In version 4250.121, SafeConnect only uses symmetric encryption (see below) to protect against receiving spoofed upgrades. In version 5036.223, SafeConnect additionally checks that the upgrade *.dll and *.exe files are digitally signed by them. Problem: version 4250.121 was also digitally signed by them. By spoofing an "upgrade" to version 4250.121 and then an "upgrade" to code of your choosing, you can still run arbitrary code on victims' machines. The python code server.tar.gz is a "hello world" exploit demonstrating the vulnerability:
For UNM's SafeConnect, this exploit requires you to reroute traffic on the victim's network for 198.31.193.211 to a machine running this server. This exploit could also be modified to work via packet injection over UNM's wifi network.
SafeConnect can overcome this vulnerability by verifying not only that the upgrade files are digitally signed by them but also that they have a greater version number; however, this vulnerability demonstrates that Network Access Control (NAC) software like SafeConnect, while appearing to increase your computer's security, can actually open it up to a new dimension of threats. To protect yourself from this vulnerability, we recommend that you uninstall SafeConnect immediately.
Traffic between the client and server is encrypted XML. It can be decrypted using the following 12 byte Blowfish key in ECB mode:
\x4f\xbd\x06\x00\x00\xca\x9c\x18\x03\xfc\x91\x3f
The python code decrypt.py can decrypt the encrypted traffic. The above key appears in binary in scManager.dll. The same key was found to appear in the same file and offset in the SafeConnect clients distributed by at least the following academic institutions:
<PKResponse><Header><localIpAddress>129.24.255.135</localIpAddress><observedIP></observedIP><macaddress>74-F0-6D-64-3B-C2</macaddress><sessionUID>693693338121519</sessionUID><OS_NAME>OS_WINXP_32</OS_NAME><pkProgramBuild>5036.223</pkProgramBuild><canILan>false</canILan><hostName>cs-3a3e67ed38e0</hostName><userName>jeffk</userName><domain>NONE</domain><startup>true</startup><interactive>true</interactive></Header><localTime>[06-21-2011 22:58:36]</localTime><MetricString>(Local Time = [06-21-2011 22:58:36])(Active Client List = (Client: PID[3116], User[jeffk], Version[223]))(Is DHCP Enabled = Yes)(Has ILan ever failed = No)(RDP Status = Remote)</MetricString><Policies></Policies><delta>true</delta></PKResponse>
The sessionUID is randomly generated and stored in C:\Program Files\SafeConnect\sc.dat.
<scanResult_response> <ctrl_set_observed_ip>129.24.255.135</ctrl_set_observed_ip> <ctrl_ping_no_user>0</ctrl_ping_no_user> <ctrl_next_ping>285</ctrl_next_ping> <ctrl_policy> <hss> <SUBROUTINES> <PolicyKeyPass> <TRUE>true</TRUE> </PolicyKeyPass> <OS_OSX> <SYSTEM_INFO> <OS_NAME>OS_OSX</OS_NAME> </SYSTEM_INFO> </OS_OSX> <OS_WIN98> <SYSTEM_INFO> <OS_NAME>OS_WIN98</OS_NAME> </SYSTEM_INFO> </OS_WIN98> <OS_WINME> <SYSTEM_INFO> <OS_NAME>OS_WINME</OS_NAME> </SYSTEM_INFO> </OS_WINME> <OS_WINNT> <SYSTEM_INFO> <OS_NAME>OS_WINNT4</OS_NAME> </SYSTEM_INFO> <SYSTEM_INFO> <OS_NAME>OS_WINNT3</OS_NAME> </SYSTEM_INFO> </OS_WINNT> <OS_WIN2K> <SYSTEM_INFO> <OS_NAME>OS_WIN2K</OS_NAME> </SYSTEM_INFO> </OS_WIN2K> <OS_WINS2K3> <SYSTEM_INFO> <OS_NAME>OS_WINS2K3</OS_NAME> </SYSTEM_INFO> </OS_WINS2K3> <OS_WINXP> <SYSTEM_INFO> <OS_NAME>OS_WINXP</OS_NAME> </SYSTEM_INFO> </OS_WINXP> <OS_VISTA> <SYSTEM_INFO> <OS_NAME>OS_VISTA</OS_NAME> </SYSTEM_INFO> </OS_VISTA> <OS_WIN7> <SYSTEM_INFO> <OS_NAME>OS_WIN7</OS_NAME> </SYSTEM_INFO> </OS_WIN7> <OS_UNKNOWN> <SYSTEM_INFO> <OS_NAME>OS_UNKNOWN</OS_NAME> </SYSTEM_INFO> </OS_UNKNOWN> <OS_WIN95> <SYSTEM_INFO> <OS_NAME>OS_WIN95</OS_NAME> </SYSTEM_INFO> </OS_WIN95> <LT_SP1> <SYSTEM_INFO> <SERVICE_PACK>1</SERVICE_PACK> <OP>LT</OP> </SYSTEM_INFO> </LT_SP1> <LT_SP2> <SYSTEM_INFO> <SERVICE_PACK>2</SERVICE_PACK> <OP>LT</OP> </SYSTEM_INFO> </LT_SP2> <LT_SP3> <SYSTEM_INFO> <SERVICE_PACK>3</SERVICE_PACK> <OP>LT</OP> </SYSTEM_INFO> </LT_SP3> <LT_SP4> <SYSTEM_INFO> <SERVICE_PACK>4</SERVICE_PACK> <OP>LT</OP> </SYSTEM_INFO> </LT_SP4> <LT_SP5> <SYSTEM_INFO> <SERVICE_PACK>5</SERVICE_PACK> <OP>LT</OP> </SYSTEM_INFO> </LT_SP5> <SophosInstalled> <or> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\Sweep95</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> <FILE>icmon.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\Sweep95</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> <FILE>ICSUPP95.EXE</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\SweepNT</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> <FILE>icmon.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\SAVService\Application</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> <FILE>SavService.exe</FILE> </Install_File> </or> </SophosInstalled> <McAfeeInstalled> <or> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\McAfee\AVEngine</KEY_NAME> <KEY_VALUE>szInstallDir32</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\McAfee\AVEngine</KEY_NAME> <KEY_VALUE>szInstallDir</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\McAfee.com\Agent</KEY_NAME> <KEY_VALUE>Install Dir</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\McAfee.com\Virusscan Online</KEY_NAME> <KEY_VALUE>Install Dir</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\McAfee\VSCore\Detect</KEY_NAME> <KEY_VALUE>szInstallDir</KEY_VALUE> </Install_Reg> </or> </McAfeeInstalled> <TrendMicroInstalled> <or> <INSTALL_REG> <TIMETOFAIL>60</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\Vizor</KEY_NAME> <KEY_VALUE>ProductPath</KEY_VALUE> </INSTALL_REG> <WMI_AV> <TIMETOFAIL>300</TIMETOFAIL> <PACKAGE_NAME>Trend Micro</PACKAGE_NAME> </WMI_AV> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\PC-cillin</KEY_NAME> <KEY_VALUE>Application Path</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\AntiVirus\15</KEY_NAME> <KEY_VALUE>ApplicationPath</KEY_VALUE> </Install_Reg> </or> </TrendMicroInstalled> <EZAntivirusInstalled> <or> <INSTALL_FILE> <TIMETOFAIL>60</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\Anti-Virus Plus</KEY_NAME> <KEY_VALUE>InstallPath</KEY_VALUE> <FILE>isafe.exe</FILE> </INSTALL_FILE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates</KEY_NAME> <KEY_VALUE>installLocation</KEY_VALUE> </INSTALL_REG> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\Anti-Virus\Resident</KEY_NAME> <KEY_VALUE>vetpath</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\eTrustAntivirus\CurrentVersion\Path</KEY_NAME> <KEY_VALUE>HOME</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\ComputerAssociates\Anti-Virus\Install</KEY_NAME> <KEY_VALUE>ProgramPath</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\Path</KEY_NAME> <KEY_VALUE>HOME</KEY_VALUE> </Install_Reg> </or> </EZAntivirusInstalled> <SymantecInstalled> <or> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\Norton AntiVirus NT\Install\7.50</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\Norton AntiVirus\Install\7.50</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\Norton Antivirus</KEY_NAME> <KEY_VALUE>version</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\InstalledApps</KEY_NAME> <KEY_VALUE>N360</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\InstalledApps</KEY_NAME> <KEY_VALUE>NAV</KEY_VALUE> </Install_Reg> </or> </SymantecInstalled> <AVSymantecCorpInstalled> <or> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\Norton AntiVirus NT\Install\7.50</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\Norton AntiVirus\Install\7.50</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\Symantec AntiVirus\Install\7.50</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </Install_Reg> </or> </AVSymantecCorpInstalled> <McAfeeNAInstalled> <or> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx</KEY_NAME> <KEY_VALUE>szInstallDir</KEY_VALUE> </Install_Reg> </or> </McAfeeNAInstalled> <McAfee45Installed> <or> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN6500</KEY_NAME> <KEY_VALUE>Version</KEY_VALUE> </Install_Reg> </or> </McAfee45Installed> <TrendMicroCorpInstalled> <or> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\OfficeScanCorp\CurrentVersion</KEY_NAME> <KEY_VALUE>Program Version</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\OfficeScanCorp\CurrentVersion</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\OfficeScanCorp\CurrentVersion</KEY_NAME> <KEY_VALUE>Application Path</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion</KEY_NAME> <KEY_VALUE>Application Path</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.</KEY_NAME> <KEY_VALUE>ProgramVer</KEY_VALUE> </Install_Reg> </or> </TrendMicroCorpInstalled> <PandaInstalled> <or> <INSTALL_REG> <TIMETOFAIL>60</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Panda Software\Setup</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Panda Software\Panda Antivirus Platinum</KEY_NAME> <KEY_VALUE>PATH</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Panda Software\Panda Antivirus Lite</KEY_NAME> <KEY_VALUE>DIR</KEY_VALUE> </Install_Reg> </or> </PandaInstalled> <AVGInstalled> <or> <INSTALL_FILE> <TIMETOFAIL>60</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\AVG\AVG10</KEY_NAME> <KEY_VALUE>AvgDir</KEY_VALUE> <FILE>avgtray.exe</FILE> </INSTALL_FILE> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME> <KEY_VALUE>avg9_tray</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME> <KEY_VALUE>avgcc</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME> <KEY_VALUE>avg8_tray</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME> <KEY_VALUE>avg7_cc</KEY_VALUE> </Install_Reg> </or> </AVGInstalled> <AVGuardInstalled> <or> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\H+BEDV\AVWIN/95</KEY_NAME> <KEY_VALUE>AVWPath</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\H+BEDV\AVWin/NT</KEY_NAME> <KEY_VALUE>AVWPath</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\H+BEDV\AntiVir PersonalEdition Classic V 7</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Avira\AntiVir PersonalEdition Classic</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Avira\AntiVir Desktop</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Avira\AntiVir PersonalEdition Premium</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </Install_Reg> <Install_Reg> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Avira\AntiVir Workstation</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </Install_Reg> </or> </AVGuardInstalled> <AuthentiumInstalled> <or> <FILE_EXISTS> <FULL_PATH>%programfiles%\Common Files\Command Software\csav.exe</FULL_PATH> </FILE_EXISTS> <FILE_EXISTS> <FULL_PATH>%programfiles%\Common Files\Authentium\AntiVirus\csav.exe</FULL_PATH> </FILE_EXISTS> </or> </AuthentiumInstalled> <AvastInstalled> <OR> <INSTALL_FILE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ALWIL Software\Avast\4.0</KEY_NAME> <KEY_VALUE>Avast4ProgramFolder</KEY_VALUE> <FILE>aswDisp.exe</FILE> </INSTALL_FILE> <INSTALL_FILE> <TIMETOFAIL>60</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\AVAST Software\Avast</KEY_NAME> <KEY_VALUE>ProgramFolder</KEY_VALUE> <FILE>AvastUI.exe</FILE> </INSTALL_FILE> <INSTALL_FILE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ALWIL Software\Avast\4.0</KEY_NAME> <KEY_VALUE>Avast4ProgramFolder</KEY_VALUE> <FILE>ashDisp.exe</FILE> </INSTALL_FILE> <INSTALL_FILE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ALWIL Software\Avast\5.0</KEY_NAME> <KEY_VALUE>ProgramFolder</KEY_VALUE> <FILE>AvastSvc.exe</FILE> </INSTALL_FILE> </OR> </AvastInstalled> <MicrosoftOneCareInstalled> <or> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Microsoft Antimalware</KEY_NAME> <KEY_VALUE>InstallLocation</KEY_VALUE> <FILE>MpCmdRun.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\MalwareProtection</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> <FILE>MpEng.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\OneCare Protection</KEY_NAME> <KEY_VALUE>InstallLocation</KEY_VALUE> <FILE>MsMpEng.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM</KEY_NAME> <KEY_VALUE>InstallLocation</KEY_VALUE> <FILE>MsMpEng.exe</FILE> </Install_File> </or> </MicrosoftOneCareInstalled> <BitdefenderInstalled> <or> <Install_File> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\SOFTWIN\BitDefender Desktop\Maintenance\Install</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> <FILE>bdagent.exe</FILE> </Install_File> <Install_File> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\SOFTWIN\BitDefender Desktop\Maintenance\Install</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> <FILE>bdnagent.exe</FILE> </Install_File> <Install_File> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\BitDefender\BitDefender Desktop\Maintenance\Install</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> <FILE>bdagent.exe</FILE> </Install_File> </or> </BitdefenderInstalled> <KasperskyInstalled> <or> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</KEY_NAME> <KEY_VALUE>AVP</KEY_VALUE> <FILE>avp.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\SetupFolders</KEY_NAME> <KEY_VALUE>KAV2006</KEY_VALUE> <FILE>avp.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\SetupFolders</KEY_NAME> <KEY_VALUE>KIS6</KEY_VALUE> <FILE>avp.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\SetupFolders</KEY_NAME> <KEY_VALUE>KIS7</KEY_VALUE> <FILE>avp.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\SetupFolders</KEY_NAME> <KEY_VALUE>KIS8</KEY_VALUE> <FILE>avp.exe</FILE> </Install_File> </or> </KasperskyInstalled> <SpySweeperAntiVirusInstalled> <OR> <AND> <INSTALL_FILE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME> <KEY_VALUE>id</KEY_VALUE> <FILE>SpySweeper.exe</FILE> </INSTALL_FILE> <COMPARE_REG_VALUE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME> <KEY_VALUE>antivirusinstalled</KEY_VALUE> <VALUE_INT32>1</VALUE_INT32> </COMPARE_REG_VALUE> </AND> <INSTALL_FILE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME> <KEY_VALUE>id</KEY_VALUE> <FILE>AEI.exe</FILE> </INSTALL_FILE> </OR> </SpySweeperAntiVirusInstalled> <Nod32Installed> <or> <INSTALL_FILE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ESET\ESET Security\CurrentVersion\Info</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> <FILE>egui.exe</FILE> </INSTALL_FILE> <INSTALL_FILE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Eset\Nod\CurrentVersion\Info</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> <FILE>x86\nod32krn.exe</FILE> </INSTALL_FILE> <INSTALL_FILE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Eset\ESET Security\CurrentVersion\Info</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> <FILE>x86\ekrn.exe</FILE> </INSTALL_FILE> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Eset\ESET Security\CurrentVersion\Info</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> <FILE>ekrn.exe</FILE> </Install_File> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Eset\Nod\CurrentVersion\Info</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> <FILE>nod32krn.exe</FILE> </Install_File> </or> </Nod32Installed> <ZoneAlarmInstalled> <or> <Install_File> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Zone Labs\ZoneAlarm</KEY_NAME> <KEY_VALUE>InstallDirectory</KEY_VALUE> <FILE>zonealarm.exe</FILE> </Install_File> </or> </ZoneAlarmInstalled> <SophosRunning> <or> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>ICMON.EXE</PROCESS> </Running_Proc> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>SWEEPSRV.SYS</PROCESS> </Running_Proc> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>SavService.exe</PROCESS> </Running_Proc> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>ICSUPP95.EXE</PROCESS> </Running_Proc> </or> </SophosRunning> <McAfeeRunning> <or> <RUNNING_PROC> <PROCESS>McTray.exe</PROCESS> </RUNNING_PROC> <Running_Proc> <PROCESS>mcagent.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>mcvsshld.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>mcvsrte.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>mcshield.exe</PROCESS> </Running_Proc> </or> </McAfeeRunning> <TrendMicroRunning> <or> <WMI_AV> <TIMETOFAIL>300</TIMETOFAIL> <PACKAGE_NAME>Titanium</PACKAGE_NAME> <RTS></RTS> </WMI_AV> <WMI_AV> <TIMETOFAIL>300</TIMETOFAIL> <PACKAGE_NAME>Trend Micro</PACKAGE_NAME> <RTS></RTS> </WMI_AV> <Running_Proc> <TIMETOFAIL>60</TIMETOFAIL> <PROCESS>pcclient.exe</PROCESS> </Running_Proc> <Running_Proc> <TIMETOFAIL>60</TIMETOFAIL> <PROCESS>pccguide.exe</PROCESS> </Running_Proc> <Running_Proc> <TIMETOFAIL>60</TIMETOFAIL> <PROCESS>TmProxy.exe</PROCESS> </Running_Proc> </or> </TrendMicroRunning> <EZAntivirusRunning> <or> <WMI_AV> <TIMETOFAIL>60</TIMETOFAIL> <PACKAGE_NAME>CA Anti-Virus Plus</PACKAGE_NAME> <RTS></RTS> </WMI_AV> <AND> <COMPARE_REG_VALUE> <HKEY>HKLM</HKEY> <KEY_NAME>HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust Suite Personal\am\</KEY_NAME> <KEY_VALUE>rton</KEY_VALUE> <VALUE_INT32>2</VALUE_INT32> </COMPARE_REG_VALUE> <RUNNING_PROC> <PROCESS>casc.exe</PROCESS> </RUNNING_PROC> </AND> <Running_Proc> <PROCESS>VetTray.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>cavrid.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>InoRpc.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>InoRT.exe</PROCESS> </Running_Proc> <AND> <Running_Proc> <PROCESS>iSafe.exe</PROCESS> </Running_Proc> <COMPARE_REG_VALUE> <HKEY>HKLM</HKEY> <KEY_NAME>SYSTEM\ControlSet001\Services\VETFDDNT</KEY_NAME> <KEY_VALUE>EnableScan</KEY_VALUE> <VALUE_INT32>1</VALUE_INT32> </COMPARE_REG_VALUE> </AND> </or> </EZAntivirusRunning> <SymantecRunning> <or> <Running_Proc> <PROCESS>VpTray.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>rtvscan.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>DefWatch.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>ccapp.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>navapsvc.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>ccSvcHst.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>symlcsvc.exe</PROCESS> </Running_Proc> <COMPARE_REG_VALUE> <HKEY>HKLM</HKEY> <KEY_NAME>SYSTEM\ControlSet001\Services\SRTSP</KEY_NAME> <KEY_VALUE>Start</KEY_VALUE> <VALUE_INT32>1</VALUE_INT32> </COMPARE_REG_VALUE> </or> </SymantecRunning> <SymantecCorpRunning> <or> <Running_Proc> <PROCESS>VpTray.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>rtvscan.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>DefWatch.exe</PROCESS> </Running_Proc> </or> </SymantecCorpRunning> <McAfeeNARunning> <or> <Running_Proc> <PROCESS>McShield.exe</PROCESS> </Running_Proc> </or> </McAfeeNARunning> <McAfee45Running> <or> <Running_Proc> <PROCESS>vshwin32.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>vsstat.exe</PROCESS> </Running_Proc> </or> </McAfee45Running> <TrendMicroCorpRunning> <or> <Running_Proc> <TIMETOFAIL>60</TIMETOFAIL> <PROCESS>NTRtScan.exe</PROCESS> </Running_Proc> <Running_Proc> <TIMETOFAIL>60</TIMETOFAIL> <PROCESS>PCCWin97.exe</PROCESS> </Running_Proc> </or> </TrendMicroCorpRunning> <PandaRunning> <or> <WMI_AV> <TIMETOFAIL>300</TIMETOFAIL> <PACKAGE_NAME>Panda Cloud Antivirus</PACKAGE_NAME> <RTS></RTS> </WMI_AV> <Running_Proc> <PROCESS>apvxdwin.exe</PROCESS> </Running_Proc> </or> </PandaRunning> <AVGRunning> <or> <Running_Proc> <PROCESS>avgamsvr.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>avgwdsvc.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>avgcc</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>avgwdsvc.exe</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>avgcc.exe</PROCESS> </Running_Proc> </or> </AVGRunning> <AVGuardRunning> <or> <Running_Proc> <PROCESS>AVGUARD.EXE</PROCESS> </Running_Proc> <Running_Proc> <PROCESS>AVGCTRL.EXE</PROCESS> </Running_Proc> </or> </AVGuardRunning> <AuthentiumRunning> <or> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>avinitnt.exe</PROCESS> </Running_Proc> </or> </AuthentiumRunning> <AvastRunning> <OR> <AND> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>ashDisp.exe</PROCESS> </RUNNING_PROC> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>ashserv.exe</PROCESS> </RUNNING_PROC> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>ashwebsv.exe</PROCESS> </RUNNING_PROC> </AND> <AND> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>aswmaisv.exe</PROCESS> </RUNNING_PROC> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>aswwebsv.exe</PROCESS> </RUNNING_PROC> </AND> <AND> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>ashDisp.exe</PROCESS> </RUNNING_PROC> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>ashmaisv.exe</PROCESS> </RUNNING_PROC> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>ashwebsv.exe</PROCESS> </RUNNING_PROC> </AND> <AND> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>AvastSvc.exe</PROCESS> </RUNNING_PROC> <SERVICE_RUNNING> <TIMETOFAIL>300</TIMETOFAIL> <SERVICE>avast! Antivirus</SERVICE> </SERVICE_RUNNING> </AND> </OR> </AvastRunning> <MicrosoftOneCareRunning> <or> <and> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>msseces.exe</PROCESS> <EXACT_MATCH>true</EXACT_MATCH> </Running_Proc> <NOT> <COMPARE_REG_VALUE> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Microsoft Antimalware\Real-Time Protection</KEY_NAME> <KEY_VALUE>DisableRealtimeMonitoring</KEY_VALUE> <VALUE_INT32>1</VALUE_INT32> </COMPARE_REG_VALUE> </NOT> </and> <and> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>MsMpEng.exe</PROCESS> <EXACT_MATCH>true</EXACT_MATCH> </Running_Proc> <or> <COMPARE_REG_VALUE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\OneCare Protection\Real-Time Protection</KEY_NAME> <KEY_VALUE>DisableAntiVirusRealtimeProtection</KEY_VALUE> <VALUE_INT32>0</VALUE_INT32> </COMPARE_REG_VALUE> <NOT> <COMPARE_REG_VALUE> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Real-Time Protection</KEY_NAME> <KEY_VALUE>DisableAntiVirus</KEY_VALUE> <VALUE_INT32>1</VALUE_INT32> </COMPARE_REG_VALUE> </NOT> </or> </and> </or> </MicrosoftOneCareRunning> <BitdefenderRunning> <or> <Running_Proc> <TIMETOFAIL>60</TIMETOFAIL> <PROCESS>bdagent.exe</PROCESS> </Running_Proc> <Running_Proc> <TIMETOFAIL>60</TIMETOFAIL> <PROCESS>bdnagent.exe</PROCESS> </Running_Proc> </or> </BitdefenderRunning> <KasperskyRunning> <or> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>avp.exe</PROCESS> </Running_Proc> <COMPARE_REG_VALUE> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP7</KEY_NAME> <KEY_VALUE>enabled</KEY_VALUE> <VALUE_INT32>1</VALUE_INT32> </COMPARE_REG_VALUE> </or> </KasperskyRunning> <SpySweeperAntiVirusRunning> <OR> <AND> <RUNNING_PROC> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>SpySweeper.exe</PROCESS> </RUNNING_PROC> <COMPARE_REG_VALUE> <TIMETOFAIL>300</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME> <KEY_VALUE>antivirusinstalled</KEY_VALUE> <VALUE_INT32>1</VALUE_INT32> </COMPARE_REG_VALUE> </AND> <AND> <COMPARE_REG_VALUE> <TIMETOFAIL>60</TIMETOFAIL> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME> <KEY_VALUE>scanonwrite</KEY_VALUE> <VALUE_INT32>1</VALUE_INT32> </COMPARE_REG_VALUE> <RUNNING_PROC> <TIMETOFAIL>60</TIMETOFAIL> <PROCESS>WRConsumerService.exe</PROCESS> </RUNNING_PROC> </AND> </OR> </SpySweeperAntiVirusRunning> <Nod32Running> <or> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>nod32krn.exe</PROCESS> </Running_Proc> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>ekrn.exe</PROCESS> </Running_Proc> </or> </Nod32Running> <ZoneAlarmRunning> <AND> <Running_Proc> <TIMETOFAIL>300</TIMETOFAIL> <PROCESS>zlclient.exe</PROCESS> </Running_Proc> <COMPARE_REG_VALUE> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Zone Labs\ZoneAlarm</KEY_NAME> <KEY_VALUE>AVInstalled</KEY_VALUE> <VALUE_INT32>1</VALUE_INT32> </COMPARE_REG_VALUE> </AND> </ZoneAlarmRunning> <SophosDefinitions> <or> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>vdl*.vdb</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\Sweep95</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>vdl*.vdb</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\SweepNT</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.ide</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\Sweep95</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.ide</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\SweepNT</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>vdl*.vdb</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\SAVService\Application</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.ide</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Sophos\SAVService\Application</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </SophosDefinitions> <McAfeeDefinitions> <or> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*scan.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\McAfee.com\Virusscan Online</KEY_NAME> <KEY_VALUE>Install Dir</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*scan.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx</KEY_NAME> <KEY_VALUE>dat</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*scan.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\McAfee\AVEngine</KEY_NAME> <KEY_VALUE>dat</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </McAfeeDefinitions> <TrendMicroDefinitions> <or> <WMI_AV> <TIMETOFAIL>300</TIMETOFAIL> <PACKAGE_NAME>Titanium</PACKAGE_NAME> <DEFS></DEFS> </WMI_AV> <WMI_AV> <PACKAGE_NAME>Trend Micro</PACKAGE_NAME> <DEFS></DEFS> </WMI_AV> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\PC-cillin</KEY_NAME> <KEY_VALUE>Application Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\AntiVirus\15\Directory</KEY_NAME> <KEY_VALUE>DcsPatternPath</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </TrendMicroDefinitions> <EZAntivirusDefinitions> <or> <VDEF_BY_FILE_DATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\Anti-Virus Plus</KEY_NAME> <KEY_VALUE>InstallPath</KEY_VALUE> </INSTALL_REG> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>core\vet.dat</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ISafe\</KEY_NAME> <KEY_VALUE>EngineDataPath</KEY_VALUE> </INSTALL_REG> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>vet.dat</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>vet.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\Anti-Virus\Resident</KEY_NAME> <KEY_VALUE>vetpath</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>vet.da1</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\ScanEngine\Path</KEY_NAME> <KEY_VALUE>Engine</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>vet.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\ScanEngine\Path</KEY_NAME> <KEY_VALUE>Engine</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>vet.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ComputerAssociates\ComputerAssociates\Anti-Virus\Install</KEY_NAME> <KEY_VALUE>ProgramPath</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </EZAntivirusDefinitions> <AVSymantecDefinitions> <or> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>..\Definitions\VirusDefs\definfo.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\SymNetDrv\Parameters</KEY_NAME> <KEY_VALUE>SettingsPath</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_DIR_DATE> <MAX_DAYS>14</MAX_DAYS> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\InstalledApps</KEY_NAME> <KEY_VALUE>AVENGEDEFS</KEY_VALUE> </INSTALL_REG> </VDEF_BY_DIR_DATE> <VDEF_BY_DIR_DATE> <MAX_DAYS>14</MAX_DAYS> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SYSTEM\CurrentControlSet\Services\eeCtrl\Parameters</KEY_NAME> <KEY_VALUE>LastUsedDefs</KEY_VALUE> </INSTALL_REG> </VDEF_BY_DIR_DATE> </or> </AVSymantecDefinitions> <SymantecCorpDefinitions> <or> <VDEF_BY_DIR_DATE> <MAX_DAYS>14</MAX_DAYS> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Symantec\InstalledApps</KEY_NAME> <KEY_VALUE>AVENGEDEFS</KEY_VALUE> </INSTALL_REG> </VDEF_BY_DIR_DATE> </or> </SymantecCorpDefinitions> <McAfeeNADefinitions> <or> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>scan.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx</KEY_NAME> <KEY_VALUE>dat</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </McAfeeNADefinitions> <McAfee45Definitions> <or> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>scan.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx</KEY_NAME> <KEY_VALUE>dat</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </McAfee45Definitions> <TrendMicroCorpDefinitions> <or> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\PC-cillin</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\OfficeScanCorp\CurrentVersion</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*$*.*</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion</KEY_NAME> <KEY_VALUE>Application Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </TrendMicroCorpDefinitions> <PandaDefinitions> <or> <WMI_AV> <TIMETOFAIL>60</TIMETOFAIL> <PACKAGE_NAME>Panda Cloud Antivirus</PACKAGE_NAME> <DEFS></DEFS> </WMI_AV> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>pav.sig</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Panda Software\Panda Antivirus Platinum</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>pav.sig</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Panda Software\Panda Antivirus Lite</KEY_NAME> <KEY_VALUE>DIR</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </PandaDefinitions> <AVGDefinitions> <or> <FILE_INFO> <PATH>%SystemRoot%\system32\drivers\Avg\</PATH> <PATTERN>.avm</PATTERN> <DAYS>14</DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <OP>LT</OP> </FILE_INFO> <FILE_INFO> <PATH>%SystemRoot%\system32\drivers\Avg\</PATH> <PATTERN>.avg</PATTERN> <DAYS>14</DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <OP>LT</OP> </FILE_INFO> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>microavi.avg</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME> <KEY_VALUE>avgcc</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>microavi.avg</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall\Directories</KEY_NAME> <KEY_VALUE>dir_AvgDir</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>miniavi.avg</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME> <KEY_VALUE>avg7_cc</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>microavi.avg</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME> <KEY_VALUE>avg7_cc</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>updvers.cfg</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME> <KEY_VALUE>avgcc</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>updvers.cfg</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Windows\CurrentVersion\Run\</KEY_NAME> <KEY_VALUE>avg7_cc</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </AVGDefinitions> <AVGuardDefinitions> <or> <VDEF_BY_FILE_DATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Avira\AntiVir Desktop</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>vbase*.VDF</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>ANTIVIR.VDF</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\H+BEDV\AVWIN/95</KEY_NAME> <KEY_VALUE>AVWPath</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\H+BEDV\AntiVir PersonalEdition Classic V 7</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>ANTIVIR.VDF</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\H+BEDV\AVWin/NT</KEY_NAME> <KEY_VALUE>AVWPath</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Avira\AntiVir PersonalEdition Classic</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Avira\AntiVir Desktop</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Avira\AntiVir PersonalEdition Premium</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>ANTIVIR*.VDF</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Avira\AntiVir Workstation</KEY_NAME> <KEY_VALUE>Path</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </AVGuardDefinitions> <AuthentiumDefinitions> <or> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>Common Files\Command Software\sign2.def</FILE_TEMPLATE> <PATH_TYPE>Program Files</PATH_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>Common Files\Authentium\AntiVirus\sign2.def</FILE_TEMPLATE> <PATH_TYPE>Program Files</PATH_TYPE> </VDEF_BY_FILE_DATE> </or> </AuthentiumDefinitions> <AvastDefinitions> <OR> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\AVAST Software\Avast</KEY_NAME> <KEY_VALUE>ProgramFolder</KEY_VALUE> </INSTALL_REG> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>defs\aswdefs.ini</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ALWIL Software\Avast\4.0</KEY_NAME> <KEY_VALUE>Avast4ProgramFolder</KEY_VALUE> </INSTALL_REG> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>setup\summary.txt</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\ALWIL Software\Avast\5.0</KEY_NAME> <KEY_VALUE>ProgramFolder</KEY_VALUE> </INSTALL_REG> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>defs\*</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> </OR> </AvastDefinitions> <MicrosoftOneCareDefinitions> <or> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.vdm</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates</KEY_NAME> <KEY_VALUE>SignatureLocation</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>mpdef.vdm</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\MalwareProtection</KEY_NAME> <KEY_VALUE>DataDirectory</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.vdm</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\OneCare Protection\Signature Updates</KEY_NAME> <KEY_VALUE>SignatureLocation</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.vdm</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates</KEY_NAME> <KEY_VALUE>SignatureLocation</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </MicrosoftOneCareDefinitions> <BitdefenderDefinitions> <or> <VDEF_BY_FILE_DATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\BitDefender\BitDefender Desktop\Maintenance\Install</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </INSTALL_REG> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>installer\BDUpdateV1.xml</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.dll</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\SOFTWIN\BitDefender Desktop\Maintenance\Install</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>events.xml</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\SOFTWIN\BitDefender Desktop\Maintenance\Install</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>v_live_s.xml</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\BitDefender\Livesrv</KEY_NAME> <KEY_VALUE>Path_Live</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </BitdefenderDefinitions> <KasperskyDefinitions> <or> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP11\environment</KEY_NAME> <KEY_VALUE>DataRoot</KEY_VALUE> </INSTALL_REG> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>Bases\*.dat</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP11\CKAHUM\LastSet</KEY_NAME> <KEY_VALUE>Directory</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.avc</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP11\CKAHUM\LastSet</KEY_NAME> <KEY_VALUE>Directory</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP80\CKAHUM\LastSet</KEY_NAME> <KEY_VALUE>Directory</KEY_VALUE> </INSTALL_REG> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>*.dat</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>Bases\*.avc</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP7\environment</KEY_NAME> <KEY_VALUE>DataRoot</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>Bases\*.kdc</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP9\environment</KEY_NAME> <KEY_VALUE>DataRoot</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>Bases\*.avc</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\AVP6\environment</KEY_NAME> <KEY_VALUE>DataRoot</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.avc</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\AVP6\CKAHUM\LastSet</KEY_NAME> <KEY_VALUE>Directory</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.avc</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP7\CKAHUM\LastSet</KEY_NAME> <KEY_VALUE>Directory</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>*.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\KasperskyLab\protected\AVP8\CKAHUM\LastSet</KEY_NAME> <KEY_VALUE>Directory</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </KasperskyDefinitions> <SpySweeperAntiVirusDefinitions> <or> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>\antivirus\*.ide</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Webroot\SpySweeper</KEY_NAME> <KEY_VALUE>id</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </SpySweeperAntiVirusDefinitions> <Nod32Definitions> <or> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>nod32.0*</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Eset\Nod\CurrentVersion\Info</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <TIMETOFAIL>300</TIMETOFAIL> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>em00*.dat</FILE_TEMPLATE> <INSTALL_REG> <HKEY>HKLM</HKEY> <KEY_NAME>SOFTWARE\Eset\ESET Security\CurrentVersion\Info</KEY_NAME> <KEY_VALUE>InstallDir</KEY_VALUE> </INSTALL_REG> </VDEF_BY_FILE_DATE> </or> </Nod32Definitions> <ZoneAlarmDefinitions> <or> <VDEF_BY_FILE_DATE> <PATH_TYPE>PROGRAM FILES</PATH_TYPE> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>..\Windows\SysWOW64\ZoneLabs\avsys\bases\*.dat</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <MAX_DAYS>14</MAX_DAYS> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> <FILE_TEMPLATE>ZoneLabs\avsys\bases\*.avc</FILE_TEMPLATE> <PATH_TYPE>SYSTEM</PATH_TYPE> </VDEF_BY_FILE_DATE> <VDEF_BY_FILE_DATE> <PATH_TYPE>SYSTEM</PATH_TYPE> <MAX_DAYS>14</MAX_DAYS> <FILE_TEMPLATE>ZoneLabs\avsys\bases\*.dat</FILE_TEMPLATE> <FILE_DATE_TYPE>MODIFY</FILE_DATE_TYPE> </VDEF_BY_FILE_DATE> </or> </ZoneAlarmDefinitions> </SUBROUTINES> <LOGIC> <IF> <COND>( PolicyKeyPass )</COND> <THEN> <POLICY> <id>1</id> <result>pass</result> <adminMsgIDs>0</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> </LOGIC> <LOGIC> <IF> <COND>( OS_OSX )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>8</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( SophosInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>200</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( McAfeeInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>210</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( TrendMicroInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>220</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( EZAntivirusInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>230</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( SymantecInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>240</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( AVSymantecCorpInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>250</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( McAfeeNAInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>260</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( McAfee45Installed )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>270</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( TrendMicroCorpInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>280</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( PandaInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>290</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( AVGInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>300</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( AVGuardInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>310</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( AuthentiumInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>320</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( AvastInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>330</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( MicrosoftOneCareInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>340</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( BitdefenderInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>350</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( KasperskyInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>360</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( SpySweeperAntiVirusInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>370</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( Nod32Installed )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>380</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( ZoneAlarmInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>true</result> <adminMsgIDs>390</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( !SophosInstalled * !McAfeeInstalled * !TrendMicroInstalled * !EZAntivirusInstalled * !SymantecInstalled * !AVSymantecCorpInstalled * !McAfeeNAInstalled * !McAfee45Installed * !TrendMicroCorpInstalled * !PandaInstalled * !AVGInstalled * !AVGuardInstalled * !AuthentiumInstalled * !AvastInstalled * !MicrosoftOneCareInstalled * !BitdefenderInstalled * !KasperskyInstalled * !SpySweeperAntiVirusInstalled * !Nod32Installed * !ZoneAlarmInstalled )</COND> <THEN> <POLICY> <id>15014</id> <result>false</result> <adminMsgIDs>10</adminMsgIDs> <webMessageID>6</webMessageID> </POLICY> </THEN> </IF> </LOGIC> <LOGIC> <IF> <COND>( OS_OSX )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>8</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( !SophosInstalled * !McAfeeInstalled * !TrendMicroInstalled * !EZAntivirusInstalled * !SymantecInstalled * !AVSymantecCorpInstalled * !McAfeeNAInstalled * !McAfee45Installed * !TrendMicroCorpInstalled * !PandaInstalled * !AVGInstalled * !AVGuardInstalled * !AuthentiumInstalled * !AvastInstalled * !MicrosoftOneCareInstalled * !BitdefenderInstalled * !KasperskyInstalled * !SpySweeperAntiVirusInstalled * !Nod32Installed * !ZoneAlarmInstalled )</COND> <THEN> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>10</adminMsgIDs> <webMessageID>6</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( SophosInstalled )</COND> <THEN> <IF> <COND>( SophosRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>201</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>206</adminMsgIDs> <webMessageID>7</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( McAfeeInstalled )</COND> <THEN> <IF> <COND>( McAfeeRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>211</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>216</adminMsgIDs> <webMessageID>9</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( TrendMicroInstalled )</COND> <THEN> <IF> <COND>( TrendMicroRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>221</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>226</adminMsgIDs> <webMessageID>11</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( EZAntivirusInstalled )</COND> <THEN> <IF> <COND>( EZAntivirusRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>231</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>236</adminMsgIDs> <webMessageID>13</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( SymantecInstalled )</COND> <THEN> <IF> <COND>( SymantecRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>241</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>246</adminMsgIDs> <webMessageID>15</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AVSymantecCorpInstalled )</COND> <THEN> <IF> <COND>( SymantecCorpRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>251</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>256</adminMsgIDs> <webMessageID>17</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( McAfeeNAInstalled )</COND> <THEN> <IF> <COND>( McAfeeNARunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>261</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>266</adminMsgIDs> <webMessageID>19</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( McAfee45Installed )</COND> <THEN> <IF> <COND>( McAfee45Running )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>271</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>276</adminMsgIDs> <webMessageID>21</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( TrendMicroCorpInstalled )</COND> <THEN> <IF> <COND>( TrendMicroCorpRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>281</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>286</adminMsgIDs> <webMessageID>23</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( PandaInstalled )</COND> <THEN> <IF> <COND>( PandaRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>291</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>296</adminMsgIDs> <webMessageID>25</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AVGInstalled )</COND> <THEN> <IF> <COND>( AVGRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>301</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>306</adminMsgIDs> <webMessageID>27</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AVGuardInstalled )</COND> <THEN> <IF> <COND>( AVGuardRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>311</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>316</adminMsgIDs> <webMessageID>29</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AuthentiumInstalled )</COND> <THEN> <IF> <COND>( AuthentiumRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>321</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>326</adminMsgIDs> <webMessageID>110</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AvastInstalled )</COND> <THEN> <IF> <COND>( AvastRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>331</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>336</adminMsgIDs> <webMessageID>115</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( MicrosoftOneCareInstalled )</COND> <THEN> <IF> <COND>( MicrosoftOneCareRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>341</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>346</adminMsgIDs> <webMessageID>120</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( BitdefenderInstalled )</COND> <THEN> <IF> <COND>( BitdefenderRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>351</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>356</adminMsgIDs> <webMessageID>125</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( KasperskyInstalled )</COND> <THEN> <IF> <COND>( KasperskyRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>361</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>366</adminMsgIDs> <webMessageID>200</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( SpySweeperAntiVirusInstalled )</COND> <THEN> <IF> <COND>( SpySweeperAntiVirusRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>371</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>376</adminMsgIDs> <webMessageID>202</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( Nod32Installed )</COND> <THEN> <IF> <COND>( Nod32Running )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>381</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>386</adminMsgIDs> <webMessageID>204</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( ZoneAlarmInstalled )</COND> <THEN> <IF> <COND>( ZoneAlarmRunning )</COND> <THEN> <POLICY> <id>15015</id> <result>true</result> <adminMsgIDs>391</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15015</id> <result>false</result> <adminMsgIDs>396</adminMsgIDs> <webMessageID>206</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> </LOGIC> <LOGIC> <IF> <COND>( OS_OSX )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>8</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( !SophosInstalled * !McAfeeInstalled * !TrendMicroInstalled * !EZAntivirusInstalled * !SymantecInstalled * !AVSymantecCorpInstalled * !McAfeeNAInstalled * !McAfee45Installed * !TrendMicroCorpInstalled * !PandaInstalled * !AVGInstalled * !AVGuardInstalled * !AuthentiumInstalled * !AvastInstalled * !MicrosoftOneCareInstalled * !BitdefenderInstalled * !KasperskyInstalled * !SpySweeperAntiVirusInstalled * !Nod32Installed * !ZoneAlarmInstalled )</COND> <THEN> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>11</adminMsgIDs> <webMessageID>6</webMessageID> </POLICY> </THEN> </IF> <IF> <COND>( SophosInstalled )</COND> <THEN> <IF> <COND>( SophosDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>202</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>207</adminMsgIDs> <webMessageID>8</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( McAfeeInstalled )</COND> <THEN> <IF> <COND>( McAfeeDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>212</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>217</adminMsgIDs> <webMessageID>10</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( TrendMicroInstalled )</COND> <THEN> <IF> <COND>( TrendMicroDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>222</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>227</adminMsgIDs> <webMessageID>12</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( EZAntivirusInstalled )</COND> <THEN> <IF> <COND>( EZAntivirusDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>232</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>237</adminMsgIDs> <webMessageID>14</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( SymantecInstalled )</COND> <THEN> <IF> <COND>( AVSymantecDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>242</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>247</adminMsgIDs> <webMessageID>16</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AVSymantecCorpInstalled )</COND> <THEN> <IF> <COND>( SymantecCorpDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>252</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>257</adminMsgIDs> <webMessageID>18</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( McAfeeNAInstalled )</COND> <THEN> <IF> <COND>( McAfeeNADefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>262</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>267</adminMsgIDs> <webMessageID>20</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( McAfee45Installed )</COND> <THEN> <IF> <COND>( McAfee45Definitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>272</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>277</adminMsgIDs> <webMessageID>22</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( TrendMicroCorpInstalled )</COND> <THEN> <IF> <COND>( TrendMicroCorpDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>282</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>287</adminMsgIDs> <webMessageID>24</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( PandaInstalled )</COND> <THEN> <IF> <COND>( PandaDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>292</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>297</adminMsgIDs> <webMessageID>26</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AVGInstalled )</COND> <THEN> <IF> <COND>( AVGDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>302</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>307</adminMsgIDs> <webMessageID>28</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AVGuardInstalled )</COND> <THEN> <IF> <COND>( AVGuardDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>312</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>317</adminMsgIDs> <webMessageID>30</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AuthentiumInstalled )</COND> <THEN> <IF> <COND>( AuthentiumDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>322</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>327</adminMsgIDs> <webMessageID>111</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( AvastInstalled )</COND> <THEN> <IF> <COND>( AvastDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>332</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>337</adminMsgIDs> <webMessageID>116</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( MicrosoftOneCareInstalled )</COND> <THEN> <IF> <COND>( MicrosoftOneCareDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>342</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>347</adminMsgIDs> <webMessageID>121</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( BitdefenderInstalled )</COND> <THEN> <IF> <COND>( BitdefenderDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>352</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>357</adminMsgIDs> <webMessageID>126</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( KasperskyInstalled )</COND> <THEN> <IF> <COND>( KasperskyDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>362</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>367</adminMsgIDs> <webMessageID>201</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( SpySweeperAntiVirusInstalled )</COND> <THEN> <IF> <COND>( SpySweeperAntiVirusDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>372</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>377</adminMsgIDs> <webMessageID>203</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( Nod32Installed )</COND> <THEN> <IF> <COND>( Nod32Definitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>382</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>387</adminMsgIDs> <webMessageID>205</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> <IF> <COND>( ZoneAlarmInstalled )</COND> <THEN> <IF> <COND>( ZoneAlarmDefinitions )</COND> <THEN> <POLICY> <id>15016</id> <result>true</result> <adminMsgIDs>392</adminMsgIDs> <webMessageID>0</webMessageID> </POLICY> </THEN> <ELSE> <POLICY> <id>15016</id> <result>false</result> <adminMsgIDs>397</adminMsgIDs> <webMessageID>207</webMessageID> </POLICY> </ELSE> </IF> </THEN> </IF> </LOGIC> </hss> </ctrl_policy> <ctrl_ilan_restore></ctrl_ilan_restore> </scanResult_response>
<PKResponse><Header><localIpAddress>129.24.255.135</localIpAddress><observedIP>129.24.255.135</observedIP><macaddress>74-F0-6D-64-3B-C2</macaddress><sessionUID>693693338121519</sessionUID><OS_NAME>OS_WINXP_32</OS_NAME><pkProgramBuild>5036.223</pkProgramBuild><canILan>false</canILan><hostName>cs-3a3e67ed38e0</hostName><userName>jeffk</userName><domain>NONE</domain><startup>false</startup><interactive>true</interactive></Header><localTime>[06-21-2011 22:58:38]</localTime><Policies><Policy><id>1</id><result>true</result><adminMsgIDs>0</adminMsgIDs><webMessageID></webMessageID></Policy><Policy><id>15014</id><result>false</result><adminMsgIDs>10</adminMsgIDs><webMessageID>6</webMessageID></Policy><Policy><id>15015</id><result>false</result><adminMsgIDs>10</adminMsgIDs><webMessageID>6</webMessageID></Policy><Policy><id>15016</id><result>false</result><adminMsgIDs>11</adminMsgIDs><webMessageID>6</webMessageID></Policy></Policies><delta>true</delta></PKResponse>
<scanResult_response> <ctrl_set_observed_ip>129.24.255.135</ctrl_set_observed_ip> <ctrl_ping_no_user>0</ctrl_ping_no_user> <ctrl_next_ping>285</ctrl_next_ping> <view_webpage>https://safeconnect.unm.edu:8443//clientStatus.!^</view_webpage> <ctrl_ilan_restore></ctrl_ilan_restore> </scanResult_response>
<PKResponse><Header><localIpAddress>129.24.255.135</localIpAddress><observedIP>129.24.255.135</observedIP><macaddress>74-F0-6D-64-3B-C2</macaddress><sessionUID>693693338121519</sessionUID><OS_NAME>OS_WINXP_32</OS_NAME><pkProgramBuild>5036.223</pkProgramBuild><canILan>false</canILan><hostName>cs-3a3e67ed38e0</hostName><userName>jeffk</userName><domain>NONE</domain><startup>false</startup><interactive>true</interactive></Header><localTime>[06-21-2011 23:03:23]</localTime><Policies><Policy><id>1</id><result>true</result><adminMsgIDs>0</adminMsgIDs><webMessageID></webMessageID></Policy><Policy><id>15014</id><result>false</result><adminMsgIDs>10</adminMsgIDs><webMessageID>6</webMessageID></Policy><Policy><id>15015</id><result>false</result><adminMsgIDs>10</adminMsgIDs><webMessageID>6</webMessageID></Policy><Policy><id>15016</id><result>false</result><adminMsgIDs>11</adminMsgIDs><webMessageID>6</webMessageID></Policy></Policies><delta>false</delta></PKResponse>
<scanResult_response> <ctrl_set_observed_ip>129.24.255.135</ctrl_set_observed_ip> <ctrl_ping_no_user>0</ctrl_ping_no_user> <ctrl_next_ping>283</ctrl_next_ping> <ctrl_ilan_restore></ctrl_ilan_restore> </scanResult_response>
<scanResult_response> <ctrl_agent_uid_issued>765329926966569</ctrl_agent_uid_issued> <ctrl_install> <version>5036.223</version> <update> <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/scManager.dll</sourceurl> <destname>scManager.dll</destname> <md5hexkey>7a9873e0792896c8adc29a252cadc08e</md5hexkey> <platform>windows</platform> </update> <update> <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/scManager.sys</sourceurl> <destname>scManager.sys</destname> <md5hexkey>8cff9fbaa8c6e03dbdc0cde6028d83df</md5hexkey> <platform>windows</platform> </update> <update> <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/scPcServiceUninstall.exe</sourceurl> <destname>Uninstall.exe</destname> <md5hexkey>fa7f287da43f254e900e92ed3f80e61a</md5hexkey> <platform>windows</platform> </update> <update> <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/SCClient.dll</sourceurl> <destname>SCClient.dll</destname> <md5hexkey>b0620d80e97a65445748695543e3e19a</md5hexkey> <platform>windows</platform> </update> <update> <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/SCClient.exe</sourceurl> <destname>SCClient.exe</destname> <md5hexkey>ca7038e5252b81aa4a35b182bbdcc86d</md5hexkey> <platform>windows</platform> </update> <update> <sourceurl>http://198.31.193.211:8008/downloads/winkey5036.223/SCUpdate.sys</sourceurl> <destname>SCUpdate.sys</destname> <md5hexkey>10abcb29eb744b2e8e0bc02641f8d798</md5hexkey> <platform>windows</platform> </update> </ctrl_install> <ctrl_set_observed_ip>129.24.255.204</ctrl_set_observed_ip> <ctrl_ping_no_user>0</ctrl_ping_no_user> <ctrl_next_ping>150</ctrl_next_ping> <ctrl_ilan_restore></ctrl_ilan_restore> </scanResult_response>