580.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-sdd"/>
  2581.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-sdd"/>
  2582.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-sdd"/>
  2583.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-sdd"/>
  2584.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-block"/>
  2585.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-block"/>
  2586.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2587.                     <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-blk" />
  2588.                     <evententry class="srcproc" event="driver" subevent="unload" allow="true" />
  2589.                     <evententry class="srcproc" event="driver" subevent="connect" allow="true" />
  2590.                     <evententry class="srcproc" event="driver" subevent="create" rulegroupref="rg-drvcr-blk" />
  2591.                     <evententry class="srcproc" event="driver" subevent="modify" rulegroupref="rg-drvmd-blk" />
  2592.                     <evententry class="srcproc" event="driver" subevent="delete" rulegroupref="rg-drvdl-blk" />
  2593.                     <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-blk" />
  2594.  
  2595.                     <evententry class="dstproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2596.                     <evententry class="dstproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" />
  2597.                     <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" />
  2598.                     <evententry class="dstproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2599.                     <evententry class="dstproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2600.                     <evententry class="dstproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" />
  2601.                     <evententry class="dstproc" event="message" subevent="mouse" allow="true" />
  2602.                     <evententry class="dstproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" />
  2603.                     <evententry class="dstproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2604.                     <evententry class="dstproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" />
  2605.                     <evententry class="dstproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" />
  2606.  
  2607.                 </eventgroup>
  2608.  
  2609.                 <eventgroup name="AskSD" description="AskSD" weight="45" allowweightranges="0-29,40-49,FE-FE" askweightranges="30-39,50-69" severityref="dangerous" trustChoice="ask" trustDisplay="ask" trustDetail="AskSD">
  2610.  
  2611.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2612.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  2613.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  2614.                     <evententry class="srcproc" event="process" subevent="startupprocess"  ask="true" />
  2615.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2616.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2617.                     <evententry class="srcproc" event="message" subevent="keyboard"  rulegroupref="rg-keybd-ask" />
  2618.                     <evententry class="srcproc" event="message" subevent="mouse"  allow="true" />
  2619.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  2620.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2621.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  2622.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  2623.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  rulegroupref="rg-glbhook-ask" />
  2624.                     <evententry class="srcproc" event="registry" subevent="setkey"  rulesetref="rs-rega-asad"/>
  2625.                     <evententry class="srcproc" event="registry" subevent="setvalue"  rulesetref="rs-rega-asad"/>
  2626.                     <evententry class="srcproc" event="registry" subevent="delkey"  rulesetref="rs-regd-asad"/>
  2627.                     <evententry class="srcproc" event="registry" subevent="delvalue"  rulesetref="rs-regd-asad"/>
  2628.                     <evententry class="srcproc" event="registry" subevent="createkey"  rulesetref="rs-rega-asad"/>
  2629.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-ask"/>
  2630.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-ask"/>
  2631.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2632.                     <evententry class="srcproc" event="driver" subevent="load"  rulegroupref="rg-drvld-ask" />
  2633.                     <evententry class="srcproc" event="driver" subevent="unload"  rulegroupref="rg-drvud-ask" />
  2634.                     <evententry class="srcproc" event="driver" subevent="connect"  allow="true" />
  2635.                     <evententry class="srcproc" event="driver" subevent="create" rulegroupref="rg-drvcr-ask" />
  2636.                     <evententry class="srcproc" event="driver" subevent="modify" rulegroupref="rg-drvmd-ask" />
  2637.                     <evententry class="srcproc" event="driver" subevent="delete" rulegroupref="rg-drvdl-ask" />
  2638.                     <evententry class="srcproc" event="physmem" subevent="map"  rulegroupref="rg-memmp-ask" />
  2639.  
  2640.                     <evententry class="dstproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2641.                     <evententry class="dstproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" />
  2642.                     <evententry class="dstproc" event="process" subevent="startupprocess" weight="FF" ask="true" />
  2643.                     <evententry class="dstproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2644.                     <evententry class="dstproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2645.                     <evententry class="dstproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" />
  2646.                     <evententry class="dstproc" event="message" subevent="mouse" allow="true" />
  2647.                     <evententry class="dstproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" />
  2648.                     <evententry class="dstproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2649.                     <evententry class="dstproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" />
  2650.                     <evententry class="dstproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" />
  2651.  
  2652.                 </eventgroup>
  2653.  
  2654.                 <eventgroup name="AllowSAskD" description="AllowSAskD" weight="55" allowweightranges="0-59,FE-FE" askweightranges="60-69" severityref="dangerous" trustChoice="trusted" trustDisplay="trusted" trustDetail="AllowSAskD">
  2655.  
  2656.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2657.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  2658.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  2659.                     <evententry class="srcproc" event="process" subevent="startupprocess"  allow="true" />
  2660.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2661.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2662.                     <evententry class="srcproc" event="message" subevent="keyboard"  rulegroupref="rg-keybd-ask" />
  2663.                     <evententry class="srcproc" event="message" subevent="mouse"  allow="true" />
  2664.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  2665.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2666.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  2667.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  2668.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  rulegroupref="rg-glbhook-ask" />
  2669.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-sad"/>
  2670.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-sad"/>
  2671.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-sad"/>
  2672.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-sad"/>
  2673.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-sad"/>
  2674.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-ask"/>
  2675.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-ask"/>
  2676.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2677.                     <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-ask" />
  2678.                     <evententry class="srcproc" event="driver" subevent="unload" allow="true" />
  2679.                     <evententry class="srcproc" event="driver" subevent="connect" allow="true" />
  2680.                     <evententry class="srcproc" event="driver" subevent="create" rulegroupref="rg-drvcr-ask" />
  2681.                     <evententry class="srcproc" event="driver" subevent="modify" rulegroupref="rg-drvmd-ask" />
  2682.                     <evententry class="srcproc" event="driver" subevent="delete" rulegroupref="rg-drvdl-ask" />
  2683.                     <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-ask" />
  2684.  
  2685.                     <evententry class="dstproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2686.                     <evententry class="dstproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" />
  2687.                     <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" />
  2688.                     <evententry class="dstproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2689.                     <evententry class="dstproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2690.                     <evententry class="dstproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" />
  2691.                     <evententry class="dstproc" event="message" subevent="mouse" allow="true" />
  2692.                     <evententry class="dstproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" />
  2693.                     <evententry class="dstproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2694.                     <evententry class="dstproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" />
  2695.                     <evententry class="dstproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" />
  2696.  
  2697.                 </eventgroup>
  2698.  
  2699.                 <eventgroup name="AllowSD" description="AllowSD" weight="65" allowweightranges="0-69,FE-FE" severityref="dangerous" trustChoice="super" trustDisplay="super" trustDetail="AllowSD">
  2700.  
  2701.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2702.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  2703.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  2704.                     <evententry class="srcproc" event="process" subevent="startupprocess"  allow="true" />
  2705.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2706.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2707.                     <evententry class="srcproc" event="message" subevent="keyboard"  weight="66" allow="true" />
  2708.                     <evententry class="srcproc" event="message" subevent="mouse" weight="66" allow="true" />
  2709.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  2710.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2711.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  2712.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  2713.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  allow="true" />
  2714.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-reg-allow" />
  2715.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-reg-allow" />
  2716.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-reg-allow" />
  2717.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-reg-allow" />
  2718.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-reg-allow" />
  2719.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow"/>
  2720.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow"/>
  2721.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2722.                     <evententry class="srcproc" event="driver" subevent="load" allow="true" />
  2723.                     <evententry class="srcproc" event="driver" subevent="unload" allow="true" />
  2724.                     <evententry class="srcproc" event="driver" subevent="connect" allow="true" />
  2725.                     <evententry class="srcproc" event="driver" subevent="create" allow="true" />
  2726.                     <evententry class="srcproc" event="driver" subevent="modify" allow="true" />
  2727.                     <evententry class="srcproc" event="driver" subevent="delete" allow="true" />
  2728.                     <evententry class="srcproc" event="physmem" subevent="map" allow="true" />
  2729.  
  2730.                     <evententry class="dstproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2731.                     <evententry class="dstproc" event="process" subevent="openthread" rulegroupref="rg-opent-ask" />
  2732.                     <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" />
  2733.                     <evententry class="dstproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2734.                     <evententry class="dstproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2735.                     <evententry class="dstproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-ask" />
  2736.                     <evententry class="dstproc" event="message" subevent="mouse" allow="true" />
  2737.                     <evententry class="dstproc" event="message" subevent="dde" rulegroupref="rg-ddein-ask" />
  2738.                     <evententry class="dstproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2739.                     <evententry class="dstproc" event="execution" subevent="callback" rulegroupref="rg-callb-ask" />
  2740.                     <evententry class="dstproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-ask" />
  2741.  
  2742.                </eventgroup>
  2743.  
  2744.            <!-- THIS MIRRORS "trust-unprot" AND SHOULD STAY IN SYNC WITH THAT GROUP -->
  2745.                <eventgroup name="no-osfw" description="no-osfw" weight="65" allowweightranges="0-69,FE-FE" severityref="normal" trustChoice="no-osfw" trustDisplay="no-osfw">
  2746.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2747.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  2748.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  2749.                     <evententry class="srcproc" event="process" subevent="startupprocess"  allow="true" />
  2750.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2751.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2752.                     <evententry class="srcproc" event="message" subevent="keyboard"  rulegroupref="rg-keybd-ask" />
  2753.                     <evententry class="srcproc" event="message" subevent="mouse" weight="66" allow="true" />
  2754.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  2755.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2756.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  2757.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  2758.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  allow="true" />
  2759.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-reg-allow" />
  2760.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-reg-allow" />
  2761.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-reg-allow" />
  2762.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-reg-allow" />
  2763.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-reg-allow" />
  2764.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow"/>
  2765.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow"/>
  2766.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2767.                     <evententry class="srcproc" event="driver" subevent="load" allow="true" />
  2768.                     <evententry class="srcproc" event="driver" subevent="unload" allow="true" />
  2769.                     <evententry class="srcproc" event="driver" subevent="connect" allow="true" />
  2770.                     <evententry class="srcproc" event="driver" subevent="create" allow="true" />
  2771.                     <evententry class="srcproc" event="driver" subevent="modify" allow="true" />
  2772.                     <evententry class="srcproc" event="driver" subevent="delete" allow="true" />
  2773.                     <evententry class="srcproc" event="physmem" subevent="map" allow="true" />
  2774.  
  2775.                     <evententry class="dstproc" event="process" subevent="openprocess" weight="65" allow="true" />
  2776.                     <evententry class="dstproc" event="process" subevent="openthread" weight="65" allow="true" />
  2777.                     <evententry class="dstproc" event="process" subevent="startupprocess" weight="65" allow="true" />
  2778.                     <evententry class="dstproc" event="process" subevent="terminateprocess" weight="65" allow="true" />
  2779.                     <evententry class="dstproc" event="process" subevent="oleconnect" weight="65" allow="true" />
  2780.                     <evententry class="dstproc" event="message" subevent="keyboard" weight="65" allow="true" />
  2781.                     <evententry class="dstproc" event="message" subevent="mouse" weight="65" allow="true" />
  2782.                     <evententry class="dstproc" event="message" subevent="dde" weight="65" allow="true" />
  2783.                     <evententry class="dstproc" event="message" subevent="message"  weight="65" allow="true" />
  2784.                     <evententry class="dstproc" event="execution" subevent="callback" weight="65" allow="true" />
  2785.                     <evententry class="dstproc" event="execution" subevent="windowshook" weight="65" allow="true" />
  2786.  
  2787.                 </eventgroup>
  2788.  
  2789.                 <eventgroup name="sys-level1" description="sys-level1" weight="66" allowweightranges="0-69,FE-FE" severityref="dangerous" trustDisplay="super">
  2790.  
  2791.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2792.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  2793.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  2794.                     <evententry class="srcproc" event="process" subevent="startupprocess"  allow="true" />
  2795.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2796.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2797.                     <evententry class="srcproc" event="message" subevent="keyboard"  rulegroupref="rg-keybd-ask" />
  2798.                     <evententry class="srcproc" event="message" subevent="mouse"  allow="true" />
  2799.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  2800.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2801.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  2802.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  2803.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  allow="true" />
  2804.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-reg-allow" />
  2805.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-reg-allow" />
  2806.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-reg-allow" />
  2807.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-reg-allow" />
  2808.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-reg-allow" />
  2809.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow" />
  2810.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow" />
  2811.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2812.                     <evententry class="srcproc" event="driver" subevent="load" allow="true" />
  2813.                     <evententry class="srcproc" event="driver" subevent="unload" allow="true" />
  2814.                     <evententry class="srcproc" event="driver" subevent="connect" allow="true" />
  2815.                     <evententry class="srcproc" event="driver" subevent="create" allow="true" />
  2816.                     <evententry class="srcproc" event="driver" subevent="modify" allow="true" />
  2817.                     <evententry class="srcproc" event="driver" subevent="delete" allow="true" />
  2818.                     <evententry class="srcproc" event="physmem" subevent="map" allow="true" />
  2819.  
  2820.                     <evententry class="dstproc" event="process" subevent="openprocess" weight="65" rulegroupref="rg-openp-ask" />
  2821.                     <evententry class="dstproc" event="process" subevent="openthread" weight="65" rulegroupref="rg-opent-ask" />
  2822.                     <evententry class="dstproc" event="process" subevent="startupprocess" weight="65" allow="true" />
  2823.                     <evententry class="dstproc" event="process" subevent="terminateprocess" weight="65" rulegroupref="rg-termp-ask" />
  2824.                     <evententry class="dstproc" event="process" subevent="oleconnect" weight="65" rulegroupref="rg-olecn-ask" />
  2825.                     <evententry class="dstproc" event="message" subevent="keyboard" weight="65" rulegroupref="rg-keybd-ask" />
  2826.                     <evententry class="dstproc" event="message" subevent="mouse" weight="65" allow="true" />
  2827.                     <evententry class="dstproc" event="message" subevent="dde" weight="65" rulegroupref="rg-ddein-ask" />
  2828.                     <evententry class="dstproc" event="message" subevent="message"  weight="65" rulegroupref="rg-msg-ask" />
  2829.                     <evententry class="dstproc" event="execution" subevent="callback" weight="65" rulegroupref="rg-callb-ask" />
  2830.                     <evententry class="dstproc" event="execution" subevent="windowshook" weight="65" rulegroupref="rg-whook-ask" />
  2831.  
  2832.                 </eventgroup>
  2833.  
  2834.                 <!-- like sys-level1 but without access to protected registry keys -->
  2835.                 <eventgroup name="sys-level2" description="sys-level2" weight="66" allowweightranges="0-69,FE-FE" severityref="dangerous" trustDisplay="super">
  2836.  
  2837.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  2838.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  2839.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  2840.                     <evententry class="srcproc" event="process" subevent="startupprocess"  allow="true" />
  2841.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  2842.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  2843.                     <evententry class="srcproc" event="message" subevent="keyboard"  rulegroupref="rg-keybd-ask" />
  2844.                     <evententry class="srcproc" event="message" subevent="mouse"  allow="true" />
  2845.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  2846.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  2847.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  2848.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  2849.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  allow="true" />
  2850.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-block" />
  2851.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-block" />
  2852.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-block" />
  2853.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-block" />
  2854.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-block" />
  2855.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow" />
  2856.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow" />
  2857.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2858.                     <evententry class="srcproc" event="driver" subevent="load" allow="true" />
  2859.                     <evententry class="srcproc" event="driver" subevent="unload" allow="true" />
  2860.                     <evententry class="srcproc" event="driver" subevent="connect" allow="true" />
  2861.                     <evententry class="srcproc" event="driver" subevent="create" allow="true" />
  2862.                     <evententry class="srcproc" event="driver" subevent="modify" allow="true" />
  2863.                     <evententry class="srcproc" event="driver" subevent="delete" allow="true" />
  2864.                     <evententry class="srcproc" event="physmem" subevent="map" allow="true" />
  2865.  
  2866.                     <evententry class="dstproc" event="process" subevent="openprocess" weight="65" rulegroupref="rg-openp-ask" />
  2867.                     <evententry class="dstproc" event="process" subevent="openthread" weight="65" rulegroupref="rg-opent-ask" />
  2868.                     <evententry class="dstproc" event="process" subevent="startupprocess" weight="65" allow="true" />
  2869.                     <evententry class="dstproc" event="process" subevent="terminateprocess" weight="65" rulegroupref="rg-termp-ask" />
  2870.                     <evententry class="dstproc" event="process" subevent="oleconnect" weight="65" rulegroupref="rg-olecn-ask" />
  2871.                     <evententry class="dstproc" event="message" subevent="keyboard" weight="65" rulegroupref="rg-keybd-ask" />
  2872.                     <evententry class="dstproc" event="message" subevent="mouse" weight="65" allow="true" />
  2873.                     <evententry class="dstproc" event="message" subevent="dde" weight="65" rulegroupref="rg-ddein-ask" />
  2874.                     <evententry class="dstproc" event="message" subevent="message"  weight="65" rulegroupref="rg-msg-ask" />
  2875.                     <evententry class="dstproc" event="execution" subevent="callback" weight="65" rulegroupref="rg-callb-ask" />
  2876.                     <evententry class="dstproc" event="execution" subevent="windowshook" weight="65" rulegroupref="rg-whook-ask" />
  2877.  
  2878.                 </eventgroup>
  2879.  
  2880.                 <eventgroup name="sys-level3" description="sys-level3" weight="66" allowweightranges="0-69,FE-FE" severityref="dangerous" trustDisplay="super">
  2881.  
  2882.                     <evententry class="srcproc" event="process" subevent="openprocess"  weight="E1" allow="true" />
  2883.                     <evententry class="srcproc" event="process" subevent="openthread"  weight="E1" allow="true" />
  2884.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  weight="E1" allow="true" />
  2885.                     <evententry class="srcproc" event="process" subevent="startupprocess"   weight="E1" allow="true" />
  2886.                     <evententry class="srcproc" event="process" subevent="terminateprocess"  weight="E1" allow="true" />
  2887.                     <evententry class="srcproc" event="process" subevent="oleconnect"  weight="E1" allow="true" />
  2888.                     <evententry class="srcproc" event="message" subevent="keyboard"  weight="E1" allow="true" />
  2889.                     <evententry class="srcproc" event="message" subevent="mouse"  weight="E1" allow="true" />
  2890.                     <evententry class="srcproc" event="message" subevent="dde"  weight="E1" allow="true" />
  2891.                     <evententry class="srcproc" event="message" subevent="message"  weight="E1" allow="true" />
  2892.                     <evententry class="srcproc" event="execution" subevent="callback"  weight="E1" allow="true" />
  2893.                     <evententry class="srcproc" event="execution" subevent="windowshook"  weight="E1" allow="true" />
  2894.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  allow="true" />
  2895.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-reg-allow" />
  2896.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-reg-allow" />
  2897.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-reg-allow" />
  2898.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-reg-allow" />
  2899.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-reg-allow" />
  2900.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow" />
  2901.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow" />
  2902.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  2903.                     <evententry class="srcproc" event="driver" subevent="load" allow="true" />
  2904.                     <evententry class="srcproc" event="driver" subevent="unload" allow="true" />
  2905.                     <evententry class="srcproc" event="driver" subevent="connect" allow="true" />
  2906.                     <evententry class="srcproc" event="driver" subevent="create" allow="true" />
  2907.                     <evententry class="srcproc" event="driver" subevent="modify" allow="true" />
  2908.                     <evententry class="srcproc" event="driver" subevent="delete" allow="true" />
  2909.                     <evententry class="srcproc" event="physmem" subevent="map" allow="true" />
  2910.  
  2911.                     <evententry class="dstproc" event="process" subevent="openprocess" weight="65" rulegroupref="rg-openp-ask" />
  2912.                     <evententry class="dstproc" event="process" subevent="openthread" weight="65" rulegroupref="rg-opent-ask" />
  2913.                     <evententry class="dstproc" event="process" subevent="startupprocess" weight="65" allow="true" />
  2914.                     <evententry class="dstproc" event="process" subevent="terminateprocess" weight="65" rulegroupref="rg-termp-ask" />
  2915.                     <evententry class="dstproc" event="process" subevent="oleconnect" weight="65" rulegroupref="rg-olecn-ask" />
  2916.                     <evententry class="dstproc" event="message" subevent="keyboard" weight="65" rulegroupref="rg-keybd-ask" />
  2917.                     <evententry class="dstproc" event="message" subevent="mouse" weight="65" allow="true" />
  2918.                     <evententry class="dstproc" event="message" subevent="dde" weight="65" rulegroupref="rg-ddein-ask" />
  2919.                     <evententry class="dstproc" event="message" subevent="message"  weight="65" rulegroupref="rg-msg-ask" />
  2920.                     <evententry class="dstproc" event="execution" subevent="callback" weight="65" rulegroupref="rg-callb-ask" />
  2921.                     <evententry class="dstproc" event="execution" subevent="windowshook" weight="65" rulegroupref="rg-whook-ask" />
  2922.  
  2923.                 </eventgroup>
  2924.  
  2925.                 <eventgroup name="kill" description="Kill" weight="75" severityref="crit_malicious" trustChoice="kill" trustDisplay="kill">
  2926.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-blk" />
  2927.                     <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-blk" />
  2928.                     <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-blk" />
  2929.                     <evententry class="srcproc" event="process" subevent="startupprocess" rulegroupref="rg-start-blk" />
  2930.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-blk" />
  2931.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-blk" />
  2932.                     <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-blk" />
  2933.                     <evententry class="srcproc" event="message" subevent="mouse" rulegroupref="rg-mouse-blk" />
  2934.                     <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-blk" />
  2935.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-blk" />
  2936.                     <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-blk" />
  2937.                     <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-blk" />
  2938.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  rulegroupref="rg-glbhook-blk" />
  2939.                     <evententry class="srcproc" event="registry" subevent="setkey" allow="false" />
  2940.                     <evententry class="srcproc" event="registry" subevent="setvalue" allow="false" />
  2941.                     <evententry class="srcproc" event="registry" subevent="delkey" allow="false" />
  2942.                     <evententry class="srcproc" event="registry" subevent="delvalue" allow="false" />
  2943.                     <evententry class="srcproc" event="registry" subevent="createkey" allow="false" />
  2944.                     <evententry class="srcproc" event="file" subevent="write" allow="false" />
  2945.                     <evententry class="srcproc" event="file" subevent="delete" allow="false" />
  2946.                     <evententry class="srcproc" event="module" subevent="load" allow="false" />
  2947.                     <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-blk" />
  2948.                     <evententry class="srcproc" event="driver" subevent="unload" rulegroupref="rg-drvud-blk" />
  2949.                     <evententry class="srcproc" event="driver" subevent="connect" rulegroupref="rg-drvct-blk" />
  2950.                     <evententry class="srcproc" event="driver" subevent="create" rulegroupref="rg-drvcr-blk" />
  2951.                     <evententry class="srcproc" event="driver" subevent="modify" rulegroupref="rg-drvmd-blk" />
  2952.                     <evententry class="srcproc" event="driver" subevent="delete" rulegroupref="rg-drvdl-blk" />
  2953.                     <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-blk" />
  2954.  
  2955.                     <evententry class="dstproc" event="process" subevent="openprocess" allow="true" />
  2956.                     <evententry class="dstproc" event="process" subevent="openthread" allow="true" />
  2957.                     <evententry class="dstproc" event="process" subevent="startupprocess" allow="false" />
  2958.                     <evententry class="dstproc" event="process" subevent="terminateprocess" allow="true" />
  2959.                     <evententry class="dstproc" event="process" subevent="oleconnect" allow="true" />
  2960.                     <evententry class="dstproc" event="message" subevent="keyboard" allow="true" />
  2961.                     <evententry class="dstproc" event="message" subevent="mouse" allow="true" />
  2962.                     <evententry class="dstproc" event="message" subevent="dde" allow="true" />
  2963.                     <evententry class="dstproc" event="message" subevent="message"  allow="true" />
  2964.                     <evententry class="dstproc" event="execution" subevent="callback" allow="true" />
  2965.                     <evententry class="dstproc" event="execution" subevent="windowshook" allow="true" />
  2966.                 </eventgroup>
  2967.  
  2968.                 <eventgroup name="untrust-unprot" description="untrust-unprot" weight="20" allowweightranges="0-69,FE-FE" severityref="normal" trustDisplay="restricted">
  2969.  
  2970.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-blk" />
  2971.                     <evententry class="srcproc" event="process" subevent="openthread" rulegroupref="rg-opent-blk" />
  2972.                     <evententry class="srcproc" event="process" subevent="spawnprocess" rulegroupref="rg-spawn-blk" />
  2973.                     <evententry class="srcproc" event="process" subevent="startupprocess" rulegroupref="rg-start-blk" />
  2974.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-blk" />
  2975.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-blk" />
  2976.                     <evententry class="srcproc" event="message" subevent="keyboard" rulegroupref="rg-keybd-blk" />
  2977.                     <evententry class="srcproc" event="message" subevent="mouse" rulegroupref="rg-mouse-blk" />
  2978.                     <evententry class="srcproc" event="message" subevent="dde" rulegroupref="rg-ddein-blk" />
  2979.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-blk" />
  2980.                     <evententry class="srcproc" event="execution" subevent="callback" rulegroupref="rg-callb-blk" />
  2981.                     <evententry class="srcproc" event="execution" subevent="windowshook" rulegroupref="rg-whook-blk" />
  2982.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  rulegroupref="rg-glbhook-blk" />
  2983.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-rega-block"/>
  2984.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-rega-block"/>
  2985.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-regd-block"/>
  2986.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-regd-block"/>
  2987.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-rega-block"/>
  2988.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-block"/>
  2989.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-block"/>
  2990.                     <evententry class="srcproc" event="module" subevent="load" allow="true" />
  2991.                     <evententry class="srcproc" event="driver" subevent="load" rulegroupref="rg-drvld-blk" />
  2992.                     <evententry class="srcproc" event="driver" subevent="unload" rulegroupref="rg-drvud-blk" />
  2993.                     <evententry class="srcproc" event="driver" subevent="connect" rulegroupref="rg-drvct-blk" />
  2994.                     <evententry class="srcproc" event="driver" subevent="create" rulegroupref="rg-drvcr-blk" />
  2995.                     <evententry class="srcproc" event="driver" subevent="modify" rulegroupref="rg-drvmd-blk" />
  2996.                     <evententry class="srcproc" event="driver" subevent="delete" rulegroupref="rg-drvdl-blk" />
  2997.                     <evententry class="srcproc" event="physmem" subevent="map" rulegroupref="rg-memmp-blk" />
  2998.  
  2999.                     <evententry class="dstproc" event="process" subevent="openprocess" allow="true" />
  3000.                     <evententry class="dstproc" event="process" subevent="openthread" allow="true" />
  3001.                     <evententry class="dstproc" event="process" subevent="startupprocess" allow="true" />
  3002.                     <evententry class="dstproc" event="process" subevent="terminateprocess" allow="true" />
  3003.                     <evententry class="dstproc" event="process" subevent="oleconnect" allow="true" />
  3004.                     <evententry class="dstproc" event="message" subevent="keyboard" allow="true" />
  3005.                     <evententry class="dstproc" event="message" subevent="mouse" allow="true" />
  3006.                     <evententry class="dstproc" event="message" subevent="dde" allow="true" />
  3007.                     <evententry class="dstproc" event="message" subevent="message"  ask="true" />
  3008.                     <evententry class="dstproc" event="execution" subevent="callback" allow="true" />
  3009.                     <evententry class="dstproc" event="execution" subevent="windowshook" allow="true" />
  3010.  
  3011.                 </eventgroup>
  3012.  
  3013.                 <!-- THIS MIRRORS "no-osfw" AND SHOULD STAY IN SYNC WITH THAT GROUP -->
  3014.                 <eventgroup name="trust-unprot" description="trust-unprot" weight="65" allowweightranges="0-69,FE-FE" severityref="normal" trustDisplay="super">
  3015.  
  3016.                     <evententry class="srcproc" event="process" subevent="openprocess" rulegroupref="rg-openp-ask" />
  3017.                     <evententry class="srcproc" event="process" subevent="openthread"  rulegroupref="rg-opent-ask" />
  3018.                     <evententry class="srcproc" event="process" subevent="spawnprocess"  rulegroupref="rg-spawn-ask" />
  3019.                     <evententry class="srcproc" event="process" subevent="startupprocess"  allow="true" />
  3020.                     <evententry class="srcproc" event="process" subevent="terminateprocess" rulegroupref="rg-termp-ask" />
  3021.                     <evententry class="srcproc" event="process" subevent="oleconnect" rulegroupref="rg-olecn-ask" />
  3022.                     <evententry class="srcproc" event="message" subevent="keyboard"  rulegroupref="rg-keybd-ask" />
  3023.                     <evententry class="srcproc" event="message" subevent="mouse" weight="66" allow="true" />
  3024.                     <evententry class="srcproc" event="message" subevent="dde"  rulegroupref="rg-ddein-ask" />
  3025.                     <evententry class="srcproc" event="message" subevent="message"  rulegroupref="rg-msg-ask" />
  3026.                     <evententry class="srcproc" event="execution" subevent="callback"  rulegroupref="rg-callb-ask" />
  3027.                     <evententry class="srcproc" event="execution" subevent="windowshook"  rulegroupref="rg-whook-ask" />
  3028.                     <evententry class="srcproc" event="execution" subevent="globalwindowshook"  allow="true" />
  3029.                     <evententry class="srcproc" event="registry" subevent="setvalue" rulesetref="rs-reg-allow" />
  3030.                     <evententry class="srcproc" event="registry" subevent="setkey" rulesetref="rs-reg-allow" />
  3031.                     <evententry class="srcproc" event="registry" subevent="delvalue" rulesetref="rs-reg-allow" />
  3032.                     <evententry class="srcproc" event="registry" subevent="delkey" rulesetref="rs-reg-allow" />
  3033.                     <evententry class="srcproc" event="registry" subevent="createkey" rulesetref="rs-reg-allow" />
  3034.                     <evententry class="srcproc" event="file" subevent="write" rulesetref="rs-files-allow"/>
  3035.                     <evententry class="srcproc" event="file" subevent="delete" rulesetref="rs-files-allow"/>
  3036.                     <evententry class="srcproc" event="module" subevent="load" rulegroupref="rg-modld-ok" />
  3037.                     <evententry class="srcproc" event="driver" subevent="load" allow="true" />
  3038.                     <evententry class="srcproc" event="driver" subevent="unload" allow="true" />
  3039.                     <evententry class="srcproc" event="driver" subevent="connect" allow="true" />
  3040.                     <evententry class="srcproc" event="driver" subevent="create" allow="true" />
  3041.                     <evententry class="srcproc" event="driver" subevent="modify" allow="true" />
  3042.                     <evententry class="srcproc" event="driver" subevent="delete" allow="true" />
  3043.                     <evententry class="srcproc" event="physmem" subevent="map" allow="true" />
  3044.  
  3045.                     <evententry class="dstproc" event="process" subevent="openprocess" weight="65" allow="true" />
  3046.                     <evententry class="dstproc" event="process" subevent="openthread" weight="65" allow="true" />
  3047.                     <evententry class="dstproc" event="process" subevent="startupprocess" weight="65" allow="true" />
  3048.                     <evententry class="dstproc" event="process" subevent="terminateprocess" weight="65" allow="true" />
  3049.                     <evententry class="dstproc" event="process" subevent="oleconnect" weight="65" allow="true" />
  3050.                     <evententry class="dstproc" event="message" subevent="keyboard" weight="65" allow="true" />
  3051.                     <evententry class="dstproc" event="message" subevent="mouse" weight="65" allow="true" />
  3052.                     <evententry class="dstproc" event="message" subevent="dde" weight="65" allow="true" />
  3053.                     <evententry class="dstproc" event="message" subevent="message"  weight="65" allow="true" />
  3054.                     <evententry class="dstproc" event="execution" subevent="callback" weight="65" allow="true" />
  3055.                     <evententry class="dstproc" event="execution" subevent="windowshook" weight="65" allow="true" />
  3056.  
  3057.                 </eventgroup>
  3058.  
  3059.             </osfirewall>
  3060.         <osfwGlobalSettings>
  3061.           <osfwGlobalSetting name="ie-home-page" default="noop" eventtype="registry">
  3062.             <messages value="Change Internet Explorer home page" locale="en-US"/>
  3063.             <messages value="Internet Explorer-Startseite ├ñndern" locale="de-DE"/>
  3064.             <messages value="Modifier la page d'accueil dans Internet Explorer" locale="fr-FR"/>
  3065.             <messages value="Internet Explorer πü«πâ¢πâ╝πâá πâÜπâ╝πé╕πéÆσñëµ¢┤πüÖπéï" locale="jp-JA"/>
  3066.             <messages value="Cambiar p├ígina de inicio de Internet Explorer" locale="es-ES"/>
  3067.             <messages value="Modifica pagina iniziale di Internet Explorer" locale="it-IT"/>
  3068.             <subEvent type="setkey"/>
  3069.             <subEvent type="setvalue"/>
  3070.             <subEvent type="delkey"/>
  3071.             <subEvent type="delvalue"/>
  3072.             <subEvent type="createkey"/>
  3073.             <rulegroup type="allow" ref="a-ie-home1"/>
  3074.             <rulegroup type="allow" ref="a-ie-home2"/>
  3075.             <rulegroup type="deny" ref="blk-ie-home1"/>
  3076.             <rulegroup type="deny" ref="blk-ie-home2"/>
  3077.             <rulegroup type="ask" ref="ask-ie-home1"/>
  3078.             <rulegroup type="ask" ref="ask-ie-home2"/>
  3079.           </osfwGlobalSetting>
  3080.           <osfwGlobalSetting name="ie-search-page" default="noop" eventtype="registry">
  3081.             <messages value="Change Internet Explorer search page" locale="en-US"/>
  3082.             <messages value="Internet Explorer-Suchseite ├ñndern" locale="de-DE"/>
  3083.             <messages value="Modifier la page de recherche dans Internet Explorer" locale="fr-FR"/>
  3084.             <messages value="Internet Explorer πü«µñ£τ┤óπâÜπâ╝πé╕πéÆσñëµ¢┤πüÖπéï" locale="jp-JA"/>
  3085.             <messages value="Cambiar p├ígina de b├║squeda de Internet Explorer" locale="es-ES"/>
  3086.             <messages value="Modifica pagina di ricerca di Internet Explorer" locale="it-IT"/>
  3087.             <subEvent type="setkey"/>
  3088.             <subEvent type="setvalue"/>
  3089.             <subEvent type="delkey"/>
  3090.             <subEvent type="delvalue"/>
  3091.             <subEvent type="createkey"/>
  3092.             <rulegroup type="allow" ref="a-ie-search1"/>
  3093.             <rulegroup type="allow" ref="a-ie-search2"/>
  3094.             <rulegroup type="allow" ref="a-ie-search3"/>
  3095.             <rulegroup type="allow" ref="a-ie-search4"/>
  3096.             <rulegroup type="allow" ref="a-ie-search5"/>
  3097.             <rulegroup type="allow" ref="a-ie-search6"/>
  3098.             <rulegroup type="allow" ref="a-ie-search7"/>
  3099.             <rulegroup type="allow" ref="a-ie-search8"/>
  3100.             <rulegroup type="allow" ref="a-ie-search9"/>
  3101.             <rulegroup type="allow" ref="a-ie-search10"/>
  3102.             <rulegroup type="allow" ref="a-ie-srchdef" />
  3103.             <rulegroup type="deny" ref="blk-ie-search1"/>
  3104.             <rulegroup type="deny" ref="blk-ie-search2"/>
  3105.             <rulegroup type="deny" ref="blk-ie-search3"/>
  3106.             <rulegroup type="deny" ref="blk-ie-search4"/>
  3107.             <rulegroup type="deny" ref="blk-ie-search5"/>
  3108.             <rulegroup type="deny" ref="blk-ie-search6"/>
  3109.             <rulegroup type="deny" ref="blk-ie-search7"/>
  3110.             <rulegroup type="deny" ref="blk-ie-search8"/>
  3111.             <rulegroup type="deny" ref="blk-ie-search9"/>
  3112.             <rulegroup type="deny" ref="blk-ie-search10"/>
  3113.             <rulegroup type="deny" ref="blk-ie-srchdef" />
  3114.             <rulegroup type="ask" ref="ask-ie-search1"/>
  3115.             <rulegroup type="ask" ref="ask-ie-search2"/>
  3116.             <rulegroup type="ask" ref="ask-ie-search3"/>
  3117.             <rulegroup type="ask" ref="ask-ie-search4"/>
  3118.             <rulegroup type="ask" ref="ask-ie-search5"/>
  3119.             <rulegroup type="ask" ref="ask-ie-search6"/>
  3120.             <rulegroup type="ask" ref="ask-ie-search7"/>
  3121.             <rulegroup type="ask" ref="ask-ie-search8"/>
  3122.             <rulegroup type="ask" ref="ask-ie-search9"/>
  3123.             <rulegroup type="ask" ref="ask-ie-search10"/>
  3124.             <rulegroup type="ask" ref="ask-ie-srchdef" />
  3125.           </osfwGlobalSetting>
  3126.           <osfwGlobalSetting name="clsid" default="noop" eventtype="registry">
  3127.             <messages value="Install ActiveX" locale="en-US"/>
  3128.             <messages value="ActiveX installieren" locale="de-DE"/>
  3129.             <messages value="Installer ActiveX" locale="fr-FR"/>
  3130.             <messages value="ActiveX πéÆπéñπâ│πé╣πâêπâ╝πâ½πüÖπéï" locale="jp-JA"/>
  3131.             <messages value="Instalar ActiveX" locale="es-ES"/>
  3132.             <messages value="Installazione ActiveX" locale="it-IT"/>
  3133.             <subEvent type="setkey"/>
  3134.             <subEvent type="setvalue"/>
  3135.             <subEvent type="createkey"/>
  3136.             <rulegroup type="allow" ref="allow-classes"/>
  3137.             <rulegroup type="deny" ref="block-classes"/>
  3138.             <rulegroup type="ask" ref="protect-classes"/>
  3139.           </osfwGlobalSetting>
  3140.           <osfwGlobalSetting name="startup" default="noop" eventtype="registry">
  3141.             <messages value="Change which programs load at startup" locale="en-US"/>
  3142.             <messages value="├ändern, welche Programme beim Start geladen werden" locale="de-DE"/>
  3143.             <messages value="Modifier les programmes ├á charger au d├⌐marrage" locale="fr-FR"/>
  3144.             <messages value="Φ╡╖σïòµÖéπü½πâ¡πâ╝πâëπüòπéîπéïπâùπâ¡πé░πâ⌐πâáπéÆσñëµ¢┤πüÖπéï" locale="jp-JA"/>
  3145.             <messages value="Cambiar los programas que se van a cargar al inicio" locale="es-ES"/>
  3146.             <messages value="Modifica programmi caricati allΓÇÖavvio" locale="it-IT"/>
  3147.             <subEvent type="setkey"/>
  3148.             <subEvent type="setvalue"/>
  3149.             <subEvent type="delkey"/>
  3150.             <subEvent type="delvalue"/>
  3151.             <subEvent type="createkey"/>
  3152.             <rulegroup type="allow" ref="allow-run1"/>
  3153.             <rulegroup type="allow" ref="allow-run2"/>
  3154.             <rulegroup type="allow" ref="allow-run3"/>
  3155.             <rulegroup type="allow" ref="allow-run4"/>
  3156.             <rulegroup type="allow" ref="allow-run5"/>
  3157.             <rulegroup type="allow" ref="allow-run6"/>
  3158.             <rulegroup type="deny" ref="block-run1"/>
  3159.             <rulegroup type="deny" ref="block-run2"/>
  3160.             <rulegroup type="deny" ref="block-run3"/>
  3161.             <rulegroup type="deny" ref="block-run4"/>
  3162.             <rulegroup type="deny" ref="block-run5"/>
  3163.             <rulegroup type="deny" ref="block-run6"/>
  3164.             <rulegroup type="ask" ref="protect-run1"/>
  3165.             <rulegroup type="ask" ref="protect-run2"/>
  3166.             <rulegroup type="ask" ref="protect-run3"/>
  3167.             <rulegroup type="ask" ref="protect-run4"/>
  3168.             <rulegroup type="ask" ref="protect-run5"/>
  3169.             <rulegroup type="ask" ref="protect-run6"/>
  3170.           </osfwGlobalSetting>
  3171.           <osfwGlobalSetting name="hosts" default="noop" eventtype="file">
  3172.             <messages value="Change the hosts file" locale="en-US"/>
  3173.             <messages value="Hostdatei ├ñndern" locale="de-DE"/>
  3174.             <messages value="Modifier le fichier h├┤te" locale="fr-FR"/>
  3175.             <messages value="πâ¢πé╣πâê πâòπéíπéñπâ½πéÆσñëµ¢┤πüÖπéï" locale="jp-JA"/>
  3176.             <messages value="Cambiar el archivo de hosts" locale="es-ES"/>
  3177.             <messages value="Modifica file host" locale="it-IT"/>
  3178.             <subEvent type="write"/>
  3179.             <subEvent type="delete"/>
  3180.             <rulegroup type="allow" ref="allow-hosts"/>
  3181.             <rulegroup type="deny" ref="block-hosts"/>
  3182.             <rulegroup type="ask" ref="prot-hosts"/>
  3183.           </osfwGlobalSetting>
  3184.         </osfwGlobalSettings>
  3185.         </applications>
  3186.     </ruleset>
  3187. </ZoneLabsSettings>
  3188.