;------------- Message box enums ------------ [Global] #m_okcancel = 1 #m_yesnocancel = 3 #m_yesno = 4 #m_res_cancel = 0 #m_res_ok = 1 #m_res_yes = 1 #m_res_no = 2 #m_error = 0x10 #m_warning = 0x30 #m_question = 0x20 #m_information = 0x40 $KeyDebug = 0 [s_MsgBoxIcon] #m_error = "e32" #m_warning = "w32" #m_question = "q32" default = "i32" [Global] #SHELL_OBJTYPE_DRIVE = 0x0001 #SHELL_OBJTYPE_FOLDER = 0x0002 #SHELL_OBJTYPE_FILE = 0x0004 #SHELL_OBJTYPE_MYCOMPUTER = 0x0008 #SHELL_OBJTYPE_CUSTOM = 0x0020 #SHELL_OBJTYPE_MASK = 0x0040 #SHELL_OBJTYPE_REGKEY = 0x0080 #SHELL_OBJTYPE_REGVALUE = 0x0100 #SHELL_OBJTYPE_FILTERED = 0x0200 #SHELL_OBJTYPE_URL = 0x0400 #SHELL_OBJTYPE_PERSONAL = 0x0800 #SHELL_OBJTYPE_PROCESS = 0x1000 #SHELL_OBJTYPE_USERACCOUNT = 0x2000 #RemTags = 0x01 #RemCRLF = 0x02 #RemAmperc = 0x04 ;------------- Global ------------ [Global] $ProductName = switch(env("ProductType"), "ProductTitle", "") $ProductName_GEN = switch(env("ProductType"), "ProductTitle", "GEN") $ProductName_DAT = switch(env("ProductType"), "ProductTitle", "DAT") $ProductName_INS = switch(env("ProductType"), "ProductTitle", "INS") $ProductName_PRE = switch(env("ProductType"), "ProductTitle", "PRE") $ProductNameLong = switch(env("ProductType"), "ProductTitleLong", "") $ProductNameLong_GEN = switch(env("ProductType"), "ProductTitleLong", "GEN") $ProductNameLong_DAT = switch(env("ProductType"), "ProductTitleLong", "DAT") $ProductNameLong_INS = switch(env("ProductType"), "ProductTitleLong", "INS") $ProductNameLong_PRE = switch(env("ProductType"), "ProductTitleLong", "PRE") $RemoteComputer = if(remoteComputer, remoteComputer + " - ") $ProfileName=(description ? description + if($IsAdminGroupTask, $GroupTask) : switch(name, "ProfileName")) $ProfileState = s_ProfileState(state) $ProfileReport = $ProfileName + ": " + s_ProfileState(state, #true) $ProfileStateFont = s_ProfileStateFont(state) $IsErr = (!s_IsGroupProfile(name) && lastErr) $SettingsLevel=switch(level, "SettingsLevel") $ScanAction=switch(ScanAction, "ScanAction") $PersonalCabinetLink = bindok("SupportCustom.aLinks.PersonalCabinet.URL") && SupportCustom.aLinks.PersonalCabinet.URL!="" ? SupportCustom.aLinks.PersonalCabinet.URL : "https://support.kaspersky.com/" + env("Localization") + "/PersonalCabinet" ;$PersonalCabinetLink = "https://support.kaspersky.com/" + env("Localization") + "/PersonalCabinet" $HelpdeskLink = bindok("SupportCustom.aLinks.SupportReq.URL") && SupportCustom.aLinks.SupportReq.URL!="" ? SupportCustom.aLinks.SupportReq.URL : "https://support.kaspersky.com/" + env("Localization") + "/PersonalCabinet/HelpDesk/helpdesk.html" ;$HelpdeskLink = $PersonalCabinetLink + "/HelpDesk/helpdesk.html" $PersonalOnly = switch(env("ProductType"), "PersonalOnly") $CorporateOnly = switch(env("ProductType"), "CorporateOnly") $IsRelease = (env("ProductStatus") != "Beta") $IsProcessor64Bit = s_IsProcessor64Bit(global.ProcessorType) $IsNeedReboot = (global.UpdateState & #eUpdateNeedReboot) $IsSafeMode = (global.ProtectionState & #eProtectionSafeMode) $IsProtectionNotInstalled = (global.ProtectionState & #eProtectionNotInstalled) $IsInstallNeedReboot = (global.settings.Ins_InitMode & #eInitMode_NeedReboot ? 1 : $IsNeedReboot) $IsAdminGroupTask = (admflags & #PROFILE_ADMFLAG_GROUPTASK) $IsActiveDisinfect = (name == "Active_Disinfect") $IsRD = (env("ProductType") == "rd") ;$IsRD = isRescueCD() ProductName = $ProductName ProductNameDetailed = $ProductNameLong AnyError = s_SystemError(ErrorCode) + "." HelpError = "Help" HelpErrorText = strVal1 RestartComputerWarning.caption = $ProductName $WinMailer = ($IsVistaOS ? "Windows Mail" : "Outlook Express") $IsFunctionalityLevel_Protection = s_IsFunctionalityLevel_Protection(global.LicInfo.FuncLevel) $IsSOS = (env("ProductType") == "sos") $IsKAV = (env("ProductType") == "kav") $ViruslistLink = (env("VirusListLink") + "/" + env("Localization")) $ViruslistThreatLink = ($ViruslistLink + "/search?VN=" + DetectName + "&referer=" + env("ProductType")) $ViruslistPhishingLink = ($ViruslistLink + "/find?objs=vlgloss&words=phishing") PrepareUpdateBeforeFullScan = f_PrepareUpdateBeforeFullScan(msg("AskUpdateBeforeFullScan", #m_yesnocancel)) AskResumeScan = $IsRD ? #m_res_no : dialog("AskResumeScan") CleanVulnerab = if(ScanVulnerability && name == "Scan_My_Computer" && threatFind(null, #DETYPE_VULNERABILITY) && msg("DiscardVulnerab", #m_yesno), threatDiscard(null, #DETYPE_VULNERABILITY)) KAVMailQB = "newvirus@kaspersky.com" KAVMailQB_PDM = "pdm@kaspersky.com" QBCommonSendDescription="[Info]\r\nOsVersion=" + OSVersion + "\r\nProductName=" + $ProductNameLong + "\r\nProductVerion=" + env("ProductVersion") + "\r\nKeySerialNumber=" + f_KeySerNum(global.LicInfo.KeyInfo.KeySerNum) + "\r\n" QBObjectSendDescription="[General]\r\nTaskType=" + s_TaskID(s_TaskType2TaskId(TaskType)) + "(" + TaskType + ")\r\nThreatType=" + s_DetectSureTypes(DetectStatus, TaskType) + "\r\nThreatName=" + DetectName + "\r\nThreatDanger=" + DetectDanger + "\r\nObjectType=" + s_DetectObjectTypes(ObjectType) + s_AlertObjectLabel_AddInfo_Pid(nPID) + "\r\nObjectName=" + ObjectName + "\r\nScanningBasesTime=" + datetime(ScanningBasesTime) ; ---- constants ---- #true = 1 #false = 0 #eFindMatchCase = 0x0002 #eFindWholeWord = 0x0004 #eFindUp = 0x0008 #eFindMarkAll = 0x0010 #errOK = 0 #errTASK_ALREADY_RUNNING = 0x99480008 #errPROXY_STATE_INVALID = 0x80000240 ;Settings level #SETTINGS_LEVEL_DEFAULT = 0 #SETTINGS_LEVEL_CUSTOM = 1 #SETTINGS_LEVEL_LOW = 2 #SETTINGS_LEVEL_HIGH = 3 ;Event classes #pmc_EVENTS_NOTIFY = 0xe532519d #pmc_EVENTS_IMPORTANT = 0x10f87d4c #pmc_EVENTS_CRITICAL = 0xbfca8487 ;Profile States #TaskRequestRun =0x00000031 ;Profile States #StateRunning =0x00300031 #StatePaused =0x00100062 #StateStopped =0x00000094 #StateCompleted =0x000000A0 #StateFailed =0x004000F0 #StateNotStarted =0x00000010 #StateDisabled =0x000000D0 #StateStarting =0x00300021 #StatePausing =0x00300052 #StateResuming =0x00300071 #StateReStarting =#StateResuming #StateStopping =0x00300084 #StateMalfunction =0x00700041 #StateFlagActive =0x100000 #StateFlagOperational=0x200000 #StateFlagMalfunction=0x400000 ;Profile State Requests #TASK_REQUEST_RUN = 0x01 #TASK_REQUEST_PAUSE = 0x02 #TASK_REQUEST_STOP = 0x04 ; tProfileOrigin #poUnk = 0xFFFFFFFF #poSystem = 1 #poUser = 2 #poLocalAdmin = 3 #poRemoteAdmin = 4 #poTemporary = 5 $TaskCheckOn = "TaskState,0" $TaskCheckTransit = "TaskState,1" $TaskCheckOff = "TaskState,2" $TaskCheckFail = "TaskState,3" ; tAdmFlags #PROFILE_ADMFLAG_GROUPTASK = 0x0010 #cREQUEST_DELAY_UP_TO_INTERNET_CONNECTION = 0x80000000 #cREQUEST_DELAY_MAKE_PERSISTENT = 0x40000000 #cREQUEST_DELAY_MAKE_PERSISTENT_60 = #cREQUEST_DELAY_MAKE_PERSISTENT | 60 #cREQUEST_DELAY_MAKE_PERSISTENT_180 = #cREQUEST_DELAY_MAKE_PERSISTENT | 180 #cREQUEST_DELAY_MAKE_PERSISTENT_300 = #cREQUEST_DELAY_MAKE_PERSISTENT | 300 #cREQUEST_DELAY_MAKE_PERSISTENT_900 = #cREQUEST_DELAY_MAKE_PERSISTENT | 900 #cREQUEST_DELAY_MAKE_PERSISTENT_1800 = #cREQUEST_DELAY_MAKE_PERSISTENT | 1800 #cREQUEST_DELAY_MAKE_PERSISTENT_3600 = #cREQUEST_DELAY_MAKE_PERSISTENT | 3600 #cREQUEST_DELAY_MAKE_PERSISTENT_10800 = #cREQUEST_DELAY_MAKE_PERSISTENT | 10800 #cREQUEST_DELAY_MAKE_PERSISTENT_18000 = #cREQUEST_DELAY_MAKE_PERSISTENT | 18000 ; licence states #eflUnknown = 0 #eflNoFeatures = 1 #eflOnlyUpdates = 2 #eflFunctionWithoutUpdates = 3 #eflFullFunctionality = 4 #ektUnknown = 0 #ektBeta = 1 #ektTrial = 2 #ektTest = 3 #ektOEM = 4 #ektCommercial = 5 #ektSubscription = 6 #edtUnknown = 0 #edtUndefined = 1 #edtUnlimited = 2 #edtLimited = 3 ; eSubscriptionStatus #ssNotSubscriptionLicense = 0 #ssExpDateUnknown = 1 #ssHasExpDateActivated = 2 #ssHasExpDateProlonged = 3 #ssHasExpDateCanceled = 4 #ssUnlimitedActivated = 5 #ssUnlimitedProlonged = 6 #ssGracePeriod = 7 #ssExpired = 8 #ekirUnknown = 0 #ekirValid = 1 #ekirExpired = 2 #ekirCorrupted = 3 #ekirNotSigned = 4 #ekirWrongProduct = 5 #ekirBlackListed = 6 #ekirIllegalUpdate = 7 #ekirInconsistentUpdate = 8 #ekirKeyCreationDateInvalid = 9 #ekirTrialAlreadyInUse = 10 #ekirInvalidBlacklist = 11 #ekirCantBeUsedAsReserved = 12 #ekirKeyInstallDateInvalid = 13 #ekirTrialPeriodIsOver = 14 #ekirConflictsWithCommercial = 15 #ekirExpiredAsReserve = 16 #eProtectionSafeMode = 0x100 #eProtectionNotInstalled = 0x200 ;enUpdateState #eUpdateNotAuto = 0x01 #eUpdateRunning = 0x02 #eUpdateError = 0x04 #eBasesNotActual = 0x08 #eBasesNotValid = 0x10 #eBasesOutOfDate = 0x20 #eUpdateNeedReboot = 0x40 #eBasesCorrupted = 0x100 ;enKeyState #eKeyOk = 0x000 #eKeyTrial = 0x001 #eKeyWillBeExpired = 0x002 #eKeyAboutExpiration = 0x008 #eKeyExpired = 0x010 #eKeyTrialExpired = 0x020 #eKeyBlocked = 0x040 #eNoKeys = 0x080 #eKeyInvalid = 0x100 #eKeyLimited = 0x200 #eKeyUpdateFailed = 0x400 #eKeyWaitActivation = 0x800 #eInitMode_Init = 0x01 #eInitMode_Silent = 0x02 #eInitMode_LoadSettings = 0x04 #eInitMode_NoReboot = 0x08 #eInitMode_NeedReboot = 0x10 $IsActiveKeyTrial = (global.LicInfo.KeyInfo.KeyType == #ektTrial) $IsActiveKeyCommercial = (global.LicInfo.KeyInfo.KeyType == #ektCommercial) $IsActiveKeyBlocked = (global.KeyState & #eKeyBlocked) $HasReserveKey = (global.ResLicInfo.KeyInfo.KeyType != #ektUnknown) $HasNoKeys = (global.LicInfo.KeyInfo.KeyType == #ektUnknown) $IsKeyExpired = (global.KeyState & (#eKeyExpired|#eKeyTrialExpired)) $IsTrialKeyExpired = (global.KeyState & #eKeyTrialExpired) $IsSubscription = (SubscriptionStatus != #ssNotSubscriptionLicense) $IsNonExpSubscription = (SubscriptionStatus != #ssNotSubscriptionLicense && SubscriptionStatus != #ssExpired) $IsSubAutoRefreshing = ($IsSubscription && !SubscriptionTolerancePassed && AutoActivationError.ErrorCode == 0 && SubscriptionStatus != #ssExpired) $IsRefreshSubAvail = $IsSubscription $ShowNoLicReminder = ($IsActiveKeyTrial || $IsKeyExpired || (global.KeyState & #eNoKeys) || SubscriptionStatus == #ssExpired) ; generic error codes #warnACCESS_DENIED = 0x00000045 #warnFALSE = 0x00000003 #errACCESS_DENIED = 0x80000045 #errOBJECT_NOT_FOUND = 0x800000C5 ; OS versions #OSVER_FAMILY_MASK = 0xFF000000 #OSVER_VERHIGH_MASK = 0x00FF0000 #OSVER_VERLOW_MASK = 0x0000FF00 #OSVER_BASE_MASK = #OSVER_FAMILY_MASK|#OSVER_VERHIGH_MASK|#OSVER_VERLOW_MASK #OSVER_FAMILY_9X = 0x01000000 #OSVER_FAMILY_NT = 0x02000000 #OSVER_WIN95 = #OSVER_FAMILY_9X|0x00040000 #OSVER_WINNT351 = #OSVER_FAMILY_NT|0x00033300 #OSVER_WINNT4 = #OSVER_FAMILY_NT|0x00040000 #OSVER_WIN2000 = #OSVER_FAMILY_NT|0x00050000 #OSVER_WINXP = #OSVER_FAMILY_NT|0x00050100 #OSVER_WIN2003 = #OSVER_FAMILY_NT|0x00050200 #OSVER_VISTA = #OSVER_FAMILY_NT|0x00060000 $IsVistaOS = (((OSVersionId & #OSVER_FAMILY_MASK) == #OSVER_FAMILY_NT) ? (OSVersionId & #OSVER_VERHIGH_MASK) >= 0x00060000 : 0) $IsWin2KOS = (((OSVersionId & #OSVER_FAMILY_MASK) == #OSVER_FAMILY_NT) ? ((OSVersionId & (#OSVER_VERHIGH_MASK|#OSVER_VERLOW_MASK)) == 0x00050000) : 0) ; processor types #PROCESSOR_ARCHITECTURE_INTEL = 0 #PROCESSOR_ARCHITECTURE_MIPS = 1 #PROCESSOR_ARCHITECTURE_ALPHA = 2 #PROCESSOR_ARCHITECTURE_PPC = 3 #PROCESSOR_ARCHITECTURE_SHX = 4 #PROCESSOR_ARCHITECTURE_ARM = 5 #PROCESSOR_ARCHITECTURE_IA64 = 6 #PROCESSOR_ARCHITECTURE_ALPHA64 = 7 #PROCESSOR_ARCHITECTURE_MSIL = 8 #PROCESSOR_ARCHITECTURE_AMD64 = 9 #PROCESSOR_ARCHITECTURE_UNKNOWN = 0xFFFF ; enum enNotifyIds #eNotifyNone = 0 #eNotifyThreats = 1 #eNotifySuspicious = 2 #eNotifyThreatNotCured = 3 #eNotifyThreatDeleted = 4 #eNotifyThreatQuarantined = 5 #eNotifyLicensing = 6 #eNotifyProduct = 7 #eNotifyUpdater = 8 #eNotifyBases = 9 #eNotifyAttackBlocked = 10 #eNotifyPswdArchive = 11 #eNotifyRuleTriggered = 12 #eNotifyPopups = 13 #eNotifyProtocoller = 14 #eNotifySelfProtection = 15 #eNotifyBan = 16 #eNotifySSL = 17 #eNotifyThreatsUntreated = 18 #eNotifyMyComputerNotScaned = 19 #eNotifyUpdateNeedReboot = 20 #eNotifyParCtl = 21 #eNotifyAppGroupChanged = 22 #eNotifyAppGroupChanged2Trusted = 23 ; enum enNotifySeverity #eNotifySeverityNone = 0 #eNotifySeverityCritical = 1 #eNotifySeverityError = 2 #eNotifySeverityImportant = 3 #eNotifySeverityNotImportant = 4 ; enum eUpdaterSourceType #UPDSRC_AK = 0 #UPDSRC_KL = 1 ;cDetectExclude triggers flags #AVS_fObjectMask =0x01 #AVS_fVerdictMask =0x02 #AVS_fTaskList =0x04 #AVS_fVerdictPath =0x08 ;cBLTrustedApp triggers flags #BL_fExclOpenFiles =0x01 #BL_fExclNet =0x02 #BL_fExclNetHost =0x04 #BL_fExclNetPort =0x08 #BL_fExclBehavior =0x10 #BL_fExclRegistry =0x20 #BL_fExclAll =(#BL_fExclOpenFiles|#BL_fExclBehavior|#BL_fExclRegistry|#BL_fExclNet) ;enPdm2EventType #PDM2_EVENT_HIDDEN_OBJ = 10 ; keyboard types #ktIbmEnhanced = 4 #ktJapanese = 7 ;------------- common enums ------------ [s_IsProcessor64Bit] #PROCESSOR_ARCHITECTURE_IA64 = 1 #PROCESSOR_ARCHITECTURE_ALPHA64 = 1 #PROCESSOR_ARCHITECTURE_AMD64 = 1 default = 0 [s_ProductLogo] kis = "titlekis" def = "titlekav" [PersonalOnly] aol=1 kis=1 kav=1 default=0 [CorporateOnly] aol=0 kis=0 kav=0 default=1 [LevelGroup3_ProtLevel] #SETTINGS_LEVEL_HIGH = 2 #SETTINGS_LEVEL_DEFAULT = 1 #SETTINGS_LEVEL_LOW = 0 [f_numdeclension] ret = if((@%100) >= 11 && (@%100) < 20, 0, switch(@%10, "numdeclension_10")) [f_n_days] ret = @ + " " + s_days(f_numdeclension(@)) [f_KeySerNum] p_KeyInfo ret = fmt("04X", p_KeyInfo.MemberID) + "-" + fmt("06X", p_KeyInfo.AppID) + "-" + fmt("08X", p_KeyInfo.KeySerNum) [f_IfErrThenMsg] ret = if(f_ErrFail(@0), msg(@1, #m_error, p_Err(@0)), #true) [f_ObjSize] ret = filesize(@, "FileSizeTypes") [f_LicenseKeysDiscartedDetailsVFmt] ret = "" + $LicInfoKeyNumber + "\n" + f_KeySerNum(LicInfo.KeyInfo.KeySerNum)\ + "\n" + $LicInfoKeyProductName + "\n" + LicInfo.KeyInfo.ProductName\ + "\n" + $LicInfoKeyType + "\n" + s_LicKeyType(LicInfo.KeyInfo.KeyType)\ + "\n" + $LicInfoExpirationDate + "\n" + date(LicInfo.KeyExpirationDate)\ + "\n" + $LicErrReason + "\n" + s_KeyInvalidReason(LicInfo.InvalidReason) [numdeclension_10] 1 = 1 2 = 3 = 4 = 2 default = 0 [f_Activate] ret = activate() [f_TurnSelfProtectionOn] ret = if(checkPassword(#pwdc_SaveSettings), turnSelfProtectionOn()) [f_RunAtStartup] ret = if(checkPassword(#pwdc_SaveSettings), runAtStartup()) [f_RestartApp] ret = if(msg("RestartProductWarning", #m_yesno|#m_warning), restartApp()) [f_RestartOs] ret = if(msg("RestartComputerWarning", #m_yesno|#m_warning), restartOs()) [f_StartUpdater] ret = window("MainWindow:Updater", p_postInit("setstate(#TASK_REQUEST_RUN, \"Updater\")")) [f_StartScanMyComputer] ret = window("MainWindow:Scan_My_Computer", p_postInit("prepareFullScanObjects(); f_setState(#TASK_REQUEST_RUN, \"Scan_My_Computer\")")) [f_StartScan] p_ProfileName ret = window("MainWindow:" + p_ProfileName), f_setState(#TASK_REQUEST_RUN, p_ProfileName) [f_SendMail] ret = if(mail(@), msg("ErrorSendEmail")) [f_StartAntiSpamTrainingWizard] ret = if(checkPassword(#pwdc_StopTask), window("OutlookPlugin.TrainingWizard")) [f_isInstalled] ret = isInstalled(@) [f_MainLightBlink] ret = if(l_LightProdStateSeverity != @ && @ != #eProtStateNormal, (l_LightProdStateSeverity = @, ctl.animate = 19)) [s_IsValidTime] 0xFFFFFFFF = 0 -1 = 0 default = 1 [s_IsProductNoFeatures] #eflUnknown = 1 #eflNoFeatures = 1 [s_IsFunctionalityLevel_Protection] #eflFullFunctionality = 1 #eflFunctionWithoutUpdates = 1 [s_IsFunctionalityLevel_Updater] #eflFullFunctionality = 1 #eflOnlyUpdates = 1 [f_AvzWizard] ret = g_AvzSingleton ? balloon("AvzAlreadyRunning") : if(checkPassword(#pwdc_StopTask), (g_AvzSingleton = 1, window(@))) [f_AvzDialog] ret = g_AvzSingleton ? balloon("AvzAlreadyRunning") : g_AvzSingleton = 1, dialog(@), g_AvzSingleton = 0 [f_UpdateExistUserProfile] p_Profile, p_Id ret = p_Profile ? ((p_Profile.settings.ProfileId == p_Id) ? msg("ParCtlAssignUserToProfileInfo") : f_ChangeExistUserProfile(p_Profile)) : #true [f_ChangeExistUserProfile] p_Profile ret = p_Profile.settings.ProfileId != #eParCtl_ProfId_Child ? msg(f_ParCtlAssignUserToProfileWarning(p_Profile.settings.ProfileId), #m_yesno|#m_warning) : #true [f_IsActiveKeyWorkingCommercial] ret = (global.KeyState & (#eKeyTrial | #eKeyExpired | #eKeyTrialExpired | #eKeyBlocked | #eNoKeys | #eKeyWaitActivation | #eKeyInvalid)) == 0 [f_IsKeyNotExpired] ret = (@ & (#eKeyExpired | #eKeyTrialExpired | #eKeyBlocked | #eNoKeys | #eKeyWaitActivation | #eKeyInvalid | #eKeyLimited)) == 0 [f_PrepareUpdateBeforeFullScan] ret = if(@ == #m_res_yes, f_StartUpdater()); @ ;------------- profile enums ------------ [ProfileName] Protection=$Protection Antivirus=$Antivirus File_Monitoring=$File_Monitoring Mail_Monitoring=$Mail_Monitoring Web_Monitoring=$Web_Monitoring Scan_Objects=$Scan_Objects Scan_My_Computer=$Scan_My_Computer Scan_Critical_Areas=$Scan_Critical_Areas Scan_Rootkits=$Scan_Rootkits Scan_Vulnerabilities=$Scan_Vulnerabilities Scan_Startup=$Scan_Startup Active_Disinfect=$Active_Disinfect AdvDis=$Active_Disinfect Anti_Spam=$Anti_Spam ParCtl=$ParCtl AdBlocker=$AdBlocker Updater=$Updater Rollback=$Rollback ids=$ids antidial=$antidial antiphishing=$antiphishing OnlineSecurity=$OnlineSecurity ContentFilter=$ContentFilter Hips=$Hips HipsTask=$Hips Firewall=$Fw SystemWatch=$SystemWatch SysWatch=$SysWatch pdm=$Pdm default = (bindok("type") && type == "ods") ? $QuickScan : ("<" + @ + ">") [s_ProfileIcon] Protection = "TaskKAV" av = "TaskAV" cf = "TaskCF" os = "TaskOS" sw = "TaskHIPS" ods = s_ProfileIcon_ods(name) updater = "b_updater" [s_ProfileIcon_ods] Scan_My_Computer = "TaskFullScan" Scan_Startup = "TaskQuickScan" def = "b_ods" [s_ProfileName] Protection=$Protection av=$Antivirus cf=$ContentFilter os=$OnlineSecurity sw=$SystemWatch ods=$Scan_Objects updater=$Updater [ProfileType] default="Unknown profile type: " + type [s_IsGroupProfile] Antivirus ContentFilter OnlineSecurity SystemWatch = 1 [f_IsProfileFailed] ret = @ == #StateFailed || @ == #StateMalfunction [s_ProfileError] rollback updater = s_UpdaterError(@1) hips = s_HipsError(@1) parctl = s_ParCtlError(@1) avz = s_AvzError(@1) def = s_SystemError(@1) [s_IsStateRunning] #StateRunning #StateStarting #StateReStarting #StateResuming #StateMalfunction = 1 [f_IsStateActive] ret = @ & #StateFlagActive [s_IsStateTransitional] #StateStarting #StateReStarting #StateResuming #StatePausing #StateStopping = 1 [TaskStartEnable] #StatePaused #StateStopped #StateCompleted #StateFailed #StateNotStarted #StateDisabled = 1 [TaskPauseEnable] #StateRunning #StateMalfunction = 1 [TaskStopEnable] #StateRunning #StatePaused #StateMalfunction = 1 [SettingsLevel] #SETTINGS_LEVEL_HIGH = $High #SETTINGS_LEVEL_DEFAULT = $Medium #SETTINGS_LEVEL_LOW = $Low #SETTINGS_LEVEL_CUSTOM = $Custom [s_ProfileStateFont] #StateRunning = $IsErr ? "Header1Green_u" : "Header1Green" #StatePaused #StateStopped #StateCompleted #StateNotStarted #StateDisabled = "Header1Grey" #StateStarting #StatePausing #StateResuming #StateStopping = "Header1LGreen" #StateFailed #StateMalfunction = "Header1Red_u" [s_ProfileSmallStateFont] #StateRunning = $IsErr ? "Normal_Green_u" : "Normal_Green" #StatePaused #StateStopped #StateCompleted #StateNotStarted #StateDisabled = "Normal_Grey" #StateStarting #StatePausing #StateResuming #StateStopping = "Normal_Green" #StateFailed #StateMalfunction = "Normal_Red_u" [s_ProfileStateImage] #StateRunning = $TaskCheckOn #StatePaused #StateStopped #StateCompleted #StateNotStarted #StateDisabled = $TaskCheckOff #StateStarting #StatePausing #StateResuming #StateStopping = $TaskCheckTransit #StateFailed #StateMalfunction = $TaskCheckFail [s_ProfileStateClick] #StatePaused #StateStopped #StateCompleted #StateNotStarted #StateDisabled = enable(1) #StateRunning #StateFailed #StateMalfunction = if(checkPassword(#pwdc_StopTask), enable(0)) #StateStarting #StatePausing #StateResuming #StateStopping = "" ;------------- EmulatorLevelsProductValues ------------- [EmulatorLevels_scan] 10 = 2 5 = 1 3 = 0 [EmulatorLevels_OAS] 10 = 2 3 = 1 1 = 0 [EmulatorLevels_Web] 50 = 2 10 = 1 1 = 0 ;------------- Scheduler enums ------------ [Global] #schmManual = 0 #schmEnabled = 1 #schmAuto = 2 #schtMinutely = 0 #schtHourly = 1 #schtDaily = 2 #schtWeekly = 3 #schtExactTime = 4 #schtMonthly = 5 #schtOnStartup = 6 #schtAfterUpdate = 7 #schEveryDays = 0 #schEveryWeekday = 1 #schEveryHoliday = 2 $SchedulerDescription = switch(Mode, "SchedulerDescription") [Scheduler_Time_Show] #schtDaily #schtWeekly #schtMonthly = #true [Scheduler_RunIfSkipped_Show] #schtExactTime #schtDaily #schtWeekly #schtMonthly = #true [f_ErrFail] ret = @ & 0x80000000 [f_GetProfileErrorText] ret = name == "Web_Monitoring" ? (f_ErrFail(httpscan.lastErr) ? s_ProfileError("httpscan", httpscan.lastErr) : s_ProfileError("sc", sc.lastErr)) : s_ProfileError(type, lastErr) [Global] ProfileErrorInfo.caption = $ProfileName ProfileErrorInfo = $ProfileName + ": " + f_GetProfileErrorText() + "\n" + $KnowledgeBaseLinkText + "" ;-------------------- GlobalEvents ------------------------- ; Hips enums [Global] ; InterfaceTypes #If_other = 0 #If_LoopBack = 1 #If_Ethernet = 2 #If_WiFi = 3 #If_Tunnel = 4 #If_PPP = 5 #If_PPPoE = 6 #If_VPN = 7 #If_Modem = 8 #If_Internet =100 #If_OtherNetwork =101 ; WebService flags #wsProtocol = 0x01 #wsIcmpCode = 0x02 #wsIcmpType = 0x04 ; WebService direction #wsIn = 1 #wsOut = 2 #wsInOut = 3 #wsInStream = 4 #wsOutStream = 5 ;fw zone severity #znAll = 0 #znTrusted = 1 #znNetBIOS = 2 #znUntrusted = 3 ;fw zone flags #znPermanent = 0x1 #znConfirmOnConnect = 0x2 #znUptoGateway = 0x4 #znARPWatch = 0x8 #znConnectedProgram = 0x40 #znDisconnectedprogram = 0x80 #znDefPrinter = 0x100 #znSavDefPrinter = 0x200 #znWallPaper = 0x400 #znStealth = 0x8000 #znNotifyWhenConnected = 0x200000 #znNewMacNotify = 0x800000 #znChgMacNotify = 0x1000000 #znArpPoison = 0x2000000 ;fw zone state flags #znVisible = 0x01 #znConnected = 0x10 ;fw adapter flags #znAskWhenNewZones = 0x1 #znAskOnlyWhenSecureZones = 0x2 #znTemporaryNewZones = 0x4 #znStealthForNewZones = 0x20 ;fw work mode #fwAllowAll = 4 #fwAllow = 3 #fwAsk = 2 #fwBlock = 1 #fwBlockAll = 0 ;fw work flags #fwFtpTracking = 0x004 #fwDhcpTracking = 0x008 #fwCantAskDeny = 0x040 #fwNotShutDown = 0x080 #HIPS_RULE_STATE_DENY = 0 #HIPS_RULE_STATE_ALLOW = 1 #HIPS_RULE_STATE_ASK = 2 #HIPS_RULE_STATE_MIX = 3 #HIPS_RULE_STATE_UNK = 4 #HIPS_RULE_STATE_INH_DENY = 5 #HIPS_RULE_STATE_INH_ALLOW = 6 #HIPS_RULE_STATE_INH_ASK = 7 #HIPS_RULE_STATE_INH_MIX = 8 #HIPS_RULE_STATE_INH_UNK = 9 #HIPS_RULE_STATE_INH = 10 #HIPS_RULE_TYPE_PACKET = 4 #HIPS_RULE_TYPE_FW = 7 #HIPS_FLAG_ALLOW = 0 #HIPS_FLAG_ASK = 1 #HIPS_FLAG_BYAPP = 2 #HIPS_FLAG_DENY = 3 #HIPS_FLAG_LOG = 4 #HIPS_FLAG_INHERIT = 8 #HIPS_FLAG_ALL_ACTIONS = 3 #HIPS_FLAG_ALL_ACTIONS_INH = 0xb #HIPS_APP_FLAG_NOINHERIT = 0x08 #HIPS_RESID_FLAG_USER = 0x40000000 #HIPS_APPID_FLAG_GROUP = 0x80000000 #HIPS_APPID_FLAG_USER = 0x40000000 #HIPS_APPID_ROOT = 0x80000001 #nafWasTerminated = 0x0001 ; hips resource types & flags #rtFileInfo = 0x0002 #rtRegKeyInfo = 0x0003 #rtWebService = 0x0006 #rtIpRange = 0x0007 #rtMask = 0x000f #rfEnabled = 0x0020 #rfResourceView = 0x0040 #rfFilesRegistryView = 0x0080 #rfRulesView = 0x0100 #rfDisableEdit = 0x0200 #rfCreateByUser = 0x0400 ; hips resource group IDs #riKLWebServices = 7 #riIPRanges = 8 ; hips resource struct types #stFileInfo = 0xbf8d0000 #stRegKeyInfo = 0xbf8d0100 #stWebService = 0xbf8d2000 #stIpRange = 0xbf8d2100 #stFwEvent = 0xbf8d1800 ; hips resource group search macro $rfKLWebServices = Resource.treeFind("Childs", "Id == #riKLWebServices") $rfKLIPRanges = Resource.treeFind("Childs", "Id == #riIPRanges") $rfKLNetwork = Resource.treeFind("Childs", "Name == \"KLNetwork\"") #ehsssAllow = 0 #ehsssDeny = 1 #ehsssApp = 2 ; extenal plugin mask #mpOutlook = 0x02 #mpOutlookExpress = 0x04 #mpTheBat = 0x08 #mpEudora = 0x10 #mpThunderbird = 0x20 ; pdm virdict flags #vfSkipTrusted = 0x01 #vfSkipWormP2P = 0x02 #vfSkipTrojGen = 0x04 #vfSkipKeylogger = 0x08 #vfSkipSuspDrvInst = 0x10 #vfSkipIrpTableChange = 0x20 #vfSkipHiddenObj = 0x40 #vfSkipNegativePID = 0x80 #vfSkipWormGen = 0x100 [s_AddrFilter] 50 = "ResIdEx2 != 51 && ResIdEx2 != 52" 51 = "ResIdEx2 != 50 && ResIdEx2 != 52" 52 = "ResIdEx2 != 50 && ResIdEx2 != 51" def = "" [s_AddrInit] 0 = 0 50 = 51 = 52 = ctl.NetSel.value = @; 1 def = ctl.List.focus("Id == " + @); 2 [s_AddrGet] 1 = ctl.NetSel.value 2 = ctl.List.seldata().Id def = 0 [s_LogFilter] ; 0x2 - allow, 0x4 - out, 1 = "!(Flags & 2)" 2 = "!(Flags & 6)" 3 = "(Flags & 6) == 4" 4 = "Flags & 2" 5 = "(Flags & 6) == 2" 6 = "(Flags & 6) == 6" def = "" [Global] $AddressesFormat = Address ? Address + " (" + f_formatIpAddr(AddressIP) + ")" : ip(IP) [f_formatPortsSimple] ret = format(@, "e") [f_formatPorts] ret = format(@, "PortLo == PortHi ? PortLo : PortLo + \" - \" + PortHi") [f_formatIps] ret = format(@, "e") [f_formatIpAddr] ret = format(@, "ip(ser(Version))") [f_NetProtocol] ret = if(@.Flags & #wsProtocol, s_Protocols(@.Proto)) [f_setState] ret = if(@0 == #TASK_REQUEST_RUN || checkPassword(#pwdc_StopTask), setstate(@0, @1, @2)) [f_formatGrpPath] ret = @.format("s_ResGroupName(sName)", "/") [s_ResGroupIcon] KLSystemData = "system" KLWebServices = "netservice" KLIPRanges = "netadress" def = "appgroup" [s_DevicesGroupIcon] def = @1 ? "devices" : "appgroup" [s_ResourceDescription] #stFileInfo = Data.Path #stRegKeyInfo = Data.KeyPath #stWebService = Name #stIpRange = Name def = "unknown resource type: 0x" + fmt("08x", @) [s_ResourceDescriptionIcon] #stFileInfo = "resfile" #stRegKeyInfo = "registry" #stWebService = "netservice" #stIpRange = "netadress" def = "unkobj" [s_ResourceDialog] #stFileInfo = browseobject(Data.Path, "BrowseForFile", #SHELL_OBJTYPE_FILE | #SHELL_OBJTYPE_FOLDER | #SHELL_OBJTYPE_MASK) #stRegKeyInfo = browseregistry(Data, "BrowseForRegistry", #SHELL_OBJTYPE_REGKEY | #SHELL_OBJTYPE_REGVALUE | #SHELL_OBJTYPE_MASK) #stWebService = dialog("WebServiceEdit") #stIpRange = dialog("IpRangeEdit") [f_ResourceType] ret = @ & #rtMask ? mask(Flags, #rtMask) = @ : menu("Hips_ResListAddMenu") [s_ResourceSerID] #rtFileInfo = #stFileInfo #rtRegKeyInfo = #stRegKeyInfo #rtWebService = #stWebService #rtIpRange = #stIpRange [s_RuleState] #HIPS_RULE_STATE_DENY = "States,2" #HIPS_RULE_STATE_ALLOW = "States,0" #HIPS_RULE_STATE_ASK = "States,6" #HIPS_RULE_STATE_MIX = "States,4" #HIPS_RULE_STATE_UNK = "States,10" #HIPS_RULE_STATE_INH_DENY = "States,3" #HIPS_RULE_STATE_INH_ALLOW = "States,1" #HIPS_RULE_STATE_INH_ASK = "States,7" #HIPS_RULE_STATE_INH_MIX = "States,5" #HIPS_RULE_STATE_INH_UNK = "States,11" [f_AppRuleIcon] ret = mergeIcon(s_AppRuleIcon(@ & #HIPS_FLAG_ALL_ACTIONS_INH), if(@ & #HIPS_FLAG_LOG, @ & #HIPS_FLAG_INHERIT ? "States,9" : "States,8")) [f_DeviceRuleIcon] ret = mergeIcon(s_AppRuleIcon(@ & #HIPS_FLAG_ALL_ACTIONS_INH), if((@ & #HIPS_FLAG_LOG) && (@ & #HIPS_FLAG_ALL_ACTIONS) == #HIPS_FLAG_DENY, @ & #HIPS_FLAG_INHERIT ? "States,9" : "States,8")) [f_PacketRuleIcon] ret = mergeIcon(s_AppRuleIcon(@ & #HIPS_FLAG_ALL_ACTIONS_INH), if((@ & #HIPS_FLAG_LOG) && (@ & #HIPS_FLAG_ALL_ACTIONS) != #HIPS_FLAG_BYAPP, @ & #HIPS_FLAG_INHERIT ? "States,9" : "States,8")) [f_UnknownApp] ret = f_UnknownAppEx(@, @1, objfile(@1)) [f_UnknownAppEx] ret = stricmp(@2, "avp.exe") == 0 ? $ProductName : (@ ? @ : (@1 ? @2 : $UnknownApp)) [s_AppRuleIcon] #HIPS_FLAG_ALLOW = "States,0" #HIPS_FLAG_ALLOW | #HIPS_FLAG_INHERIT = "States,1" #HIPS_FLAG_DENY = "States,2" #HIPS_FLAG_DENY | #HIPS_FLAG_INHERIT = "States,3" #HIPS_FLAG_BYAPP = "States,10" #HIPS_FLAG_BYAPP | #HIPS_FLAG_INHERIT = "States,11" #HIPS_FLAG_ASK = "States,6" #HIPS_FLAG_ASK | #HIPS_FLAG_INHERIT = "States,7" [f_isStream] ret = @ == #wsOutStream || @ == #wsInStream || @ == #wsInOut [f_isTcpUdp] ret = @ == 6 || @ == 17 [f_isTcpUdpEx] ret = !(@.Flags & #wsProtocol) || f_isTcpUdp(@.Proto) [f_isIcmp] ret = @ == 1 || @ == 58 [f_fwRuleAdd] ret = AppIdEx = @; RuleTypeId = @ ? #HIPS_RULE_TYPE_FW : #HIPS_RULE_TYPE_PACKET; RuleId = getHipsNewRuleID(); dialog("PacketRuleEdit") [s_IcmpCode] default = "code " + @ [f_NetAddr] ret = f_NetAddrEx(@, resolveIp(@)) [f_NetAddrEx] ret = @1 ? @1 + " (" + ip(@) + ")" : ip(@) [f_NetActionDescr] ret = @ ? (@1 ? $TcpOut : $TcpIn) : (@1 ? $UdpOut : $UdpIn) [f_AlertNetAdressDescr] ret = @ ? (@1 ? $AlertTcpOut : $AlertTcpIn) : (@1 ? $AlertUdpOut : $AlertUdpIn) [f_NetAdapterIcon] ret = "network_types" + if(@3, 32) + "," + (s_NetAdapterIconType(@0) + (@2 & #znConnected ? 0 : 1)) [s_NetAdapterIconType] #If_WiFi = 9 #If_Tunnel #If_PPP #If_PPPoE #If_VPN = 6 #If_Modem = 3 def = 0 [s_NetZoneTypeIcon] #znTrusted = "trusted" #znNetBIOS = "local" def = "internet16" [s_NetDirectionIcon] #wsIn = "directions,1" #wsOut = "directions,3" #wsInOut = "directions,2" #wsInStream = "directions,0" #wsOutStream = "directions,4" [Global] $ExportAll = msg("ExportAll", #m_yesno|#m_warning) $ImportAll = msg("ImportAll", #m_yesno|#m_warning) [f_browseFileSave] ret = browsefilesave(l_browseFileSavePath, @0, @1); l_browseFileSavePath [f_browseFileOpen] ret = browsefileopen(l_browseFileOpenPath, @0, @1); l_browseFileOpenPath ;------------- MakeRescueDiskWizard -------------- [Global] ; enRdiskTriggers #wzRdiskBartPE_Prepare = 0x00000001 #wzRdiskBartPE_Prepare_Progress = 0x00000002 #wzRdiskBartPE_MakeIso = 0x00000004 #wzRdiskBartPE_MakeIso_Progress = 0x00000008 #wzRdiskBartPE_BurnCd = 0x00000010 #wzRdiskBartPE_BurnCd_Progress = 0x00000020 [s_AlertDialogOutline] 1 = "AlertOutlineRed" 2 4 = "AlertOutlineYellow" def = "AlertOutline" [s_DlgHeader] 1 = "DlgHeaderRed" 2 4 = "DlgHeaderYellow" def = "DlgHeader" [s_DlgFooter] 1 = "DlgFooterRed" 2 4 = "DlgFooterYellow" def = "DlgFooter" [s_DetectDanger2ProtSeverity] 1 = #eProtStateCrit 2 4 = #eProtStateWarn def = #eProtStateNormal [AlertDialog_Body_Action] $Def = const(if(DefaultAction == ctl.parent.value, $AlertDefault)) [NewNetwork_Body_Actions] $Def = const(if(Severity == ctl.parent.value, $AlertDefault)) [Global] #fPiwActivation = 0x01 #fPiwSettings = 0x02 #fPiwReset = 0x04 ;------------ Threats list filter --------------------- [Global] $IsThreatsFor_SystemWatch = s_IsThreatsFor_SystemWatch(TaskType) $IsThreatsFor_Antivirus = s_IsThreatsFor_Antivirus(TaskType) $IsThreatsFor_OnlineSecurity = s_IsThreatsFor_OnlineSecurity(TaskType) $IsThreatsFor_Scan = TaskType == "ods" [s_IsThreatsFor_SystemWatch] Hips pdm SysWatch = 1 [s_IsThreatsFor_Antivirus] oas mc httpscan sc wmuf = 1 [s_IsThreatsFor_OnlineSecurity] antidial antiphishing ids = 1 [s_CmnStatGroup] #eVirware = 1 #eTrojware = 1 #eMalware = 1 #eAdware = 2 #ePornware = 2 #eRiskware = 2 #eXFiles #eSoftware #eVulnerability #ePhishing #eDialing #eAttack #eBanner #eUnwantedWebContent #eSpam #eProbableSpam #eHam #eFileAccess #eRegistryAccess #eNetworkAccess #eHardwareAccess #eSecurityAccess #eSuspicionActivity default = 3 [f_TaskTypeExcludable] ret = @ == "avs" || s_TaskTypeExcludable(@) [s_TaskTypeExcludable] oas = $File_Monitoring mc = $Mail_Monitoring wm = $Web_Monitoring hipstask = $Hips pdm = $Pdm ods = $Scan ;$DefaultAlertText=$(LicInvalidReason,DefaultTextForSpecifiedReason) $DefaultAlertText=s_DefaultTextForSpecifiedReason(global.LicInvalidReason) [s_DefaultTextForSpecifiedReason] #ekirValid=s_DefaultTextForValidReason(LicInfo.KeyInfo.KeyType) #ekirExpired=s_DefaultExpirationText(LicInfo.KeyInfo.KeyType) #ekirTrialPeriodIsOver=s_DefaultExpirationText(LicInfo.KeyInfo.KeyType) default=$ProductNotificationText [s_DetectTypeModification] #DETYPE_REGISTRY = default = s_TaskTypeModification(@1) [s_DetectSureTypes] #DSTATUS_SURE = s_DetectType(@) default = s_DetectType(@) + s_DetectTypeModification(@, @1) [s_AlertObjectLabel_AddInfo_Pid] 0 = default = "\ (PID: " + @ + ")" [f_RemoveTags] ret = removetags(@, #RemTags|#RemCRLF) [f_MakeLink] ret = @ ? "" + @2 + "" : @2 ;------------- Chart enums ------------ [Global] #ChartMode_CheckedObjects = 0 #ChartMode_DetectedObjects = 1 [f_Reset] ret = reset(dialog("SettingsReset")) [s_TroubleGroup] 0 = 0 1 = 1 def = 2