Press

Vulnerability

In version 4250.121, SafeConnect only uses symmetric encryption (see below) to protect against receiving spoofed upgrades. In version 5036.223, SafeConnect additionally checks that the upgrade *.dll and *.exe files are digitally signed by them. Problem: version 4250.121 was also digitally signed by them. By spoofing an "upgrade" to version 4250.121 and then an "upgrade" to code of your choosing, you can still run arbitrary code on victims' machines. Below we have a "hello world" exploit demonstrating the vulnerability:

For UNM's SafeConnect, this exploit requires you to reroute traffic on the victim's network for 198.31.193.211 to a machine running this server. This exploit could also be modified to work via packet injection over UNM's wifi network.

SafeConnect can overcome this vulnerability by verifying not only that the upgrade files are digitally signed by them but also that they have a greater version number; however, this vulnerability demonstrates that Network Access Control (NAC) software like SafeConnect, while appearing to increase your computer's security, can actually open it up to a new dimension of threats. To protect yourself from this vulnerability, we recommend that you uninstall SafeConnect immediately.

Encryption

Traffic between the client and server is encrypted XML. It can be decrypted using the following 12 byte Blowfish key in ECB mode:

\x4f\xbd\x06\x00\x00\xca\x9c\x18\x03\xfc\x91\x3f

decrypt.py can decrypt the encrypted traffic.

This key appears in binary in scManager.dll.

The same key was found to appear in the same file and offset in the SafeConnect clients distributed by at least the following academic institutions:

Decrypted traffic

Handshake

Sent

<PKResponse><Header><localIpAddress>129.24.255.135</localIpAddress><observedIP></observedIP><macaddress>74-F0-6D-64-3B-C2</macaddress><sessionUID>693693338121519</sessionUID><OS_NAME>OS_WINXP_32</OS_NAME><pkProgramBuild>5036.223</pkProgramBuild><canILan>false</canILan><hostName>cs-3a3e67ed38e0</hostName><userName>jeffk</userName><domain>NONE</domain><startup>true</startup><interactive>true</interactive></Header><localTime>[06-21-2011 22:58:36]</localTime><MetricString>(Local Time = [06-21-2011 22:58:36])(Active Client List = (Client: PID[3116], User[jeffk], Version[223]))(Is DHCP Enabled = Yes)(Has ILan ever failed = No)(RDP Status = Remote)</MetricString><Policies></Policies><delta>true</delta></PKResponse>

The sessionUID is randomly generated and stored in c:\Program Files\SafeConnect\sc.dat.

Received

<scanResult_response>
 <ctrl_set_observed_ip>129.24.255.135</ctrl_set_observed_ip>
 <ctrl_ping_no_user>0</ctrl_ping_no_user>
 <ctrl_next_ping>285</ctrl_next_ping>
 <ctrl_policy>
  <hss>
   <SUBROUTINES>
    <PolicyKeyPass>
     <TRUE>true</TRUE>
    </PolicyKeyPass>
    <OS_OSX>
     <SYSTEM_INFO>
      <OS_NAME>OS_OSX</OS_NAME>
     </SYSTEM_INFO>
    </OS_OSX>
    <OS_WIN98>
     <SYSTEM_INFO>
      <OS_NAME>OS_WIN98</OS_NAME>
     </SYSTEM_INFO>
    </OS_WIN98>
    <OS_WINME>
     <SYSTEM_INFO>
      <OS_NAME>OS_WINME</OS_NAME>
     </SYSTEM_INFO>
    </OS_WINME>
    <OS_WINNT>
     <SYSTEM_INFO>
      <OS_NAME>OS_WINNT4</OS_NAME>
     </SYSTEM_INFO>
     <SYSTEM_INFO>
      <OS_NAME>OS_WINNT3</OS_NAME>
     </SYSTEM_INFO>
    </OS_WINNT>
    <OS_WIN2K>
     <SYSTEM_INFO>
      <OS_NAME>OS_WIN2K</OS_NAME>
     </SYSTEM_INFO>
    </OS_WIN2K>
    <OS_WINS2K3>
     <SYSTEM_INFO>
      <OS_NAME>OS_WINS2K3</OS_NAME>
     </SYSTEM_INFO>
    </OS_WINS2K3>
    <OS_WINXP>
     <SYSTEM_INFO>
      <OS_NAME>OS_WINXP</OS_NAME>
     </SYSTEM_INFO>
    </OS_WINXP>
    <OS_VISTA>
     <SYSTEM_INFO>
      <OS_NAME>OS_VISTA</OS_NAME>
     </SYSTEM_INFO>
    </OS_VISTA>
    <OS_WIN7>
     <SYSTEM_INFO>
      <OS_NAME>OS_WIN7</OS_NAME>
     </SYSTEM_INFO>
    </OS_WIN7>
    <OS_UNKNOWN>
     <SYSTEM_INFO>
      <OS_NAME>OS_UNKNOWN</OS_NAME>
     </SYSTEM_INFO>
    </OS_UNKNOWN>
    <OS_WIN95>
     <SYSTEM_INFO>
      <OS_NAME>OS_WIN95</OS_NAME>
     </SYSTEM_INFO>
    </OS_WIN95>
    <LT_SP1>
     <SYSTEM_INFO>
      <SERVICE_PACK>1</SERVICE_PACK>
      <OP>LT</OP>
     </SYSTEM_INFO>
    </LT_SP1>
    <LT_SP2>
     <SYSTEM_INFO>
      <SERVICE_PACK>2</SERVICE_PACK>
      <OP>LT</OP>
     </SYSTEM_INFO>
    </LT_SP2>
    <LT_SP3>
     <SYSTEM_INFO>
      <SERVICE_PACK>3</SERVICE_PACK>
      <OP>LT</OP>
     </SYSTEM_INFO>
    </LT_SP3>
    <LT_SP4>
     <SYSTEM_INFO>
      <SERVICE_PACK>4</SERVICE_PACK>
      <OP>LT</OP>
     </SYSTEM_INFO>
    </LT_SP4>
    <LT_SP5>
     <SYSTEM_INFO>
      <SERVICE_PACK>5</SERVICE_PACK>
      <OP>LT</OP>
     </SYSTEM_INFO>
    </LT_SP5>
    <SophosInstalled>
     <or>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Sophos\Sweep95</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
       <FILE>icmon.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Sophos\Sweep95</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
       <FILE>ICSUPP95.EXE</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Sophos\SweepNT</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
       <FILE>icmon.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Sophos\SAVService\Application</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
       <FILE>SavService.exe</FILE>
      </Install_File>
     </or>
    </SophosInstalled>
    <McAfeeInstalled>
     <or>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\McAfee\AVEngine</KEY_NAME>
       <KEY_VALUE>szInstallDir32</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\McAfee\AVEngine</KEY_NAME>
       <KEY_VALUE>szInstallDir</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\McAfee.com\Agent</KEY_NAME>
       <KEY_VALUE>Install Dir</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\McAfee.com\Virusscan Online</KEY_NAME>
       <KEY_VALUE>Install Dir</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\McAfee\VSCore\Detect</KEY_NAME>
       <KEY_VALUE>szInstallDir</KEY_VALUE>
      </Install_Reg>
     </or>
    </McAfeeInstalled>
    <TrendMicroInstalled>
     <or>
      <INSTALL_REG>
       <TIMETOFAIL>60</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\TrendMicro\Vizor</KEY_NAME>
       <KEY_VALUE>ProductPath</KEY_VALUE>
      </INSTALL_REG>
      <WMI_AV>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PACKAGE_NAME>Trend Micro</PACKAGE_NAME>
      </WMI_AV>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\TrendMicro\PC-cillin</KEY_NAME>
       <KEY_VALUE>Application Path</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\TrendMicro\AntiVirus\15</KEY_NAME>
       <KEY_VALUE>ApplicationPath</KEY_VALUE>
      </Install_Reg>
     </or>
    </TrendMicroInstalled>
    <EZAntivirusInstalled>
     <or>
      <INSTALL_FILE>
       <TIMETOFAIL>60</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\ComputerAssociates\Anti-Virus Plus</KEY_NAME>
       <KEY_VALUE>InstallPath</KEY_VALUE>
       <FILE>isafe.exe</FILE>
      </INSTALL_FILE>
      <INSTALL_REG>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates</KEY_NAME>
       <KEY_VALUE>installLocation</KEY_VALUE>
      </INSTALL_REG>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\ComputerAssociates\Anti-Virus\Resident</KEY_NAME>
       <KEY_VALUE>vetpath</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\ComputerAssociates\eTrustAntivirus\CurrentVersion\Path</KEY_NAME>
       <KEY_VALUE>HOME</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\ComputerAssociates\ComputerAssociates\Anti-Virus\Install</KEY_NAME>
       <KEY_VALUE>ProgramPath</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\Path</KEY_NAME>
       <KEY_VALUE>HOME</KEY_VALUE>
      </Install_Reg>
     </or>
    </EZAntivirusInstalled>
    <SymantecInstalled>
     <or>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Symantec\Norton AntiVirus NT\Install\7.50</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Symantec\Norton AntiVirus\Install\7.50</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Symantec\Norton Antivirus</KEY_NAME>
       <KEY_VALUE>version</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Symantec\InstalledApps</KEY_NAME>
       <KEY_VALUE>N360</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Symantec\InstalledApps</KEY_NAME>
       <KEY_VALUE>NAV</KEY_VALUE>
      </Install_Reg>
     </or>
    </SymantecInstalled>
    <AVSymantecCorpInstalled>
     <or>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Symantec\Norton AntiVirus NT\Install\7.50</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Symantec\Norton AntiVirus\Install\7.50</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
      </Install_Reg>
     </or>
    </AVSymantecCorpInstalled>
    <McAfeeNAInstalled>
     <or>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx</KEY_NAME>
       <KEY_VALUE>szInstallDir</KEY_VALUE>
      </Install_Reg>
     </or>
    </McAfeeNAInstalled>
    <McAfee45Installed>
     <or>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN6500</KEY_NAME>
       <KEY_VALUE>Version</KEY_VALUE>
      </Install_Reg>
     </or>
    </McAfee45Installed>
    <TrendMicroCorpInstalled>
     <or>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\TrendMicro\OfficeScanCorp\CurrentVersion</KEY_NAME>
       <KEY_VALUE>Program Version</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\TrendMicro\OfficeScanCorp\CurrentVersion</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\TrendMicro\OfficeScanCorp\CurrentVersion</KEY_NAME>
       <KEY_VALUE>Application Path</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion</KEY_NAME>
       <KEY_VALUE>Application Path</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.</KEY_NAME>
       <KEY_VALUE>ProgramVer</KEY_VALUE>
      </Install_Reg>
     </or>
    </TrendMicroCorpInstalled>
    <PandaInstalled>
     <or>
      <INSTALL_REG>
       <TIMETOFAIL>60</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Panda Software\Setup</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
      </INSTALL_REG>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Panda Software\Panda Antivirus Platinum</KEY_NAME>
       <KEY_VALUE>PATH</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Panda Software\Panda Antivirus Lite</KEY_NAME>
       <KEY_VALUE>DIR</KEY_VALUE>
      </Install_Reg>
     </or>
    </PandaInstalled>
    <AVGInstalled>
     <or>
      <INSTALL_FILE>
       <TIMETOFAIL>60</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\AVG\AVG10</KEY_NAME>
       <KEY_VALUE>AvgDir</KEY_VALUE>
       <FILE>avgtray.exe</FILE>
      </INSTALL_FILE>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME>
       <KEY_VALUE>avg9_tray</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME>
       <KEY_VALUE>avgcc</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME>
       <KEY_VALUE>avg8_tray</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME>
       <KEY_VALUE>avg7_cc</KEY_VALUE>
      </Install_Reg>
     </or>
    </AVGInstalled>
    <AVGuardInstalled>
     <or>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\H+BEDV\AVWIN/95</KEY_NAME>
       <KEY_VALUE>AVWPath</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\H+BEDV\AVWin/NT</KEY_NAME>
       <KEY_VALUE>AVWPath</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\H+BEDV\AntiVir PersonalEdition Classic V 7</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Avira\AntiVir PersonalEdition Classic</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Avira\AntiVir Desktop</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Avira\AntiVir PersonalEdition Premium</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
      </Install_Reg>
      <Install_Reg>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Avira\AntiVir Workstation</KEY_NAME>
       <KEY_VALUE>Path</KEY_VALUE>
      </Install_Reg>
     </or>
    </AVGuardInstalled>
    <AuthentiumInstalled>
     <or>
      <FILE_EXISTS>
       <FULL_PATH>%programfiles%\Common Files\Command Software\csav.exe</FULL_PATH>
      </FILE_EXISTS>
      <FILE_EXISTS>
       <FULL_PATH>%programfiles%\Common Files\Authentium\AntiVirus\csav.exe</FULL_PATH>
      </FILE_EXISTS>
     </or>
    </AuthentiumInstalled>
    <AvastInstalled>
     <OR>
      <INSTALL_FILE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\ALWIL Software\Avast\4.0</KEY_NAME>
       <KEY_VALUE>Avast4ProgramFolder</KEY_VALUE>
       <FILE>aswDisp.exe</FILE>
      </INSTALL_FILE>
      <INSTALL_FILE>
       <TIMETOFAIL>60</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\AVAST Software\Avast</KEY_NAME>
       <KEY_VALUE>ProgramFolder</KEY_VALUE>
       <FILE>AvastUI.exe</FILE>
      </INSTALL_FILE>
      <INSTALL_FILE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\ALWIL Software\Avast\4.0</KEY_NAME>
       <KEY_VALUE>Avast4ProgramFolder</KEY_VALUE>
       <FILE>ashDisp.exe</FILE>
      </INSTALL_FILE>
      <INSTALL_FILE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\ALWIL Software\Avast\5.0</KEY_NAME>
       <KEY_VALUE>ProgramFolder</KEY_VALUE>
       <FILE>AvastSvc.exe</FILE>
      </INSTALL_FILE>
     </OR>
    </AvastInstalled>
    <MicrosoftOneCareInstalled>
     <or>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Microsoft\Microsoft Antimalware</KEY_NAME>
       <KEY_VALUE>InstallLocation</KEY_VALUE>
       <FILE>MpCmdRun.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Microsoft\MalwareProtection</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
       <FILE>MpEng.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Microsoft\OneCare Protection</KEY_NAME>
       <KEY_VALUE>InstallLocation</KEY_VALUE>
       <FILE>MsMpEng.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM</KEY_NAME>
       <KEY_VALUE>InstallLocation</KEY_VALUE>
       <FILE>MsMpEng.exe</FILE>
      </Install_File>
     </or>
    </MicrosoftOneCareInstalled>
    <BitdefenderInstalled>
     <or>
      <Install_File>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\SOFTWIN\BitDefender Desktop\Maintenance\Install</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
       <FILE>bdagent.exe</FILE>
      </Install_File>
      <Install_File>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\SOFTWIN\BitDefender Desktop\Maintenance\Install</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
       <FILE>bdnagent.exe</FILE>
      </Install_File>
      <Install_File>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\BitDefender\BitDefender Desktop\Maintenance\Install</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
       <FILE>bdagent.exe</FILE>
      </Install_File>
     </or>
    </BitdefenderInstalled>
    <KasperskyInstalled>
     <or>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</KEY_NAME>
       <KEY_VALUE>AVP</KEY_VALUE>
       <FILE>avp.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\KasperskyLab\SetupFolders</KEY_NAME>
       <KEY_VALUE>KAV2006</KEY_VALUE>
       <FILE>avp.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\KasperskyLab\SetupFolders</KEY_NAME>
       <KEY_VALUE>KIS6</KEY_VALUE>
       <FILE>avp.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\KasperskyLab\SetupFolders</KEY_NAME>
       <KEY_VALUE>KIS7</KEY_VALUE>
       <FILE>avp.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\KasperskyLab\SetupFolders</KEY_NAME>
       <KEY_VALUE>KIS8</KEY_VALUE>
       <FILE>avp.exe</FILE>
      </Install_File>
     </or>
    </KasperskyInstalled>
    <SpySweeperAntiVirusInstalled>
     <OR>
      <AND>
       <INSTALL_FILE>
        <TIMETOFAIL>300</TIMETOFAIL>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME>
        <KEY_VALUE>id</KEY_VALUE>
        <FILE>SpySweeper.exe</FILE>
       </INSTALL_FILE>
       <COMPARE_REG_VALUE>
        <TIMETOFAIL>300</TIMETOFAIL>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME>
        <KEY_VALUE>antivirusinstalled</KEY_VALUE>
        <VALUE_INT32>1</VALUE_INT32>
       </COMPARE_REG_VALUE>
      </AND>
      <INSTALL_FILE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME>
       <KEY_VALUE>id</KEY_VALUE>
       <FILE>AEI.exe</FILE>
      </INSTALL_FILE>
     </OR>
    </SpySweeperAntiVirusInstalled>
    <Nod32Installed>
     <or>
      <INSTALL_FILE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\ESET\ESET Security\CurrentVersion\Info</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
       <FILE>egui.exe</FILE>
      </INSTALL_FILE>
      <INSTALL_FILE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Eset\Nod\CurrentVersion\Info</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
       <FILE>x86\nod32krn.exe</FILE>
      </INSTALL_FILE>
      <INSTALL_FILE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Eset\ESET Security\CurrentVersion\Info</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
       <FILE>x86\ekrn.exe</FILE>
      </INSTALL_FILE>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Eset\ESET Security\CurrentVersion\Info</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
       <FILE>ekrn.exe</FILE>
      </Install_File>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Eset\Nod\CurrentVersion\Info</KEY_NAME>
       <KEY_VALUE>InstallDir</KEY_VALUE>
       <FILE>nod32krn.exe</FILE>
      </Install_File>
     </or>
    </Nod32Installed>
    <ZoneAlarmInstalled>
     <or>
      <Install_File>
       <TIMETOFAIL>300</TIMETOFAIL>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Zone Labs\ZoneAlarm</KEY_NAME>
       <KEY_VALUE>InstallDirectory</KEY_VALUE>
       <FILE>zonealarm.exe</FILE>
      </Install_File>
     </or>
    </ZoneAlarmInstalled>
    <SophosRunning>
     <or>
      <Running_Proc>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PROCESS>ICMON.EXE</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PROCESS>SWEEPSRV.SYS</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PROCESS>SavService.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PROCESS>ICSUPP95.EXE</PROCESS>
      </Running_Proc>
     </or>
    </SophosRunning>
    <McAfeeRunning>
     <or>
      <RUNNING_PROC>
       <PROCESS>McTray.exe</PROCESS>
      </RUNNING_PROC>
      <Running_Proc>
       <PROCESS>mcagent.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>mcvsshld.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>mcvsrte.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>mcshield.exe</PROCESS>
      </Running_Proc>
     </or>
    </McAfeeRunning>
    <TrendMicroRunning>
     <or>
      <WMI_AV>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PACKAGE_NAME>Titanium</PACKAGE_NAME>
       <RTS></RTS>
      </WMI_AV>
      <WMI_AV>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PACKAGE_NAME>Trend Micro</PACKAGE_NAME>
       <RTS></RTS>
      </WMI_AV>
      <Running_Proc>
       <TIMETOFAIL>60</TIMETOFAIL>
       <PROCESS>pcclient.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <TIMETOFAIL>60</TIMETOFAIL>
       <PROCESS>pccguide.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <TIMETOFAIL>60</TIMETOFAIL>
       <PROCESS>TmProxy.exe</PROCESS>
      </Running_Proc>
     </or>
    </TrendMicroRunning>
    <EZAntivirusRunning>
     <or>
      <WMI_AV>
       <TIMETOFAIL>60</TIMETOFAIL>
       <PACKAGE_NAME>CA Anti-Virus Plus</PACKAGE_NAME>
       <RTS></RTS>
      </WMI_AV>
      <AND>
       <COMPARE_REG_VALUE>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust Suite Personal\am\</KEY_NAME>
        <KEY_VALUE>rton</KEY_VALUE>
        <VALUE_INT32>2</VALUE_INT32>
       </COMPARE_REG_VALUE>
       <RUNNING_PROC>
        <PROCESS>casc.exe</PROCESS>
       </RUNNING_PROC>
      </AND>
      <Running_Proc>
       <PROCESS>VetTray.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>cavrid.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>InoRpc.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>InoRT.exe</PROCESS>
      </Running_Proc>
      <AND>
       <Running_Proc>
        <PROCESS>iSafe.exe</PROCESS>
       </Running_Proc>
       <COMPARE_REG_VALUE>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SYSTEM\ControlSet001\Services\VETFDDNT</KEY_NAME>
        <KEY_VALUE>EnableScan</KEY_VALUE>
        <VALUE_INT32>1</VALUE_INT32>
       </COMPARE_REG_VALUE>
      </AND>
     </or>
    </EZAntivirusRunning>
    <SymantecRunning>
     <or>
      <Running_Proc>
       <PROCESS>VpTray.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>rtvscan.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>DefWatch.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>ccapp.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>navapsvc.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>ccSvcHst.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>symlcsvc.exe</PROCESS>
      </Running_Proc>
      <COMPARE_REG_VALUE>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SYSTEM\ControlSet001\Services\SRTSP</KEY_NAME>
       <KEY_VALUE>Start</KEY_VALUE>
       <VALUE_INT32>1</VALUE_INT32>
      </COMPARE_REG_VALUE>
     </or>
    </SymantecRunning>
    <SymantecCorpRunning>
     <or>
      <Running_Proc>
       <PROCESS>VpTray.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>rtvscan.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>DefWatch.exe</PROCESS>
      </Running_Proc>
     </or>
    </SymantecCorpRunning>
    <McAfeeNARunning>
     <or>
      <Running_Proc>
       <PROCESS>McShield.exe</PROCESS>
      </Running_Proc>
     </or>
    </McAfeeNARunning>
    <McAfee45Running>
     <or>
      <Running_Proc>
       <PROCESS>vshwin32.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>vsstat.exe</PROCESS>
      </Running_Proc>
     </or>
    </McAfee45Running>
    <TrendMicroCorpRunning>
     <or>
      <Running_Proc>
       <TIMETOFAIL>60</TIMETOFAIL>
       <PROCESS>NTRtScan.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <TIMETOFAIL>60</TIMETOFAIL>
       <PROCESS>PCCWin97.exe</PROCESS>
      </Running_Proc>
     </or>
    </TrendMicroCorpRunning>
    <PandaRunning>
     <or>
      <WMI_AV>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PACKAGE_NAME>Panda Cloud Antivirus</PACKAGE_NAME>
       <RTS></RTS>
      </WMI_AV>
      <Running_Proc>
       <PROCESS>apvxdwin.exe</PROCESS>
      </Running_Proc>
     </or>
    </PandaRunning>
    <AVGRunning>
     <or>
      <Running_Proc>
       <PROCESS>avgamsvr.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>avgwdsvc.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>avgcc</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>avgwdsvc.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>avgcc.exe</PROCESS>
      </Running_Proc>
     </or>
    </AVGRunning>
    <AVGuardRunning>
     <or>
      <Running_Proc>
       <PROCESS>AVGUARD.EXE</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <PROCESS>AVGCTRL.EXE</PROCESS>
      </Running_Proc>
     </or>
    </AVGuardRunning>
    <AuthentiumRunning>
     <or>
      <Running_Proc>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PROCESS>avinitnt.exe</PROCESS>
      </Running_Proc>
     </or>
    </AuthentiumRunning>
    <AvastRunning>
     <OR>
      <AND>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>ashDisp.exe</PROCESS>
       </RUNNING_PROC>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>ashserv.exe</PROCESS>
       </RUNNING_PROC>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>ashwebsv.exe</PROCESS>
       </RUNNING_PROC>
      </AND>
      <AND>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>aswmaisv.exe</PROCESS>
       </RUNNING_PROC>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>aswwebsv.exe</PROCESS>
       </RUNNING_PROC>
      </AND>
      <AND>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>ashDisp.exe</PROCESS>
       </RUNNING_PROC>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>ashmaisv.exe</PROCESS>
       </RUNNING_PROC>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>ashwebsv.exe</PROCESS>
       </RUNNING_PROC>
      </AND>
      <AND>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>AvastSvc.exe</PROCESS>
       </RUNNING_PROC>
       <SERVICE_RUNNING>
        <TIMETOFAIL>300</TIMETOFAIL>
        <SERVICE>avast! Antivirus</SERVICE>
       </SERVICE_RUNNING>
      </AND>
     </OR>
    </AvastRunning>
    <MicrosoftOneCareRunning>
     <or>
      <and>
       <Running_Proc>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>msseces.exe</PROCESS>
        <EXACT_MATCH>true</EXACT_MATCH>
       </Running_Proc>
       <NOT>
        <COMPARE_REG_VALUE>
         <HKEY>HKLM</HKEY>
         <KEY_NAME>SOFTWARE\Microsoft\Microsoft Antimalware\Real-Time Protection</KEY_NAME>
         <KEY_VALUE>DisableRealtimeMonitoring</KEY_VALUE>
         <VALUE_INT32>1</VALUE_INT32>
        </COMPARE_REG_VALUE>
       </NOT>
      </and>
      <and>
       <Running_Proc>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>MsMpEng.exe</PROCESS>
        <EXACT_MATCH>true</EXACT_MATCH>
       </Running_Proc>
       <or>
        <COMPARE_REG_VALUE>
         <TIMETOFAIL>300</TIMETOFAIL>
         <HKEY>HKLM</HKEY>
         <KEY_NAME>SOFTWARE\Microsoft\OneCare Protection\Real-Time Protection</KEY_NAME>
         <KEY_VALUE>DisableAntiVirusRealtimeProtection</KEY_VALUE>
         <VALUE_INT32>0</VALUE_INT32>
        </COMPARE_REG_VALUE>
        <NOT>
         <COMPARE_REG_VALUE>
          <HKEY>HKLM</HKEY>
          <KEY_NAME>SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Real-Time Protection</KEY_NAME>
          <KEY_VALUE>DisableAntiVirus</KEY_VALUE>
          <VALUE_INT32>1</VALUE_INT32>
         </COMPARE_REG_VALUE>
        </NOT>
       </or>
      </and>
     </or>
    </MicrosoftOneCareRunning>
    <BitdefenderRunning>
     <or>
      <Running_Proc>
       <TIMETOFAIL>60</TIMETOFAIL>
       <PROCESS>bdagent.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <TIMETOFAIL>60</TIMETOFAIL>
       <PROCESS>bdnagent.exe</PROCESS>
      </Running_Proc>
     </or>
    </BitdefenderRunning>
    <KasperskyRunning>
     <or>
      <Running_Proc>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PROCESS>avp.exe</PROCESS>
      </Running_Proc>
      <COMPARE_REG_VALUE>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP7</KEY_NAME>
       <KEY_VALUE>enabled</KEY_VALUE>
       <VALUE_INT32>1</VALUE_INT32>
      </COMPARE_REG_VALUE>
     </or>
    </KasperskyRunning>
    <SpySweeperAntiVirusRunning>
     <OR>
      <AND>
       <RUNNING_PROC>
        <TIMETOFAIL>300</TIMETOFAIL>
        <PROCESS>SpySweeper.exe</PROCESS>
       </RUNNING_PROC>
       <COMPARE_REG_VALUE>
        <TIMETOFAIL>300</TIMETOFAIL>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME>
        <KEY_VALUE>antivirusinstalled</KEY_VALUE>
        <VALUE_INT32>1</VALUE_INT32>
       </COMPARE_REG_VALUE>
      </AND>
      <AND>
       <COMPARE_REG_VALUE>
        <TIMETOFAIL>60</TIMETOFAIL>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME>
        <KEY_VALUE>scanonwrite</KEY_VALUE>
        <VALUE_INT32>1</VALUE_INT32>
       </COMPARE_REG_VALUE>
       <RUNNING_PROC>
        <TIMETOFAIL>60</TIMETOFAIL>
        <PROCESS>WRConsumerService.exe</PROCESS>
       </RUNNING_PROC>
      </AND>
     </OR>
    </SpySweeperAntiVirusRunning>
    <Nod32Running>
     <or>
      <Running_Proc>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PROCESS>nod32krn.exe</PROCESS>
      </Running_Proc>
      <Running_Proc>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PROCESS>ekrn.exe</PROCESS>
      </Running_Proc>
     </or>
    </Nod32Running>
    <ZoneAlarmRunning>
     <AND>
      <Running_Proc>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PROCESS>zlclient.exe</PROCESS>
      </Running_Proc>
      <COMPARE_REG_VALUE>
       <HKEY>HKLM</HKEY>
       <KEY_NAME>SOFTWARE\Zone Labs\ZoneAlarm</KEY_NAME>
       <KEY_VALUE>AVInstalled</KEY_VALUE>
       <VALUE_INT32>1</VALUE_INT32>
      </COMPARE_REG_VALUE>
     </AND>
    </ZoneAlarmRunning>
    <SophosDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>vdl*.vdb</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Sophos\Sweep95</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>vdl*.vdb</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Sophos\SweepNT</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.ide</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Sophos\Sweep95</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.ide</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Sophos\SweepNT</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>vdl*.vdb</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Sophos\SAVService\Application</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.ide</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Sophos\SAVService\Application</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </SophosDefinitions>
    <McAfeeDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*scan.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\McAfee.com\Virusscan Online</KEY_NAME>
        <KEY_VALUE>Install Dir</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*scan.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx</KEY_NAME>
        <KEY_VALUE>dat</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*scan.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\McAfee\AVEngine</KEY_NAME>
        <KEY_VALUE>dat</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </McAfeeDefinitions>
    <TrendMicroDefinitions>
     <or>
      <WMI_AV>
       <TIMETOFAIL>300</TIMETOFAIL>
       <PACKAGE_NAME>Titanium</PACKAGE_NAME>
       <DEFS></DEFS>
      </WMI_AV>
      <WMI_AV>
       <PACKAGE_NAME>Trend Micro</PACKAGE_NAME>
       <DEFS></DEFS>
      </WMI_AV>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\TrendMicro\PC-cillin</KEY_NAME>
        <KEY_VALUE>Application Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\TrendMicro\AntiVirus\15\Directory</KEY_NAME>
        <KEY_VALUE>DcsPatternPath</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </TrendMicroDefinitions>
    <EZAntivirusDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\ComputerAssociates\Anti-Virus Plus</KEY_NAME>
        <KEY_VALUE>InstallPath</KEY_VALUE>
       </INSTALL_REG>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>core\vet.dat</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ISafe\</KEY_NAME>
        <KEY_VALUE>EngineDataPath</KEY_VALUE>
       </INSTALL_REG>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>vet.dat</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>vet.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\ComputerAssociates\Anti-Virus\Resident</KEY_NAME>
        <KEY_VALUE>vetpath</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>vet.da1</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\ComputerAssociates\ScanEngine\Path</KEY_NAME>
        <KEY_VALUE>Engine</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>vet.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\ComputerAssociates\ScanEngine\Path</KEY_NAME>
        <KEY_VALUE>Engine</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>vet.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\ComputerAssociates\ComputerAssociates\Anti-Virus\Install</KEY_NAME>
        <KEY_VALUE>ProgramPath</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </EZAntivirusDefinitions>
    <AVSymantecDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>..\Definitions\VirusDefs\definfo.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Symantec\SymNetDrv\Parameters</KEY_NAME>
        <KEY_VALUE>SettingsPath</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_DIR_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Symantec\InstalledApps</KEY_NAME>
        <KEY_VALUE>AVENGEDEFS</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_DIR_DATE>
      <VDEF_BY_DIR_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SYSTEM\CurrentControlSet\Services\eeCtrl\Parameters</KEY_NAME>
        <KEY_VALUE>LastUsedDefs</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_DIR_DATE>
     </or>
    </AVSymantecDefinitions>
    <SymantecCorpDefinitions>
     <or>
      <VDEF_BY_DIR_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Symantec\InstalledApps</KEY_NAME>
        <KEY_VALUE>AVENGEDEFS</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_DIR_DATE>
     </or>
    </SymantecCorpDefinitions>
    <McAfeeNADefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>scan.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx</KEY_NAME>
        <KEY_VALUE>dat</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </McAfeeNADefinitions>
    <McAfee45Definitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>scan.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx</KEY_NAME>
        <KEY_VALUE>dat</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </McAfee45Definitions>
    <TrendMicroCorpDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\TrendMicro\PC-cillin</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\OfficeScanCorp\CurrentVersion</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion</KEY_NAME>
        <KEY_VALUE>Application Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </TrendMicroCorpDefinitions>
    <PandaDefinitions>
     <or>
      <WMI_AV>
       <TIMETOFAIL>60</TIMETOFAIL>
       <PACKAGE_NAME>Panda Cloud Antivirus</PACKAGE_NAME>
       <DEFS></DEFS>
      </WMI_AV>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>pav.sig</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Panda Software\Panda Antivirus Platinum</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>pav.sig</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Panda Software\Panda Antivirus Lite</KEY_NAME>
        <KEY_VALUE>DIR</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </PandaDefinitions>
    <AVGDefinitions>
     <or>
      <FILE_INFO>
       <PATH>%SystemRoot%\system32\drivers\Avg\</PATH>
       <PATTERN>.avm</PATTERN>
       <DAYS>14</DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <OP>LT</OP>
      </FILE_INFO>
      <FILE_INFO>
       <PATH>%SystemRoot%\system32\drivers\Avg\</PATH>
       <PATTERN>.avg</PATTERN>
       <DAYS>14</DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <OP>LT</OP>
      </FILE_INFO>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>microavi.avg</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME>
        <KEY_VALUE>avgcc</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>microavi.avg</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall\Directories</KEY_NAME>
        <KEY_VALUE>dir_AvgDir</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>miniavi.avg</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME>
        <KEY_VALUE>avg7_cc</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>microavi.avg</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME>
        <KEY_VALUE>avg7_cc</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>updvers.cfg</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME>
        <KEY_VALUE>avgcc</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>updvers.cfg</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME>
        <KEY_VALUE>avg7_cc</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </AVGDefinitions>
    <AVGuardDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Avira\AntiVir Desktop</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>vbase*.VDF</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>ANTIVIR.VDF</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\H+BEDV\AVWIN/95</KEY_NAME>
        <KEY_VALUE>AVWPath</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\H+BEDV\AntiVir PersonalEdition Classic V 7</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>ANTIVIR.VDF</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\H+BEDV\AVWin/NT</KEY_NAME>
        <KEY_VALUE>AVWPath</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Avira\AntiVir PersonalEdition Classic</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Avira\AntiVir Desktop</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Avira\AntiVir PersonalEdition Premium</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Avira\AntiVir Workstation</KEY_NAME>
        <KEY_VALUE>Path</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </AVGuardDefinitions>
    <AuthentiumDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>Common Files\Command Software\sign2.def</FILE_TEMPLATE>
       <PATH_TYPE>Program Files</PATH_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>Common Files\Authentium\AntiVirus\sign2.def</FILE_TEMPLATE>
       <PATH_TYPE>Program Files</PATH_TYPE>
      </VDEF_BY_FILE_DATE>
     </or>
    </AuthentiumDefinitions>
    <AvastDefinitions>
     <OR>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\AVAST Software\Avast</KEY_NAME>
        <KEY_VALUE>ProgramFolder</KEY_VALUE>
       </INSTALL_REG>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>defs\aswdefs.ini</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\ALWIL Software\Avast\4.0</KEY_NAME>
        <KEY_VALUE>Avast4ProgramFolder</KEY_VALUE>
       </INSTALL_REG>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>setup\summary.txt</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\ALWIL Software\Avast\5.0</KEY_NAME>
        <KEY_VALUE>ProgramFolder</KEY_VALUE>
       </INSTALL_REG>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>defs\*</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
     </OR>
    </AvastDefinitions>
    <MicrosoftOneCareDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.vdm</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates</KEY_NAME>
        <KEY_VALUE>SignatureLocation</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>mpdef.vdm</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\MalwareProtection</KEY_NAME>
        <KEY_VALUE>DataDirectory</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.vdm</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\OneCare Protection\Signature Updates</KEY_NAME>
        <KEY_VALUE>SignatureLocation</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.vdm</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates</KEY_NAME>
        <KEY_VALUE>SignatureLocation</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </MicrosoftOneCareDefinitions>
    <BitdefenderDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\BitDefender\BitDefender Desktop\Maintenance\Install</KEY_NAME>
        <KEY_VALUE>InstallDir</KEY_VALUE>
       </INSTALL_REG>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>installer\BDUpdateV1.xml</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.dll</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\SOFTWIN\BitDefender Desktop\Maintenance\Install</KEY_NAME>
        <KEY_VALUE>InstallDir</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>events.xml</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\SOFTWIN\BitDefender Desktop\Maintenance\Install</KEY_NAME>
        <KEY_VALUE>InstallDir</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>v_live_s.xml</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\BitDefender\Livesrv</KEY_NAME>
        <KEY_VALUE>Path_Live</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </BitdefenderDefinitions>
    <KasperskyDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP11\environment</KEY_NAME>
        <KEY_VALUE>DataRoot</KEY_VALUE>
       </INSTALL_REG>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>Bases\*.dat</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP11\CKAHUM\LastSet</KEY_NAME>
        <KEY_VALUE>Directory</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.avc</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP11\CKAHUM\LastSet</KEY_NAME>
        <KEY_VALUE>Directory</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP80\CKAHUM\LastSet</KEY_NAME>
        <KEY_VALUE>Directory</KEY_VALUE>
       </INSTALL_REG>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>*.dat</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>Bases\*.avc</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP7\environment</KEY_NAME>
        <KEY_VALUE>DataRoot</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>Bases\*.kdc</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP9\environment</KEY_NAME>
        <KEY_VALUE>DataRoot</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>Bases\*.avc</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\AVP6\environment</KEY_NAME>
        <KEY_VALUE>DataRoot</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.avc</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\AVP6\CKAHUM\LastSet</KEY_NAME>
        <KEY_VALUE>Directory</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.avc</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP7\CKAHUM\LastSet</KEY_NAME>
        <KEY_VALUE>Directory</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>*.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP8\CKAHUM\LastSet</KEY_NAME>
        <KEY_VALUE>Directory</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </KasperskyDefinitions>
    <SpySweeperAntiVirusDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>\antivirus\*.ide</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME>
        <KEY_VALUE>id</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </SpySweeperAntiVirusDefinitions>
    <Nod32Definitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>nod32.0*</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Eset\Nod\CurrentVersion\Info</KEY_NAME>
        <KEY_VALUE>InstallDir</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <TIMETOFAIL>300</TIMETOFAIL>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>em00*.dat</FILE_TEMPLATE>
       <INSTALL_REG>
        <HKEY>HKLM</HKEY>
        <KEY_NAME>SOFTWARE\Eset\ESET Security\CurrentVersion\Info</KEY_NAME>
        <KEY_VALUE>InstallDir</KEY_VALUE>
       </INSTALL_REG>
      </VDEF_BY_FILE_DATE>
     </or>
    </Nod32Definitions>
    <ZoneAlarmDefinitions>
     <or>
      <VDEF_BY_FILE_DATE>
       <PATH_TYPE>PROGRAM FILES</PATH_TYPE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>..\Windows\SysWOW64\ZoneLabs\avsys\bases\*.dat</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
       <FILE_TEMPLATE>ZoneLabs\avsys\bases\*.avc</FILE_TEMPLATE>
       <PATH_TYPE>SYSTEM</PATH_TYPE>
      </VDEF_BY_FILE_DATE>
      <VDEF_BY_FILE_DATE>
       <PATH_TYPE>SYSTEM</PATH_TYPE>
       <MAX_DAYS>14</MAX_DAYS>
       <FILE_TEMPLATE>ZoneLabs\avsys\bases\*.dat</FILE_TEMPLATE>
       <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE>
      </VDEF_BY_FILE_DATE>
     </or>
    </ZoneAlarmDefinitions>
   </SUBROUTINES>
   <LOGIC>
    <IF>
     <COND>( PolicyKeyPass )</COND>
     <THEN>
      <POLICY>
       <id>1</id>
       <result>pass</result>
       <adminMsgIDs>0</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
   </LOGIC>
   <LOGIC>
    <IF>
     <COND>(  OS_OSX )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>8</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( SophosInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>200</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( McAfeeInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>210</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( TrendMicroInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>220</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( EZAntivirusInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>230</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( SymantecInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>240</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( AVSymantecCorpInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>250</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( McAfeeNAInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>260</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( McAfee45Installed )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>270</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( TrendMicroCorpInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>280</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( PandaInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>290</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( AVGInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>300</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( AVGuardInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>310</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( AuthentiumInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>320</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( AvastInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>330</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( MicrosoftOneCareInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>340</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( BitdefenderInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>350</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( KasperskyInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>360</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( SpySweeperAntiVirusInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>370</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( Nod32Installed )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>380</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( ZoneAlarmInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>true</result>
       <adminMsgIDs>390</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( !SophosInstalled * !McAfeeInstalled * !TrendMicroInstalled * !EZAntivirusInstalled * !SymantecInstalled * !AVSymantecCorpInstalled * !McAfeeNAInstalled * !McAfee45Installed * !TrendMicroCorpInstalled * !PandaInstalled * !AVGInstalled * !AVGuardInstalled * !AuthentiumInstalled * !AvastInstalled * !MicrosoftOneCareInstalled * !BitdefenderInstalled * !KasperskyInstalled * !SpySweeperAntiVirusInstalled * !Nod32Installed * !ZoneAlarmInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15014</id>
       <result>false</result>
       <adminMsgIDs>10</adminMsgIDs>
       <webMessageID>6</webMessageID>
      </POLICY>
     </THEN>
    </IF>
   </LOGIC>
   <LOGIC>
    <IF>
     <COND>(  OS_OSX )</COND>
     <THEN>
      <POLICY>
       <id>15015</id>
       <result>true</result>
       <adminMsgIDs>8</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( !SophosInstalled * !McAfeeInstalled * !TrendMicroInstalled * !EZAntivirusInstalled * !SymantecInstalled * !AVSymantecCorpInstalled * !McAfeeNAInstalled * !McAfee45Installed * !TrendMicroCorpInstalled * !PandaInstalled * !AVGInstalled * !AVGuardInstalled * !AuthentiumInstalled * !AvastInstalled * !MicrosoftOneCareInstalled * !BitdefenderInstalled * !KasperskyInstalled * !SpySweeperAntiVirusInstalled * !Nod32Installed * !ZoneAlarmInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15015</id>
       <result>false</result>
       <adminMsgIDs>10</adminMsgIDs>
       <webMessageID>6</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( SophosInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( SophosRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>201</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>206</adminMsgIDs>
         <webMessageID>7</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( McAfeeInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( McAfeeRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>211</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>216</adminMsgIDs>
         <webMessageID>9</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( TrendMicroInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( TrendMicroRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>221</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>226</adminMsgIDs>
         <webMessageID>11</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( EZAntivirusInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( EZAntivirusRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>231</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>236</adminMsgIDs>
         <webMessageID>13</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( SymantecInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( SymantecRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>241</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>246</adminMsgIDs>
         <webMessageID>15</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AVSymantecCorpInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( SymantecCorpRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>251</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>256</adminMsgIDs>
         <webMessageID>17</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( McAfeeNAInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( McAfeeNARunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>261</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>266</adminMsgIDs>
         <webMessageID>19</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( McAfee45Installed  )</COND>
     <THEN>
      <IF>
       <COND>( McAfee45Running  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>271</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>276</adminMsgIDs>
         <webMessageID>21</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( TrendMicroCorpInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( TrendMicroCorpRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>281</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>286</adminMsgIDs>
         <webMessageID>23</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( PandaInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( PandaRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>291</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>296</adminMsgIDs>
         <webMessageID>25</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AVGInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( AVGRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>301</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>306</adminMsgIDs>
         <webMessageID>27</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AVGuardInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( AVGuardRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>311</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>316</adminMsgIDs>
         <webMessageID>29</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AuthentiumInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( AuthentiumRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>321</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>326</adminMsgIDs>
         <webMessageID>110</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AvastInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( AvastRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>331</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>336</adminMsgIDs>
         <webMessageID>115</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( MicrosoftOneCareInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( MicrosoftOneCareRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>341</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>346</adminMsgIDs>
         <webMessageID>120</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( BitdefenderInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( BitdefenderRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>351</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>356</adminMsgIDs>
         <webMessageID>125</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( KasperskyInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( KasperskyRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>361</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>366</adminMsgIDs>
         <webMessageID>200</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( SpySweeperAntiVirusInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( SpySweeperAntiVirusRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>371</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>376</adminMsgIDs>
         <webMessageID>202</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( Nod32Installed  )</COND>
     <THEN>
      <IF>
       <COND>( Nod32Running  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>381</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>386</adminMsgIDs>
         <webMessageID>204</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( ZoneAlarmInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( ZoneAlarmRunning  )</COND>
       <THEN>
        <POLICY>
         <id>15015</id>
         <result>true</result>
         <adminMsgIDs>391</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15015</id>
         <result>false</result>
         <adminMsgIDs>396</adminMsgIDs>
         <webMessageID>206</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
   </LOGIC>
   <LOGIC>
    <IF>
     <COND>(  OS_OSX )</COND>
     <THEN>
      <POLICY>
       <id>15016</id>
       <result>true</result>
       <adminMsgIDs>8</adminMsgIDs>
       <webMessageID>0</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( !SophosInstalled * !McAfeeInstalled * !TrendMicroInstalled * !EZAntivirusInstalled * !SymantecInstalled * !AVSymantecCorpInstalled * !McAfeeNAInstalled * !McAfee45Installed * !TrendMicroCorpInstalled * !PandaInstalled * !AVGInstalled * !AVGuardInstalled * !AuthentiumInstalled * !AvastInstalled * !MicrosoftOneCareInstalled * !BitdefenderInstalled * !KasperskyInstalled * !SpySweeperAntiVirusInstalled * !Nod32Installed * !ZoneAlarmInstalled )</COND>
     <THEN>
      <POLICY>
       <id>15016</id>
       <result>false</result>
       <adminMsgIDs>11</adminMsgIDs>
       <webMessageID>6</webMessageID>
      </POLICY>
     </THEN>
    </IF>
    <IF>
     <COND>( SophosInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( SophosDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>202</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>207</adminMsgIDs>
         <webMessageID>8</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( McAfeeInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( McAfeeDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>212</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>217</adminMsgIDs>
         <webMessageID>10</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( TrendMicroInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( TrendMicroDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>222</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>227</adminMsgIDs>
         <webMessageID>12</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( EZAntivirusInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( EZAntivirusDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>232</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>237</adminMsgIDs>
         <webMessageID>14</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( SymantecInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( AVSymantecDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>242</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>247</adminMsgIDs>
         <webMessageID>16</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AVSymantecCorpInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( SymantecCorpDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>252</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>257</adminMsgIDs>
         <webMessageID>18</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( McAfeeNAInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( McAfeeNADefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>262</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>267</adminMsgIDs>
         <webMessageID>20</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( McAfee45Installed  )</COND>
     <THEN>
      <IF>
       <COND>( McAfee45Definitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>272</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>277</adminMsgIDs>
         <webMessageID>22</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( TrendMicroCorpInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( TrendMicroCorpDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>282</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>287</adminMsgIDs>
         <webMessageID>24</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( PandaInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( PandaDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>292</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>297</adminMsgIDs>
         <webMessageID>26</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AVGInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( AVGDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>302</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>307</adminMsgIDs>
         <webMessageID>28</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AVGuardInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( AVGuardDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>312</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>317</adminMsgIDs>
         <webMessageID>30</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AuthentiumInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( AuthentiumDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>322</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>327</adminMsgIDs>
         <webMessageID>111</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( AvastInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( AvastDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>332</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>337</adminMsgIDs>
         <webMessageID>116</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( MicrosoftOneCareInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( MicrosoftOneCareDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>342</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>347</adminMsgIDs>
         <webMessageID>121</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( BitdefenderInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( BitdefenderDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>352</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>357</adminMsgIDs>
         <webMessageID>126</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( KasperskyInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( KasperskyDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>362</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>367</adminMsgIDs>
         <webMessageID>201</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( SpySweeperAntiVirusInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( SpySweeperAntiVirusDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>372</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>377</adminMsgIDs>
         <webMessageID>203</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( Nod32Installed  )</COND>
     <THEN>
      <IF>
       <COND>( Nod32Definitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>382</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>387</adminMsgIDs>
         <webMessageID>205</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
    <IF>
     <COND>( ZoneAlarmInstalled  )</COND>
     <THEN>
      <IF>
       <COND>( ZoneAlarmDefinitions  )</COND>
       <THEN>
        <POLICY>
         <id>15016</id>
         <result>true</result>
         <adminMsgIDs>392</adminMsgIDs>
         <webMessageID>0</webMessageID>
        </POLICY>
       </THEN>
       <ELSE>
        <POLICY>
         <id>15016</id>
         <result>false</result>
         <adminMsgIDs>397</adminMsgIDs>
         <webMessageID>207</webMessageID>
        </POLICY>
       </ELSE>
      </IF>
     </THEN>
    </IF>
   </LOGIC>
  </hss>
 </ctrl_policy>
 <ctrl_ilan_restore></ctrl_ilan_restore>
</scanResult_response>

Sign in

Sent

<PKResponse><Header><localIpAddress>129.24.255.135</localIpAddress><observedIP>129.24.255.135</observedIP><macaddress>74-F0-6D-64-3B-C2</macaddress><sessionUID>693693338121519</sessionUID><OS_NAME>OS_WINXP_32</OS_NAME><pkProgramBuild>5036.223</pkProgramBuild><canILan>false</canILan><hostName>cs-3a3e67ed38e0</hostName><userName>jeffk</userName><domain>NONE</domain><startup>false</startup><interactive>true</interactive></Header><localTime>[06-21-2011 22:58:38]</localTime><Policies><Policy><id>1</id><result>true</result><adminMsgIDs>0</adminMsgIDs><webMessageID></webMessageID></Policy><Policy><id>15014</id><result>false</result><adminMsgIDs>10</adminMsgIDs><webMessageID>6</webMessageID></Policy><Policy><id>15015</id><result>false</result><adminMsgIDs>10</adminMsgIDs><webMessageID>6</webMessageID></Policy><Policy><id>15016</id><result>false</result><adminMsgIDs>11</adminMsgIDs><webMessageID>6</webMessageID></Policy></Policies><delta>true</delta></PKResponse>

Received

<scanResult_response>
 <ctrl_set_observed_ip>129.24.255.135</ctrl_set_observed_ip>
 <ctrl_ping_no_user>0</ctrl_ping_no_user>
 <ctrl_next_ping>285</ctrl_next_ping>
 <view_webpage>https://safeconnect.unm.edu:8443//clientStatus.!^</view_webpage>
 <ctrl_ilan_restore></ctrl_ilan_restore>
</scanResult_response>

Ping

Sent

<PKResponse><Header><localIpAddress>129.24.255.135</localIpAddress><observedIP>129.24.255.135</observedIP><macaddress>74-F0-6D-64-3B-C2</macaddress><sessionUID>693693338121519</sessionUID><OS_NAME>OS_WINXP_32</OS_NAME><pkProgramBuild>5036.223</pkProgramBuild><canILan>false</canILan><hostName>cs-3a3e67ed38e0</hostName><userName>jeffk</userName><domain>NONE</domain><startup>false</startup><interactive>true</interactive></Header><localTime>[06-21-2011 23:03:23]</localTime><Policies><Policy><id>1</id><result>true</result><adminMsgIDs>0</adminMsgIDs><webMessageID></webMessageID></Policy><Policy><id>15014</id><result>false</result><adminMsgIDs>10</adminMsgIDs><webMessageID>6</webMessageID></Policy><Policy><id>15015</id><result>false</result><adminMsgIDs>10</adminMsgIDs><webMessageID>6</webMessageID></Policy><Policy><id>15016</id><result>false</result><adminMsgIDs>11</adminMsgIDs><webMessageID>6</webMessageID></Policy></Policies><delta>false</delta></PKResponse>

Received

<scanResult_response>
 <ctrl_set_observed_ip>129.24.255.135</ctrl_set_observed_ip>
 <ctrl_ping_no_user>0</ctrl_ping_no_user>
 <ctrl_next_ping>283</ctrl_next_ping>
 <ctrl_ilan_restore></ctrl_ilan_restore>
</scanResult_response>

Upgrade response

<scanResult_response>
 <ctrl_agent_uid_issued>765329926966569</ctrl_agent_uid_issued>
 <ctrl_install>
  <version>5036.223</version>
  <update>
   <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/scManager.dll</sourceurl>
   <destname>scManager.dll</destname>
   <md5hexkey>7a9873e0792896c8adc29a252cadc08e</md5hexkey>
   <platform>windows</platform>
  </update>
  <update>
   <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/scManager.sys</sourceurl>
   <destname>scManager.sys</destname>
   <md5hexkey>8cff9fbaa8c6e03dbdc0cde6028d83df</md5hexkey>
   <platform>windows</platform>
  </update>
  <update>
   <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/scPcServiceUninstall.exe</sourceurl>
   <destname>Uninstall.exe</destname>
   <md5hexkey>fa7f287da43f254e900e92ed3f80e61a</md5hexkey>
   <platform>windows</platform>
  </update>
  <update>
   <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/SCClient.dll</sourceurl>
   <destname>SCClient.dll</destname>
   <md5hexkey>b0620d80e97a65445748695543e3e19a</md5hexkey>
   <platform>windows</platform>
  </update>
  <update>
   <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/SCClient.exe</sourceurl>
   <destname>SCClient.exe</destname>
   <md5hexkey>ca7038e5252b81aa4a35b182bbdcc86d</md5hexkey>
   <platform>windows</platform>
  </update>
  <update>
   <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/SCUpdate.sys</sourceurl>
   <destname>SCUpdate.sys</destname>
   <md5hexkey>10abcb29eb744b2e8e0bc02641f8d798</md5hexkey>
   <platform>windows</platform>
  </update>
 </ctrl_install>
 <ctrl_set_observed_ip>129.24.255.204</ctrl_set_observed_ip>
 <ctrl_ping_no_user>0</ctrl_ping_no_user>
 <ctrl_next_ping>150</ctrl_next_ping>
 <ctrl_ilan_restore></ctrl_ilan_restore>
</scanResult_response>     

This material is based upon work supported by the National Science Foundation under Grant No. 0844880. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.