|
<<Back
Changes from v1.6.3.0 to v1.7.0.0
- Full unicode support!
- New layout to fit more items on the screen
- Removed classic mode and merged it with the expert mode.
- New and faster scan engine
- Runscanner now scans all loaded modules by default
- Runscanner text logfiles are redesigned to better fit in forums
- Filepaths are no longer converted into lowercase
- Run files now include all loaded modules
- Old run files are no longer compatible with the new version.
- Bug fixed: some incorrect "file not found" fixed for filenames
- Bug fixed: no description shows for some items
- Bug fixed: drwtsn32 -p %ld -e %ld -g could not be parsed
- Fixed error with some unknown datatypes (systemcheck2 error)
- Fixed error some items could not be deleted when a certain filter was set
- Added new publishers to the whitelist.
- Online whitelisting improved
- History database no longer uses MSaccess (no more mdac errors)
Changes from v1.6.0.4 to v1.6.1.0
- Bug fixed: Bitmap image is not valid. (corrupt embedded icon)
- Bug fixed: malware analysis after import not working in expert mode
- Bug fixed: Lookup at Runscanner when no MD5 available popupmenu
- Sub run folders are now only scanned on windows 2000
Changes from v1.5.0.39 to v1.6.0.4
- Restrictions for internet explorer:
- 080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders)
- 081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders)
- Startup/Shutdown/logon/logoff scripts
- 090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
- 091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
- 092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
- 093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
- 094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff
- Various
- 110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
- 174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
- 200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute
- 201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
- Shell hijacking (moved from general policies)
- 162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
- 163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
- Terminal server related
- 190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
- 191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
- 192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
- 193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
- 194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp
- Debugger hijacking (thanks to Tony Klein)
- 176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
- Denying access to websites/IP addresses by setting a wrong static route (thanks to Bruce Harrison - nosirrah)
- 177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
- Hijacking of standard windows tools
- 210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
- 211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath
- 212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
- 213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier
- 214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator
- 215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard
Changes from v1.0.3 to v1.5.0.39
- New features in this version:
- New design in all modes
- Layout is now shown correctly for people with "large fonts" enabled
- Certificates of files are now analysed in all modes for signer/issuer
- Certificates are now shown as a certificate image in the grid instead of the green/red icons
- Virusscanner integration with Virustotal (upload file for scanning)
- Integration with Bit9 FileAdvisor (lookup MD5 hash)
- Integration with CastleCops (lookup MD5 hash)
- New Classic mode : This mode is targetted at removing hijacks, it only shows non-whitelisted items and there is an easy "Fix selected items" button, all other "safe" startup items can still be found in the expert mode.
- Added "Item fixer" tab in expert mode.
- Added "classic mode / hijack" tab in expert mode.
- Quick scan is removed in expert mode.
- New in expert mode : loaded modules analyzer.
- Warning if windows version is not supported. (Only win2000 or higher is supported)
- Added drivers with type = 2
- Disabled drivers and services are now automatically whitelisted in classic mode.
- Runscanner now finds drivers with undefined imagepath.
- Scanning is done a bit faster, the most processor intense part of the scan is still calculating the MD5 hashes
- No internet connection is needed anymore during the scan.
- Vista : Process killer now shows also protected processes
- Bug fixes:
- Fixed bug with corrupt MDAC installation in windows XP (used by history database)
- Fixed visual bug with screen flash after quit.
- Fixed bug with EOleSysError on incorrect/corrupt startup shortcuts.
- Fixed bug with corrupt taskscheduler service.
- Fixed bug with corrupt .run files.
- Whitelist added:
- A list of safe certificate publishers (56)
- Standard search pages
- Standard start pages
- Standard safe zones (microsoft,...)
- Blacklisted dangerous policies (DisableTaskMgr,DisableRegistryTools,DisableCMD,...)
<<Back
|
