Version history RunScanner

<<Back

Changes from v1.8.1.0 -> v1.9.0.9

• Enhanced whitelisting
• Windows 7 support (32 bit)
• Run files now include the list of installed software on the computer.
• Minor bug fixes

Changes from v1.8.0.0 -> v1.8.1.0

• Enhanced whitelisting
• Minor bug fixes

Changes from v1.7.0.0 -> v1.8.0.0

• Switched to Delphi 2009 unicode
• Run files have a new slightly smaller format
• Added new certificates to the whitelist
• Added filename lookup to systemlookup.com
• Removed Castlecops.com search
• Bugs fixed :
• Fixed several unicode issues
• Canvas does not allow drawing error
• Online analysis sometimes not working
• Fixed several access violation errors
• AppInit_Dlls value now recognizes spaces and commas as delimiter. (used to hide malware)
• Fixed bug where some startup items with parameters could not be restored
• Fixed bug when some important registry settings could not be restored (LSA authentication packages)
• Added Launch/hijack locations:
• 250 HKCU\Software\Classes\Directory\Shellex\DragDropHandlers
• 251 HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
• 252 HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers
• 253 HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
• 254 HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers
• 255 HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers

Changes from v1.6.3.0 -> v1.7.0.0

• Full unicode support!
• New layout to fit more items on the screen
• Removed classic mode and merged it with the expert mode.
• New and faster scan engine
• Runscanner now scans all loaded modules by default
• Runscanner text logfiles are redesigned to better fit in forums
• Filepaths are no longer converted into lowercase
• Run files now include all loaded modules
• Old run files are no longer compatible with the new version.
• Bug fixed: some incorrect "file not found" fixed for filenames
• Bug fixed: no description shows for some items
• Bug fixed: drwtsn32 -p %ld -e %ld -g could not be parsed
• Fixed error with some unknown datatypes (systemcheck2 error)
• Fixed error some items could not be deleted when a certain filter was set
• Added new publishers to the whitelist.
• Online whitelisting improved
• History database no longer uses MSaccess (no more mdac errors)

Changes from v1.6.0.4 -> v1.6.1.0

• Bug fixed: Bitmap image is not valid. (corrupt embedded icon)
• Bug fixed: malware analysis after import not working in expert mode
• Bug fixed: Lookup at Runscanner when no MD5 available popupmenu
• Sub run folders are now only scanned on windows 2000

Changes from v1.5.0.39 -> v1.6.0.4

• Restrictions for internet explorer:
• 080 HKLM\Software\Policies\Microsoft\Internet Explorer (+subfolders)
• 081 HKCU\Software\Policies\Microsoft\Internet Explorer (+subfolders)
• Startup/Shutdown/logon/logoff scripts
• 090 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
• 091 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
• 092 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
• 093 HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown
• 094 HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff
• Various
• 110 HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
• 174 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
• 200 HKLM\System\CurrentControlSet\Control\Session Manager\Execute
• 201 HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
• Shell hijacking (moved from general policies)
• 162 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
• 163 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
• Terminal server related
• 190 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
• 191 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
• 192 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
• 193 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
• 194 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogoffApp
• Debugger hijacking (thanks to Tony Klein)
• 176 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
• Denying access to websites/IP addresses by setting a wrong static route (thanks to Bruce Harrison - nosirrah)
• 177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
• Hijacking of standard windows tools
• 210 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath
• 211 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\Cleanuppath
• 212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath
• 213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Magnifier
• 214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\Narrator
• 215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager\On-Screen Keyboard

Changes from v1.0.3 -> v1.5.0.39

• New features in this version:
• New design in all modes
• Layout is now shown correctly for people with "large fonts" enabled
• Certificates of files are now analysed in all modes for signer/issuer
• Certificates are now shown as a certificate image in the grid instead of the green/red icons
• Virusscanner integration with Virustotal (upload file for scanning)
• Integration with Bit9 FileAdvisor (lookup MD5 hash)
• Integration with CastleCops (lookup MD5 hash)
• New Classic mode : This mode is targetted at removing hijacks, it only shows non-whitelisted items and there is an easy "Fix selected items" button, all other "safe" startup items can still be found in the expert mode.
• Added "Item fixer" tab in expert mode.
• Added "classic mode / hijack" tab in expert mode.
• Quick scan is removed in expert mode.
• New in expert mode : loaded modules analyzer.
• Warning if windows version is not supported. (Only win2000 or higher is supported)
• Added drivers with type = 2
• Disabled drivers and services are now automatically whitelisted in classic mode.
• Runscanner now finds drivers with undefined imagepath.
• Scanning is done a bit faster, the most processor intense part of the scan is still calculating the MD5 hashes
• No internet connection is needed anymore during the scan.
• Vista : Process killer now shows also protected processes
• Bug fixes:
• Fixed bug with corrupt MDAC installation in windows XP (used by history database)
• Fixed visual bug with screen flash after quit.
• Fixed bug with EOleSysError on incorrect/corrupt startup shortcuts.
• Fixed bug with corrupt taskscheduler service.
• Fixed bug with corrupt .run files.
• Whitelist added:
• A list of safe certificate publishers (56)
• Standard search pages
• Standard start pages
• Standard safe zones (microsoft,...)
• Blacklisted dangerous policies (DisableTaskMgr,DisableRegistryTools,DisableCMD,...)

<<Back