File: AccessProtectionLog.txt

package info (click to toggle)
plaso 20241006-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 673,228 kB
  • sloc: python: 91,831; sh: 557; xml: 97; makefile: 17; sql: 14; vhdl: 11
file content (14 lines) | stat: -rw-r--r-- 4,461 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
 
9/27/2013	2:42:26 PM	Blocked by Access Protection rule 	SOMEDOMAIN\someUser	C:\Windows\System32\procexp64.exe	C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe	Common Standard Protection:Prevent termination of McAfee processes	Action blocked : Terminate
9/27/2013	2:42:39 PM	Blocked by Access Protection rule 	SOMEDOMAIN\someUser	C:\Windows\System32\procexp64.exe	C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe	Common Standard Protection:Prevent termination of McAfee processes	Action blocked : Terminate
9/27/2013	2:42:39 PM	Blocked by Access Protection rule 	SOMEDOMAIN\someUser	C:\Windows\System32\procexp64.exe	C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe	Common Standard Protection:Prevent termination of McAfee processes	Action blocked : Terminate
9/27/2013	2:42:40 PM	Blocked by Access Protection rule 	SOMEDOMAIN\someUser	C:\Windows\System32\procexp64.exe	C:\Program Files (x86)\McAfee\Common Framework\McTray.exe	Common Standard Protection:Prevent termination of McAfee processes	Action blocked : Terminate
7/17/2013	1:49:34 PM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	NT AUTHORITY\SYSTEM	C:\Windows\System32\powercfg.exe	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect	Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings	Action blocked : Create
7/17/2013	1:49:34 PM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	NT AUTHORITY\SYSTEM	C:\Windows\System32\powercfg.exe	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat	Anti-virus Maximum Protection:Protect cached files from password and email address stealers	Action blocked : Read
7/17/2013	1:53:31 PM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	TheGrid\clu	C:\Windows\system32\taskhost.exe	C:\Windows\Temp\SDIAG_1893e055-45e8-4dda-a6fc-036616ec15c7\DiagPackage.dll	Common Maximum Protection:Prevent creation of new executable files in the Windows folder	Action blocked : Create
7/17/2013	1:53:32 PM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	TheGrid\clu	C:\Windows\System32\sdiagnhost.exe	\REGISTRY\USER\S-1-5-21-218510691-2140962509-2033415169-18142\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect	Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings	Action blocked : Create
7/30/2013	10:06:05 AM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	NT AUTHORITY\SYSTEM	C:\Windows\TEMP\InstallPlugin_11_8_800_94.exe	C:\Windows\Temp\{49568447-C9D4-4C19-942B-4472959CBC07}\fpb.tmp	Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder	Action blocked : Execute
7/30/2013	10:06:06 AM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	NT AUTHORITY\SYSTEM	C:\Windows\TEMP\InstallPlugin_11_8_800_94.exe	C:\Windows\Temp\{05007B29-A945-4346-8B04-7DD2F5453280}\InstallFlashPlayer.exe	Common Maximum Protection:Prevent creation of new executable files in the Windows folder	Action blocked : Create
7/30/2013	10:18:02 AM	Would be blocked by port blocking rule  (rule is currently not enforced) 	C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe	Common Maximum Protection:Prevent HTTP communication	23.56.2.70:443
7/30/2013	10:22:48 AM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	NT AUTHORITY\SYSTEM	C:\Windows\system32\svchost.exe	C:\Users\tron\AppData\Roaming\Mozilla\Firefox\prfD430.tmp	Common Standard Protection:Protect Mozilla & FireFox files and settings	Action blocked : Create
7/30/2013	10:22:48 AM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	NT AUTHORITY\SYSTEM	C:\Windows\system32\svchost.exe	C:\Users\tron\AppData\Roaming\Mozilla\Firefox\Profiles\w77xlhgl.default\webapps\prfD432.tmp	Common Standard Protection:Protect Mozilla & FireFox files and settings	Action blocked : Delete
7/30/2013	10:22:48 AM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	NT AUTHORITY\SYSTEM	C:\Windows\system32\svchost.exe	C:\Users\tron\AppData\Roaming\Mozilla\Firefox\Profiles\w77xlhgl.default\prfD431.tmp	Common Standard Protection:Protect Mozilla & FireFox files and settings	Action blocked : Create