| POLICY_VERSION=30000 |
| |
| BEGIN_BLOCK |
| |
| GLOBAL |
| |
| DYNAMORIO_OPTIONS= |
| |
| DYNAMORIO_RUNUNDER=1 |
| |
| DYNAMORIO_UNSUPPORTED= |
| |
| DYNAMORIO_AUTOINJECT=\dynamorio.dll |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=alg.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=araktest.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=calc.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=cisvc.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=detertray.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=dwm.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=explorer.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=fxssvc.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=inetinfo.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=locator.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=logonui.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=lsass.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=lsm.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=mqsvc.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=mqtgsvc.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=msascui.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=msdtc.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=msiexec.exe |
| |
| DYNAMORIO_RUNUNDER=48 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=msiexec.exe-v |
| |
| DYNAMORIO_RUNUNDER=49 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=mysqld-nt.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=nmupgrade.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=nodemgr.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=openssl.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=searchindexer.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=services.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=slsvc.exe |
| |
| DYNAMORIO_OPTIONS=-exempt_rct_to_list "slsvc.exe" -exempt_rct_from_list "slsvc.exe" |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=smsvchost.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=snmp.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=snmptrap.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=spoolsv.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe |
| |
| DYNAMORIO_RUNUNDER=16 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-dcomlaunch |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-iissvcs |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-ipripsvc |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-localservice |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-localservicenetworkrestricted |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-localservicenonetwork |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-localsystemnetworkrestricted |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-lpdservice |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-netsvcs |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-networkservice |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-networkservicenetworkrestricted |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-rpcss |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-secsvcs |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=svchost.exe-wersvcgroup |
| |
| DYNAMORIO_RUNUNDER=17 |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=tcpsvcs.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=tlntsvr.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=tomcat.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=vssvc.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=w3wp.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=wininit.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=winlogon.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=wmiapsrv.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=wmiprvse.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=wmpnetwk.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=wmpnscfg.exe |
| |
| END_BLOCK |
| |
| BEGIN_BLOCK |
| |
| APP_NAME=wuauclt.exe |
| |
| END_BLOCK |
| |