Posted By

Scooter on 08/06/11


Tagged


Versions (?)

Who likes this?

1 person have marked this snippet as a favorite

ionman


Symantec Antivirus Corporate Edition security settings


 / Published in: Windows Registry
 

URL: http://www.symantec.com/business/antivirus-corporate-edition

When you install Symantec Antivirus Corporate Edition, the default settings are not very secure. The following registry script will increase the security settings to a more reasonable level. This is for version 10; I suspect the settings for version 11 and 12 are stored in a similar registry location, and finding the location was the hardest part.

  1. Windows Registry Editor Version 5.00
  2.  
  3. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\PatternManager]
  4. "LockUpdatePattern"=dword:00000000
  5. "LockUpdatePatternScheduling"=dword:00000000
  6. "MaxDefsDaysOldAllowed"=dword:00000005
  7. "AdminForcedLUCheckInterval"=dword:0000001e
  8. "TypeOfDownload"=dword:00000001
  9. "DownLoadStatus"=dword:00000000
  10. "EnableAdminForcedLU"=dword:00000001
  11. "CheckConfigMinutes"=dword:0000003c
  12. "EnableProductUpdates"=dword:00000001
  13. "UpdateClients"=dword:00000001
  14. "SetClientFromServer"=dword:00000001
  15. "AFLUDelay"=dword:0000001e
  16.  
  17. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\PatternManager\Schedule]
  18. "SkipEvent"=dword:00000000
  19. "RandomizeDayOfWeek"=dword:00000006
  20. "MinOfDay"=dword:00000348
  21. "MissedEventEnabled"=dword:00000001
  22. "LastStart"=dword:00000000
  23. "TimeWindowMonthly"=dword:0000000b
  24. "Type"=dword:00000001
  25. "DayOfWeek"=dword:00000000
  26. "TimeWindowWeekly"=dword:00000003
  27. "TimeWindowDaily"=dword:00000008
  28. "RandomizeDayRange"=dword:0000012c
  29. "RandomizeWeekStart"=dword:00000004
  30. "RandomizeWeekEnd"=dword:00000006
  31. "RandomizeMinOfDay"=dword:00000031
  32. "Enabled"=dword:00000001
  33. "DayOfMonth"=dword:00000000
  34. "RandomizeDayEnabled"=dword:00000000
  35. "RandomizeWeekEnabled"=dword:00000000
  36. "RandomizeMonthEnabled"=dword:00000000
  37. "Created"=dword:4dbf2419
  38.  
  39. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages]
  40.  
  41. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem]
  42. "ServiceStatus"=dword:00000001
  43. "ServiceStorageStartCode"=dword:00000000
  44. "ClientStorageStartCode"=dword:00000000
  45.  
  46. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan]
  47. "APEOn"=dword:00000001
  48. "APESleep"=dword:00000003
  49. "DoCompressed"=dword:00000001
  50. "CDRoms"=dword:00000000
  51. "APEOff"=dword:00000000
  52. "SystemStart"=dword:00000000
  53. "ConfigRestart"=dword:00000001
  54. "DenyAccess"=dword:00000002
  55. "Reads"=dword:00000001
  56. "Execs"=dword:00000001
  57. "Writes"=dword:00000001
  58. "BackupToQuarantine"=dword:00000001
  59. "Cache"=dword:00000001
  60. "FileCacheEntries"=dword:00000000
  61. "Storage"=dword:00000001
  62. "FirstMacroAction"=dword:00000003
  63. "SecondMacroAction"=dword:00000001
  64. "FirstAction"=dword:00000003
  65. "SecondAction"=dword:00000001
  66. "FirstGreywareAction"=dword:00000004
  67. "SecondGreywareAction"=dword:00000004
  68. "Networks"=dword:00000001
  69. "MessageBox"=dword:00000001
  70. "FileType"=dword:00000000
  71. "HaveExceptionDirs"=dword:00000000
  72. "HaveExceptionFiles"=dword:00000000
  73. "ExcludedByExtensions"=dword:00000000
  74. "AccessCounter"=dword:00000003
  75. "NavexInterfaceToUse"=dword:00000002
  76. "RespondToThreats"=dword:00000003
  77. "OnOff"=dword:00000001
  78. "DriveList"=""
  79. "LowLevelFormat"=dword:00000001
  80. "ScanFloppyBROnAccess"=dword:00000001
  81. "RemoveAlertSeconds"=dword:00000001
  82. "HeuristicsLevel"=dword:00000002
  83. "CheckSum"=dword:00000000
  84. "Types"=dword:00000006
  85. "CheckRemoveable"=dword:00000001
  86. "Trap"=dword:00000000
  87. "Floppys"=dword:00000001
  88. "ZipFile"=dword:00000000
  89. "HardDriveBRWrite"=dword:00000001
  90. "ZipDepth"=dword:00000003
  91. "FloppyBRWrite"=dword:00000000
  92. "FloppyBRAction"=dword:00000005
  93. "HardDisks"=dword:00000001
  94. "Softmice"=dword:00000001
  95. "Exts"="DOT,DOC,HTML,HTT,HTM,VBS,JS,SHS,PPT,MSO,POT,RTF,MDB,JTD,HLP,INF,INI,HTA,MP?,OBD,OBT,PPS,SMM,VSD,VST,XL?,VSS,EXE,COM,BIN,SYS,DLL,OCX,VXD,BAT,BTM,CSC,PIF,386,CLA,OV?,DRV,SCR,ACM,ACV,ADT,AX,CPL,CSH,JSE,PL,PM,SH,SHB,VBE,WSF,WSH"
  96. "RemoveAlert"=dword:00000000
  97. "Heuristics"=dword:00000001
  98. "ExcludedExtensions"=""
  99. "PrescanExclude"=dword:00000000
  100. "CheckForBadOpCode"=dword:00000000
  101. "ClientNotify"=dword:00000001
  102. "ClientReportFormat"="~E~V in ~F"
  103. "HoldOnClose"=dword:00000001
  104. "StatusDialogTitle"="Auto-Protect Results"
  105. "ScanNotifyTerminateProcess"=dword:00000001
  106. "ScanNotifyStopService"=dword:00000001
  107. "ScanNotifyReboot"=dword:00000002
  108. "DisplayStatusDialog"=dword:00000001
  109. "PreserveTimeStamp"=dword:00000001
  110. "NetScanOnCloseDisable"=dword:00000000
  111. "BackupToQuarantine-L"=dword:00000001
  112. "CDRoms-L"=dword:00000001
  113. "ExcludedByExtensions-L"=dword:00000001
  114. "Execs-L"=dword:00000001
  115. "Exts-L"=dword:00000001
  116. "FileType-L"=dword:00000001
  117. "FirstAction-L"=dword:00000001
  118. "FirstMacroAction-L"=dword:00000001
  119. "Floppys-L"=dword:00000001
  120. "HaveExceptionDirs-L"=dword:00000001
  121. "HaveExceptionFiles-L"=dword:00000001
  122. "MessageBox-L"=dword:00000001
  123. "Networks-L"=dword:00000001
  124. "OnOff-L"=dword:00000001
  125. "Reads-L"=dword:00000001
  126. "SecondAction-L"=dword:00000001
  127. "SecondMacroAction-L"=dword:00000001
  128. "Types-L"=dword:00000001
  129. "Writes-L"=dword:00000001
  130. "APTrust"=dword:00000001
  131. "APTrust-L"=dword:00000001
  132. "APNetworkCache"=dword:00000000
  133. "APNetworkCache-L"=dword:00000001
  134. "MaxNetCacheEntries"=dword:00000000
  135. "MaxNetCacheEntries-L"=dword:00000001
  136. "NetworkCleanCacheTimeout"=dword:00000000
  137. "NetworkCleanCacheTimeout-L"=dword:00000001
  138. "SmartScan"=dword:00000001
  139. "SmartScan-L"=dword:00000001
  140. "OpenScanningMode"=dword:00000000
  141. "OpenScanningMode-L"=dword:00000001
  142. "MessageText"="Scan type: ~L Scan
  143.  
  144. Event: ~E
  145.  
  146. ~V
  147.  
  148. File: ~P
  149.  
  150. Location: ~C
  151.  
  152. Computer: ~S
  153.  
  154. User: ~N
  155.  
  156. Action taken: ~A
  157.  
  158. Date found: ~T"
  159. "MessageText-L"=dword:00000001
  160. "StatusHWND"=dword:00000000
  161. "DeleteInfectedOnCreate"=dword:00000001
  162. "ThreatTracerOnOff"=dword:00000001
  163. "ThreatTracerResolveIP"=dword:00000001
  164. "ThreatTracerBackgroundOnOff"=dword:00000001
  165. "ThreatTracerSleepMsecs"=dword:000003e8
  166. "ThreatTracerAutoBlock"=dword:00000001
  167.  
  168. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\ChecksumConfig]
  169.  
  170. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded]
  171. "FirstAction"=dword:00000003
  172. "SecondAction"=dword:00000001
  173.  
  174. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\PVID]
  175.  
  176. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-10]
  177. "OverrideDefaultActions"=dword:00000000
  178.  
  179. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-11]
  180. "OverrideDefaultActions"=dword:00000000
  181.  
  182. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-4]
  183. "OverrideDefaultActions"=dword:00000000
  184.  
  185. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-5]
  186. "OverrideDefaultActions"=dword:00000000
  187.  
  188. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-6]
  189. "OverrideDefaultActions"=dword:00000000
  190.  
  191. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-7]
  192. "OverrideDefaultActions"=dword:00000000
  193.  
  194. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-8]
  195. "OverrideDefaultActions"=dword:00000000
  196.  
  197. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\Expanded\TCID-9]
  198. "OverrideDefaultActions"=dword:00000000
  199.  
  200. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail]
  201. "ServiceDLLName"="IMail.dll"
  202. "ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
  203. "ServiceDLLEntryPoint"="ImStorageInit"
  204. "Type"=dword:80000020
  205. "ServiceStatus"=dword:00000000
  206. "ServiceStorageStartCode"=dword:00000000
  207. "ClientStorageStartCode"=dword:2000002b
  208.  
  209. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan]
  210. "OehOnOff"=dword:00000001
  211. "OnOff"=dword:00000001
  212. "ChangeMessageSubject"=dword:00000001
  213. "Exts"="DOT,DOC,HTML,HTT,HTM,VBS,JS,SHS,PPT,MSO,POT,RTF,MDB,JTD,HLP,INF,INI,HTA,MP?,OBD,OBT,PPS,SMM,VSD,VST,XL?,VSS,EXE,COM,BIN,SYS,DLL,OCX,VXD,BAT,BTM,CSC,PIF,386,CLA,OV?,DRV,SCR,ACM,ACV,ADT,AX,CPL,CSH,JSE,PL,PM,SH,SHB,VBE,WSF,WSH,JPG,JPEG,PDF,CMD"
  214. "FileType"=dword:00000000
  215. "FirstAction"=dword:00000003
  216. "FirstMacroAction"=dword:00000003
  217. "FirstOehAction"=dword:00000003
  218. "InsertWarning"=dword:00000001
  219. "MessageBox"=dword:00000001
  220. "NotifySelected"=dword:00000000
  221. "NotifySender"=dword:00000000
  222. "SecondAction"=dword:00000001
  223. "SecondMacroAction"=dword:00000001
  224. "SecondOehAction"=dword:00000001
  225. "Types"=dword:00000006
  226. "ZipDepth"=dword:0000000a
  227. "ZipExts"="ARJ,LHA,ZIP,MME,LZH,UUE"
  228. "ZipFile"=dword:00000001
  229. "AlertSenderServerName"="mail"
  230. "AlertSelectedServerName"="mail"
  231. "Pop3Port"=dword:0000006e
  232. "SmtpPort"=dword:00000019
  233. "ProgressWindow"=dword:00000001
  234. "ProgressIcon"=dword:00000001
  235. "ScanNotifyStopService"=dword:00000001
  236. "ScanNotifyTerminateProcess"=dword:00000001
  237. "DisplayStatusDialog"=dword:00000001
  238. "MessageText"="Scan type: ~L Scan
  239.  
  240. Event: ~E
  241.  
  242. ~V
  243.  
  244. File: ~P
  245.  
  246. Location: ~C
  247.  
  248. Computer: ~S
  249.  
  250. User: ~N
  251.  
  252. Action taken: ~A
  253.  
  254. Date found: ~T"
  255.  
  256. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded]
  257. "FirstAction"=dword:00000003
  258. "SecondAction"=dword:00000001
  259.  
  260. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded\PVID]
  261.  
  262. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded\TCID-10]
  263. "OverrideDefaultActions"=dword:00000000
  264.  
  265. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded\TCID-11]
  266. "OverrideDefaultActions"=dword:00000000
  267.  
  268. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded\TCID-4]
  269. "OverrideDefaultActions"=dword:00000000
  270.  
  271. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded\TCID-5]
  272. "OverrideDefaultActions"=dword:00000000
  273.  
  274. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded\TCID-6]
  275. "OverrideDefaultActions"=dword:00000000
  276.  
  277. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded\TCID-7]
  278. "OverrideDefaultActions"=dword:00000000
  279.  
  280. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded\TCID-8]
  281. "OverrideDefaultActions"=dword:00000000
  282.  
  283. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\InternetMail\RealTimeScan\Expanded\TCID-9]
  284. "OverrideDefaultActions"=dword:00000000
  285.  
  286. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes]
  287. "Type"=dword:80000004
  288. "ServiceStatus"=dword:00000000
  289. "ServiceStorageStartCode"=dword:00000000
  290. "ClientStorageStartCode"=dword:2000002b
  291. "ServiceDLLEntryPoint"="NSE_StorageInit"
  292. "DisplayName"="LotusNotes"
  293. "ServiceDLLName"="NotesExt.dll"
  294. "ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
  295. "HookDLLName"="nLNVP.dll"
  296. "NotesWatch"=dword:0000001e
  297.  
  298. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan]
  299. "OnOff"=dword:00000001
  300. "ChangeMessageSubject"=dword:00000001
  301. "SecondMacroAction"=dword:00000001
  302. "ZipExts"="ARJ,LHA,ZIP,MME,LZH,UUE"
  303. "NotifySelected"=dword:00000000
  304. "FirstAction"=dword:00000003
  305. "Types"=dword:00000006
  306. "Recipients"=""
  307. "FirstMacroAction"=dword:00000003
  308. "NotifySender"=dword:00000000
  309. "FileType"=dword:00000000
  310. "Reads"=dword:00000001
  311. "MessageBox"=dword:00000001
  312. "ZipFile"=dword:00000001
  313. "ZipDepth"=dword:0000000a
  314. "SecondAction"=dword:00000001
  315. "InsertWarning"=dword:00000001
  316. "Exts"="DOT,DOC,HTML,HTT,HTM,VBS,JS,SHS,PPT,MSO,POT,RTF,MDB,JTD,HLP,INF,INI,HTA,MP?,OBD,OBT,PPS,SMM,VSD,VST,XL?,VSS,EXE,COM,BIN,SYS,DLL,OCX,VXD,BAT,BTM,CSC,PIF,386,CLA,OV?,DRV,SCR,ACM,ACV,ADT,AX,CPL,CSH,JSE,PL,PM,SH,SHB,VBE,WSF,WSH,JPG,JPEG,PDF,CMD"
  317. "ScanNotifyStopService"=dword:00000001
  318. "ScanNotifyTerminateProcess"=dword:00000001
  319. "DisplayStatusDialog"=dword:00000001
  320. "MessageText"="Scan type: ~L Scan
  321.  
  322. Event: ~E
  323.  
  324. ~V
  325.  
  326. File: ~P
  327.  
  328. Location: ~C
  329.  
  330. Computer: ~S
  331.  
  332. User: ~N
  333.  
  334. Action taken: ~A
  335.  
  336. Date found: ~T"
  337.  
  338. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded]
  339. "FirstAction"=dword:00000003
  340. "SecondAction"=dword:00000001
  341.  
  342. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded\PVID]
  343.  
  344. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded\TCID-10]
  345. "OverrideDefaultActions"=dword:00000000
  346.  
  347. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded\TCID-11]
  348. "OverrideDefaultActions"=dword:00000000
  349.  
  350. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded\TCID-4]
  351. "OverrideDefaultActions"=dword:00000000
  352.  
  353. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded\TCID-5]
  354. "OverrideDefaultActions"=dword:00000000
  355.  
  356. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded\TCID-6]
  357. "OverrideDefaultActions"=dword:00000000
  358.  
  359. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded\TCID-7]
  360. "OverrideDefaultActions"=dword:00000000
  361.  
  362. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded\TCID-8]
  363. "OverrideDefaultActions"=dword:00000000
  364.  
  365. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\LotusNotes\RealTimeScan\Expanded\TCID-9]
  366. "OverrideDefaultActions"=dword:00000000
  367.  
  368. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient]
  369. "ServiceStatus"=dword:00000000
  370. "ServiceStorageStartCode"=dword:00000000
  371. "ClientStorageStartCode"=dword:2000002b
  372. "Type"=dword:80000002
  373. "ServiceDLLEntryPoint"="MEC_StorageInit"
  374. "ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
  375. "ServiceDLLName"="vpmsece3.dll"
  376.  
  377. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan]
  378. "OnOff"=dword:00000001
  379. "FirstMacroAction"=dword:00000003
  380. "NotifySender"=dword:00000000
  381. "FileType"=dword:00000000
  382. "RenameExt"="VIR"
  383. "MessageBox"=dword:00000001
  384. "ZipFile"=dword:00000001
  385. "ZipDepth"=dword:0000000a
  386. "SecondAction"=dword:00000001
  387. "InsertWarning"=dword:00000001
  388. "Exts"="DOT,DOC,HTML,HTT,HTM,VBS,JS,SHS,PPT,MSO,POT,RTF,MDB,JTD,HLP,INF,INI,HTA,MP?,OBD,OBT,PPS,SMM,VSD,VST,XL?,VSS,EXE,COM,BIN,SYS,DLL,OCX,VXD,BAT,BTM,CSC,PIF,386,CLA,OV?,DRV,SCR,ACM,ACV,ADT,AX,CPL,CSH,JSE,PL,PM,SH,SHB,VBE,WSF,WSH,JPG,JPEG,PDF,CMD"
  389. "ChangeMessageSubject"=dword:00000001
  390. "SecondMacroAction"=dword:00000001
  391. "ZipExts"="ARJ,LHA,ZIP,MME,LZH,UUE"
  392. "NotifySelected"=dword:00000000
  393. "FirstAction"=dword:00000003
  394. "Types"=dword:00000006
  395. "Recipients"=""
  396. "FirstMacroAction-L"=dword:00000001
  397. "FirstAction-L"=dword:00000001
  398. "SecondMacroAction-L"=dword:00000001
  399. "SecondAction-L"=dword:00000001
  400. "OnOff-L"=dword:00000001
  401. "FileType-L"=dword:00000001
  402. "MessageBox-L"=dword:00000001
  403. "InsertWarning-L"=dword:00000001
  404. "NotifySender-L"=dword:00000001
  405. "NotifySelected-L"=dword:00000001
  406. "MessageText"="Scan type: ~L Scan
  407.  
  408. Event: ~E
  409.  
  410. ~V
  411.  
  412. File: ~P
  413.  
  414. Location: ~C
  415.  
  416. Computer: ~S
  417.  
  418. User: ~N
  419.  
  420. Action taken: ~A
  421.  
  422. Date found: ~T"
  423. "MessageText-L"=dword:00000001
  424. "ScanNotifyStopService"=dword:00000001
  425. "ScanNotifyTerminateProcess"=dword:00000001
  426. "DisplayStatusDialog"=dword:00000001
  427.  
  428. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded]
  429. "FirstAction"=dword:00000003
  430. "SecondAction"=dword:00000001
  431.  
  432. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded\PVID]
  433.  
  434. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded\TCID-10]
  435. "OverrideDefaultActions"=dword:00000000
  436.  
  437. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded\TCID-11]
  438. "OverrideDefaultActions"=dword:00000000
  439.  
  440. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded\TCID-4]
  441. "OverrideDefaultActions"=dword:00000000
  442.  
  443. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded\TCID-5]
  444. "OverrideDefaultActions"=dword:00000000
  445.  
  446. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded\TCID-6]
  447. "OverrideDefaultActions"=dword:00000000
  448.  
  449. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded\TCID-7]
  450. "OverrideDefaultActions"=dword:00000000
  451.  
  452. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded\TCID-8]
  453. "OverrideDefaultActions"=dword:00000000
  454.  
  455. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\MicrosoftExchangeClient\RealTimeScan\Expanded\TCID-9]
  456. "OverrideDefaultActions"=dword:00000000
  457.  
  458. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\SymProtect]
  459. "ServiceDLLName"="SymProtectStorage.dll"
  460. "ServiceDLLPath"="C:\\Program Files\\Symantec AntiVirus\\"
  461. "ServiceDLLEntryPoint"="StorageInit"
  462. "DisplayName"="Tamper Protection"
  463. "Type"=dword:c0000040
  464. "ServiceStatus"=dword:00000000
  465. "ServiceStorageStartCode"=dword:00000000
  466. "ClientStorageStartCode"=dword:2000002b
  467.  
  468. [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\SymProtect\RealTimeScan]
  469. "LogInfectionText"="SYMANTEC TAMPER PROTECTION ALERT
  470.  
  471.  
  472.  
  473. Target: ~Q
  474.  
  475. Event Info: ~H ~J
  476.  
  477. Action Taken: ~G
  478.  
  479. Actor Process: ~M (PID ~K)
  480.  
  481. Time: ~T"
  482. "Disabled"=dword:00000000
  483. "MessageText"="SYMANTEC TAMPER PROTECTION ALERT
  484.  
  485.  
  486.  
  487. Target: ~Q
  488.  
  489. Event Info: ~H ~J
  490.  
  491. Action Taken: ~G
  492.  
  493. Actor Process: ~M (PID ~K)
  494.  
  495. Time: ~T"
  496. "NotifyEventA"=dword:0000002d
  497. "MessageBox"=dword:00000000
  498. "ProtectionProcess"=dword:00000001
  499. "ProtectStandalone"=dword:00000001

Report this snippet  

You need to login to post a comment.