[Global] #eProtStateNormal = 0 #eProtStateWarn = 1 #eProtStateCrit = 2 #eUpdateNotAuto = 0x01 #eUpdateRunning = 0x02 #eUpdateError = 0x04 #eBasesNotActual = 0x08 #eBasesNotValid = 0x10 #eBasesOutOfDate = 0x20 #eUpdateNeedReboot = 0x40 #eUpdateCompleted = 0x80 #eBasesCorrupted = 0x100 #eVulnerabilityDetected = 0x01 #ePheashingDetected = 0x02 #eAttackBlocked = 0x04 #eAllTreated = 0x08 #eAntiSpamNeedTraining = 0x10 #eThreatsNeedReboot = 0x40 #eThreatsMalwareUntreated = 0x80 #eThreatsRiskwareUntreated = 0x100 #eOnBatteriesScanOff = 0x01 #eScanRunning = 0x02 #eMyComputerNotScanned = 0x04 #eTasksNotRunning = 0x08 #eTasksDisabled = 0x10 #eTasksMalfunction = 0x20 #eProtectionNotRunnig = 0x40 #eProtectionDisabled = 0x80 #eProtectionSafeMode = 0x100 #eProtectionNotInstalled = 0x200 ; Product states #ProdStateProductNews = 1 #ProdStateProductNotAutoRun = 2 #ProdStateProductNotActivated = 3 #ProdStateProductAdminPolicy = 4 #ProdStateProductNotProtected = 7 #ProdStateTasksDisabledByPolicy = 8 #ProdStateProductIsBeta = 9 #ProdStateKeyTrial = 14 #ProdStateKeyWillBeExpired = 15 #ProdStateKeyGracePeriod = 16 #ProdStateKeyAboutExpiration = 17 #ProdStateKeyExpired = 18 #ProdStateKeyTrialExpired = 19 #ProdStateKeyBlocked = 20 #ProdStateNoKeys = 21 #ProdStateKeyInvalid = 22 #ProdStateKeyLimited = 23 #ProdStateKeyUpdateFailed = 24 #ProdStateKeyWaitActivation = 25 #ProdStateKeySuspended = 26 #ProdStateFirewallBlockAll = 27 #ProdStateOnDemandTaskRunning = 28 #ProdStateMyComputerNotScanned = 29 #ProdStateTasksNotRunning = 30 #ProdStateTasksDisabled = 31 #ProdStateTasksMalfunction = 32 #ProdStateProtectionNotRunning = 33 #ProdStateProtectionDisabled = 34 #ProdStateProtectionSafeMode = 35 #ProdStateProtectionNotInstalled = 36 #ProdStateHighRiskTasksNotRunning = 37 #ProdStateHighRiskTasksDisabled = 38 #ProdStateUpdateNotAuto = 40 #ProdStateBasesNotActual = 43 #ProdStateBasesNotValid = 44 #ProdStateBasesOutOfDate = 45 #ProdStateUpdateNeedReboot = 46 #ProdStateBasesCorrupted = 48 #ProdStateAntiSpamNeedTraining = 57 #ProdStateThreatsNeedReboot = 59 #ProdStateThreatsMalwareUntreated = 60 #ProdStateThreatsRiskwareUntreated= 61 #ProdStateSomeSkipped = 0xFFFFFFFF #ProdStateAllOk = 0 #eNotifySeverityCritical = 1 #eNotifySeverityError = 2 #eNotifySeverityImportant = 3 #eNotifySeverityNotImportant = 4 #eLicenseNotificationSeverityNone = 0 #eLicenseNotificationSeverityCritical = 1 #eLicenseNotificationSeverityError = 2 #eLicenseNotificationSeverityImportant = 3 #eLicenseNotificationSeverityNotImportant = 4 #eLicenseNotificationSeverityInfoCritical = 5 #eLicenseNotificationSeverityInfoError = 6 $NotifyEventSeverity = s_VerdictIcon2ProdStateSeverity(s_VerdictIcon(Verdict)) ; ePasswordConfirmReason #pwdc_OpenWindow = 0 #pwdc_SaveSettings = 1 #pwdc_StopTask = 2 #pwdc_Exit = 3 #pwdc_StopService = 4 #pwdc_Activate = 5 #pwdc_SaveStateAndSettings = 6 #pwdc_StartTask = 7 $TreatIcon_High = "crit" $TreatIcon_Med = "med" $TreatIcon_Inactive = "low" $TreatIcon_Clean = "clean" $TreatIcon_Cured = "ok" $TreatIcon_CuredDelayed = "ok_warn" QBOperationError = s_QBOperationsError(OperationCode) ProductEventSeverityText = s_ProductEventSeverityText(Severity) + ": " ; alert macro #AlertActionActiveDetect = 0xf0804 $AlertAppLink = (appID ? "" + s_AppName(appID) + "" : $UnknownApp) $AlertImgPathLink = "" + objfile(sImagePath) + "" $ActionUseToExclude = ($ActionUseToExclude1 || $ActionUseToExclude2 || $ActionUseToExclude3) && !($ActionNoEx) $ActionUseToExclude1 = (nPID != 0 && s_IsUseableToExclude(TaskType) && (EventType != #PDM2_EVENT_HIDDEN_OBJ || EventType != #PDM2_EVENT_NEGATIVE_PID) && (nActionID != #AlertActionActiveDetect) && (Action != #PDM2_ACTION_ROLLBACK)) $ActionUseToExclude2 = (EventType == #PDM2_EVENT_KEYLOGGER && AdditionalInfo) $ActionUseToExclude3 = (TaskType == "pdm" && EventType == #PDM2_EVENT_IRP_TABLE_CHANGED) || (TaskType == "hipstask" && Action == #evtDrvStart && !nOwnerID) $ActionNoEx = (TaskType == "pdm" && Action == #PDM2_ACTION_BLOCKED_APP_START) $UseApplyToAll = !(ApplyToAll & #APPLYTOALL_NONE) && (TaskType=="ods" || TaskType=="avs" || (TaskID!=#eTASK_AP && (nPID == 0 || DetectType!=#DETYPE_RISKWARE))) $g_phish1 = (s_IsStateRunning(Web_Monitoring.state) && httpscan.HTTPSettings.UseAntiphishing) $g_phish2 = (s_IsStateRunning(IM_Monitoring.state) && IM_Monitoring.UseAntiphishing) $g_phish3 = (s_IsStateRunning(Anti_Spam.state) && Anti_Spam.UseAntiphishing) $g_antiphishInstall = f_isInstalled("IM_Monitoring") || f_isInstalled("Web_Monitoring") || f_isInstalled("Anti_Spam") $g_antiphishAll = ($g_phish1 || !f_isInstalled("Web_Monitoring")) && ($g_phish2 || !f_isInstalled("IM_Monitoring")) && ($g_phish3 || !f_isInstalled("Anti_Spam")) && $g_antiphishInstall $g_antiphishAny = $g_phish1 || $g_phish2 || $g_phish3 #green = 1 #gray = 2 #red = 3 #warn = 4 [s_EnableAntiPhishing] #red = httpscan.HTTPSettings.UseAntiphishing = false;IM_Monitoring.UseAntiphishing = false;Anti_Spam.UseAntiphishing = false;enable(false, "IM_Monitoring"); enable(false,"Web_Monitoring"); enable(false,"Anti_Spam") #green = httpscan.HTTPSettings.UseAntiphishing = false;IM_Monitoring.UseAntiphishing = false;Anti_Spam.UseAntiphishing = false #warn = httpscan.HTTPSettings.UseAntiphishing = false;IM_Monitoring.UseAntiphishing = false;Anti_Spam.UseAntiphishing = false #gray = httpscan.HTTPSettings.UseAntiphishing = true;IM_Monitoring.UseAntiphishing = true;Anti_Spam.UseAntiphishing = true;enable(true, "IM_Monitoring"); enable(true,"Web_Monitoring"); enable(true,"Anti_Spam") def = @ [s_IsUseableToExclude] pdm = DetectType==#DETYPE_RISKWARE ? 1 : 0 oas ods avs = DetectDanger == #DETDANGER_HIGH ? 0 : 1 [s_VerdictPathMask] pdm = AdditionalInfo [s_VerdictIcon2ProdStateSeverity] crit = #eProtStateCrit med = #eProtStateWarn def = #eProtStateNormal [s_IsEventObjClickable] #evtPrtStgAccess = #evtUseBITS = #evtUseDNS = 0 default = !Verdict [s_TrayProductStateList] #ProdStateOnDemandTaskRunning #ProdStateProtectionDisabled [s_ProductStateList] #ProdStateProductNotActivated #ProdStateKeyBlocked #ProdStateKeyInvalid #ProdStateKeyLimited #ProdStateKeyTrialExpired #ProdStateKeyExpired #ProdStateKeySuspended #ProdStateKeyUpdateFailed #ProdStateNoKeys #ProdStateKeyWaitActivation #ProdStateThreatsNeedReboot ;#ProdStateProductAdminPolicy #ProdStateThreatsMalwareUntreated #ProdStateBasesCorrupted #ProdStateBasesNotValid #ProdStateBasesNotActual #ProdStateKeyAboutExpiration #ProdStateKeyGracePeriod #ProdStateTasksMalfunction #ProdStateHighRiskTasksDisabled #ProdStateHighRiskTasksNotRunning #ProdStateProtectionNotRunning #ProdStateProtectionDisabled #ProdStateFirewallBlockAll #ProdStateProductNotProtected #ProdStateUpdateNeedReboot #ProdStateBasesOutOfDate #ProdStateThreatsRiskwareUntreated #ProdStateTasksDisabled #ProdStateTasksNotRunning #ProdStateKeyWillBeExpired #ProdStateKeyTrial #ProdStateProductNotAutoRun #ProdStateUpdateNotAuto #ProdStateProtectionSafeMode #ProdStateAntiSpamNeedTraining #ProdStateProductIsBeta #ProdStateSomeSkipped [s_ProductStateList_Threats] #ProdStateThreatsMalwareUntreated #ProdStateThreatsRiskwareUntreated #ProdStateThreatsNeedReboot [s_IsLicInvalidReason_NeedUpdate] #ekirInvalidBlacklist #ekirIllegalUpdate #ekirInconsistentUpdate = 1 default = 0 [s_ProductLinkText] #ProdStateKeyBlocked = $LinkTechnicalSupport #ProdStateKeyInvalid = s_IsLicInvalidReason_NeedUpdate(LicInfo.InvalidReason) ? if(f_isInstalled("Updater"), $LinkUpdateNow) : $LinkMoreDetails #ProdStateKeyLimited = $LicenseManager #ProdStateKeyTrialExpired #ProdStateKeyExpired #ProdStateNoKeys #ProdStateProductNotActivated = $LinkActivate #ProdStateKeySuspended #ProdStateKeyUpdateFailed = $LinkUpdateSubsriptionStatus #ProdStateProtectionSafeMode #ProdStateThreatsNeedReboot #ProdStateUpdateNeedReboot = $LinkRestartComputer #ProdStateThreatsMalwareUntreated #ProdStateThreatsRiskwareUntreated = $LinkTreatAll #ProdStateProductNotProtected = $LinkProtect #ProdStateProductNotAutoRun = $LinkAutoRun #ProdStateBasesCorrupted #ProdStateBasesNotValid #ProdStateBasesNotActual #ProdStateBasesOutOfDate = ($IsRD || $IsKAT) ? $LinkProductBundleDownload : (s_IsFunctionalityLevel_Updater(LicInfo.FuncLevel) ? if(f_isInstalled("Updater"), $LinkUpdateNow) : $LinkActivate) #ProdStateKeyWillBeExpired #ProdStateKeyGracePeriod #ProdStateKeyAboutExpiration = $LicensingSubsystem #ProdStateTasksMalfunction = $LinkRepairInstall #ProdStateProtectionNotRunning #ProdStateProtectionDisabled = $LinkProtectionTurnOn #ProdStateHighRiskTasksDisabled #ProdStateTasksDisabled = $LinkServicesTurnOn #ProdStateHighRiskTasksNotRunning #ProdStateTasksNotRunning = $LinkServicesResume #ProdStateMyComputerNotScanned = $LinkScanMyComputer #ProdStateOnDemandTaskRunning = $LinkDetails #ProdStateKeyTrial = $LinkGetFullLicense #ProdStateAntiSpamNeedTraining = $LinkStartAntiSpamTrainingWizard #ProdStateFirewallBlockAll = $LinkFirewallUnBlock #ProdStateProductIsBeta = if(!$IsRD, $BetaForumLinkCaption) #ProdStateSomeSkipped = $LinkProdStateSomeSkipped [s_ProductLinkClick] #ProdStateKeyBlocked = url(env("SupportLink")) #ProdStateKeyInvalid = s_IsLicInvalidReason_NeedUpdate(LicInfo.InvalidReason) ? f_StartUpdater() : window("LicenseManager") #ProdStateKeyLimited = window("LicenseManager") #ProdStateKeyTrialExpired #ProdStateKeyExpired #ProdStateNoKeys #ProdStateKeySuspended #ProdStateProductNotActivated = $IsSubscription? window("LicenseManager") : f_Activate() #ProdStateKeyUpdateFailed = $IsSubscription? update_subscr_status() : f_Activate() #ProdStateProtectionSafeMode #ProdStateThreatsNeedReboot #ProdStateUpdateNeedReboot = f_RestartOs() #ProdStateThreatsMalwareUntreated #ProdStateThreatsRiskwareUntreated = threatsNeutralize() #ProdStateProductNotProtected = f_TurnSelfProtectionOn() #ProdStateProductNotAutoRun = f_RunAtStartup() #ProdStateBasesCorrupted #ProdStateBasesNotValid #ProdStateBasesNotActual #ProdStateBasesOutOfDate = ($IsRD || $IsKAT) ? url(env("ProductBundleDownloadLink")) : (s_IsFunctionalityLevel_Updater(LicInfo.FuncLevel) ? f_StartUpdater() : f_Activate()) #ProdStateKeyWillBeExpired = window("LicenseManager") #ProdStateKeyGracePeriod #ProdStateKeyAboutExpiration = window("LicenseManager") #ProdStateTasksMalfunction = f_repairProduct() #ProdStateProtectionNotRunning = setstate(#TASK_REQUEST_RUN, "Protection") #ProdStateHighRiskTasksDisabled #ProdStateTasksDisabled #ProdStateProtectionDisabled = enable(1, "Protection") #ProdStateHighRiskTasksNotRunning = setstate(#TASK_REQUEST_RUN, "File_Monitoring") #ProdStateTasksNotRunning = setstate(#TASK_REQUEST_RUN, "Anti_Spam"),setstate(#TASK_REQUEST_RUN, "AdBlocker"),setstate(#TASK_REQUEST_RUN, "ParCtl"),setstate(#TASK_REQUEST_RUN,"OnlineSecurity"), setstate(#TASK_REQUEST_RUN,"SystemWatch"), setstate(#TASK_REQUEST_RUN,"Mail_Monitoring"),setstate(#TASK_REQUEST_RUN,"Web_Monitoring") #ProdStateOnDemandTaskRunning = window(profile(ScanningTaskId).type == "updater" ? "MainWindow:Updater:Events" : "MainWindow:Scan_Objects:Events") #ProdStateMyComputerNotScanned = f_StartScanMyComputer() #ProdStateKeyTrial = buy(global.LicRenewStatus != 2) #ProdStateAntiSpamNeedTraining = f_StartAntiSpamTrainingWizard() #ProdStateFirewallBlockAll = Hips.FirewallSettings.WorkingMode = #fwAllow #ProdStateProductIsBeta = url(env("ForumLink") + "//index.php?showforum=" + $BetaForumLinkSuffix) #ProdStateSomeSkipped = prodStateEnable(-1) [s_ProductLinkText2] #ProdStateKeyWaitActivation #ProdStateThreatsMalwareUntreated #ProdStateThreatsRiskwareUntreated = $LinkMoreDetails #ProdStateTasksMalfunction = $LinkSupport [s_ProductLinkClick2] #ProdStateKeyWaitActivation = window("LicenseManager") #ProdStateThreatsMalwareUntreated #ProdStateThreatsRiskwareUntreated = window("MainThreats:Threats:Active") #ProdStateTasksMalfunction = url(env("SupportLink")) [s_ProdStateSeverity] #ProdStateKeyBlocked #ProdStateKeyInvalid #ProdStateKeyLimited #ProdStateKeyTrialExpired #ProdStateKeyExpired #ProdStateKeySuspended #ProdStateKeyUpdateFailed #ProdStateKeyWaitActivation #ProdStateNoKeys #ProdStateThreatsNeedReboot #ProdStateProductNotActivated #ProdStateBasesCorrupted #ProdStateBasesNotValid #ProdStateBasesNotActual #ProdStateKeyGracePeriod #ProdStateKeyAboutExpiration #ProdStateThreatsMalwareUntreated #ProdStateHighRiskTasksDisabled #ProdStateHighRiskTasksNotRunning #ProdStateProtectionNotRunning #ProdStateProtectionDisabled #ProdStateTasksMalfunction = #eProtStateCrit #ProdStateKeyTrial #ProdStateKeyWillBeExpired = #eProtStateWarn #ProdStateThreatsRiskwareUntreated #ProdStateUpdateNeedReboot #ProdStateUpdateNotAuto #ProdStateBasesOutOfDate #ProdStateTasksDisabled #ProdStateTasksNotRunning #ProdStateMyComputerNotScanned #ProdStateProductNotProtected #ProdStateProductNotAutoRun #ProdStateFirewallBlockAll = #eProtStateWarn default = #eProtStateNormal [s_NotifySeverity2ProdStateSeverity] #eNotifySeverityCritical #eNotifySeverityError = #eProtStateCrit #eNotifySeverityImportant = #eProtStateWarn def = #eProtStateNormal [s_MainProtectionBannerBg] #eProtStateNormal = "MainProtectionBanner,0" #eProtStateWarn = "MainProtectionBanner,1" #eProtStateCrit = "MainProtectionBanner,2" [s_ProtectionBannerBg] #eProtStateNormal = "ProtectionBanner,0,0,0,0,0,1" #eProtStateWarn = "ProtectionBanner,2,2,2,2,2,3" #eProtStateCrit = "ProtectionBanner,4,4,4,4,4,5" [s_ProtectionBannerDetailsBtnBg_L] #eProtStateNormal = "BtnGlass26Left,0,3,4,2,4,2" #eProtStateWarn = "BtnGlass26YellowLeft,0,3,4,2,4,2" #eProtStateCrit = "BtnGlass26RedLeft,0,3,4,2,4,2" [s_ProtectionBannerDetailsBtnBg_M] #eProtStateNormal = "BtnGlass26Middle,0,3,4,2,4,2" #eProtStateWarn = "BtnGlass26YellowMiddle,0,3,4,2,4,2" #eProtStateCrit = "BtnGlass26RedMiddle,0,3,4,2,4,2" [s_ProtectionBannerDetailsBtnBg_R] #eProtStateNormal = "BtnGlass26Right,0,3,4,2,4,2" #eProtStateWarn = "BtnGlass26YellowRight,0,3,4,2,4,2" #eProtStateCrit = "BtnGlass26RedRight,0,3,4,2,4,2" [s_ProtectionSmallBannerBg] #eProtStateNormal = "ProtectionSmallBanner,0" #eProtStateWarn = "ProtectionSmallBanner,1" #eProtStateCrit = "ProtectionSmallBanner,2" [s_ProtectionSmallBannerRsBg] #eProtStateNormal = "ProtectionSmallBannerRs,0" #eProtStateWarn = "ProtectionSmallBannerRs,1" #eProtStateCrit = "ProtectionSmallBannerRs,2" [s_MainWindowProtectionLight] #eProtStateNormal = "LightGreen" + ",0,0,1,0,0,1" #eProtStateWarn = "LightYellow" + ",0,0,1,0,0,1" #eProtStateCrit = "LightRed" + ",0,0,1,0,0,1" [s_ProtectionLightSmall] #eProtStateNormal = "LightsSmall" + ",0,0,0,0,0,1" #eProtStateWarn = "LightsSmall" + ",2,2,2,2,2,3" #eProtStateCrit = "LightsSmall" + ",4,4,4,4,4,5" [s_ProtectionBannerBGFont] #eProtStateNormal = "ProtBannerNormBg" #eProtStateWarn = "ProtBannerWarnBg" #eProtStateCrit = "ProtBannerCritBg" [s_ProtectionBannerDscBGFont] #eProtStateNormal = "ProtBannerDscNormBg" #eProtStateWarn = "ProtBannerDscWarnBg" #eProtStateCrit = "ProtBannerDscCritBg" [s_ProtectionBannerSmBGFont] #eProtStateNormal = "ProtBannerSmNormBg" #eProtStateWarn = "ProtBannerSmWarnBg" #eProtStateCrit = "ProtBannerSmCritBg" [s_ProtectionBannerBtnBGFont] #eProtStateNormal = "ProtBannerBtnNormBg" #eProtStateWarn = "ProtBannerBtnWarnBg" #eProtStateCrit = "ProtBannerBtnCritBg" [s_NotifyWindowColor] #eProtStateCrit = "Red" #eProtStateWarn = "Yellow" def = "Green" [s_NotifyWindowBannerFGFont] #eProtStateNormal #eProtStateCrit = "Header1White" #eProtStateWarn = "Header1" [s_NotifyWindowBannerBGFont] #eProtStateNormal #eProtStateCrit = "Header1" #eProtStateWarn = "Header1White" [s_MainProtStatusFont] #eProtStateCrit = "MainProtStatusCrit" #eProtStateWarn = "MainProtStatusWarn" def = "MainProtStatusNormal" [s_MainProtStatusIcon] #eProtStateCrit = "error" #eProtStateWarn = "warning" def = "info" [s_ProductNewsIcon] #eNotifySeverityCritical ="error" #eNotifySeverityError ="error" #eNotifySeverityImportant ="warning" #eNotifySeverityNotImportant="info" def = "info" [s_LicenseNotificationIcon] #eLicenseNotificationSeverityNone #eLicenseNotificationSeverityCritical #eLicenseNotificationSeverityError #eLicenseNotificationSeverityInfoCritical = s_MsgBoxIcon(#m_error) #eLicenseNotificationSeverityImportant #eLicenseNotificationSeverityInfoError = s_MsgBoxIcon(#m_warning) default = s_MsgBoxIcon(#m_information) [s_DetectObjectStatusIcon] def = DetectType == #DETYPE_VULNERABILITY ? $TreatIcon_Med : s_DetectObjectStatusIcon2(@) [s_DetectObjectStatusIcon2] #OBJSTATUS_INFECTED #OBJSTATUS_SUSPICION #OBJSTATUS_ALLOWED #OBJSTATUS_UNKNOWN = $TreatIcon_Inactive #OBJSTATUS_OK #OBJSTATUS_FALSEALARM = $TreatIcon_Clean #OBJSTATUS_ADDEDBYUSER = $TreatIcon_Med #OBJSTATUS_NOTDISINFECTED = DetectDanger == #DETDANGER_HIGH ? $TreatIcon_High : $TreatIcon_Med #OBJSTATUS_DENIED #OBJSTATUS_DISINFECTED #OBJSTATUS_DELETED #OBJSTATUS_QUARANTINED = $TreatIcon_Cured #OBJSTATUS_DELETED_ON_REBOOT #OBJSTATUS_DISINFECTED_ON_REBOOT #OBJSTATUS_QUARANTINED_ON_REBOOT = $TreatIcon_CuredDelayed def = $TreatIcon_High [s_AlertNotificationSound] #DETDANGER_HIGH = Gui.EnableClassicSounds ? "infected.wav" : "infected_p.wav" #DETDANGER_MEDIUM = "1-08.wav" default = "1-06.wav" [s_ProductNotificationSound] #eProtStateCrit = Gui.EnableClassicSounds ? "infected.wav" : "infected_p.wav" #eProtStateWarn = "1-08.wav" def = "1-06.wav" [f_ProductNotificationText] ret = $IsVerdictProductStatusId ? s_ProdState($Verdict2ProductStatusId) : ($IsTaskStateEvent ? $ProductNotifyText_TaskState : s_ProductNotifyTextByTaskID(TaskID, @)) [Global] $ProductNotificationText = f_ProductNotificationText(50) $ProductNotificationTextBL = removetags($ProductNotificationText, #RemTags) $ProductNotificationTipText = f_ProductNotificationText(-1) $ProductNotificationLinkText = s_ProductNotificationLinkText(NotificationId) $ProductNotificationLink = (NotificationId==#eNotifyStatisticsReportReady ? window("MainThreats:Statistics") : \ ($IsVerdictProductStatusId ? (Data.URL ? url(Data.URL) : s_ProductLinkClick($Verdict2ProductStatusId)) : \ (Verdict == #eDELETED ? window("MainThreats:Threats:Disinfected") :\ ( Action != #evtAddAppToGr ? f_JumpToReport() : f_JumpToHipsRules() ) ))); close() $ProductNotifyText_TaskState = $TaskText + ": " + $VerdictDescrText + "." + if(DecisionReason == #eERROR, " " + $ReasonText + ".") [s_ProductNotificationLinkText] #eNotifySandboxRestricted = "" default = $IsVerdictProductStatusId ? if($Verdict2ProductStatusId != #ProdStateFirewallBlockAll && $Verdict2ProductStatusId != #ProdStateSomeSkipped, (Data.URLName ? Data.URLName : s_ProductLinkText($Verdict2ProductStatusId))) : (Action != #evtAddAppToGr ? $LinkDetails : $LinkMoreDetails) [f_JumpToReport] ret = window("MainReport:" + s_TaskID2MainWindowGroup(TaskID),p_postInit("ctl.Report.finddata(" + Timestamp + ")")) [f_JumpToHipsRules] ret = window("SystemMonitor:Programs:Running") [s_TaskID2MainWindowGroup] #eTASK_FAV #eTASK_MAV #eTASK_HTTP = "Antivirus" #eTASK_AP #eTASK_AD #eTASK_IM_CHECK #eTASK_IDS = "OnlineSecurity" #eTASK_AB #eTASK_AS #eTASK_PC = "ContentFilter" #eTASK_HIPS #eTASK_FIREWALL #eTASK_SANDBOX #eTASK_SW = "SystemWatch" #eTASK_PDM = "pdm" #eTASK_SCAN = "Scan" #eTASK_UPDATER #eTASK_ROLLBACK = "Updater" def = "Protection" [s_Profile2ProfileGroup] File_Monitoring Mail_Monitoring Web_Monitoring = "Antivirus" ids = "OnlineSecurity" AdBlocker Anti_Spam ParCtl = "ContentFilter" HipsTask Firewall pdm = "SystemWatch" def = "Protection" [s_Profile2ProfileGroup_Reports] Scan_Critical_Areas Scan_My_Computer Scan_Objects Scan_Quarantine Scan_Rootkits Scan_Startup Scan_Vulnerabilities = "Scan" Rollback Updater = "Updater" AVZ_CollectSysInfo AVZ_Scan = "AVZ_Scan" def = type == "ods" ? "Scan" : @ [s_AlertDetailsDialog] #DETYPE_VIRWARE #DETYPE_TROJWARE #DETYPE_MALWARE #DETYPE_ADWARE #DETYPE_PORNWARE #DETYPE_RISKWARE #DETYPE_XFILES #DETYPE_SOFTWARE = dialog("MalwareInfo", p_image(ObjectName), p_TaskType(TaskType)) #DETYPE_PHISHING = dialog("MalwareInfo", p_image(ObjectName), p_TaskType(TaskType)) #DETYPE_ATTACK #DETYPE_REGISTRY #DETYPE_SUSPICACTION #DETYPE_VULNERABILITY default = 0 [s_IsAlertDetail_ObjLink] #evtPrtStgAccess #evtUseBITS #evtUseDNS = 1 default = ObjectType == #eProcess ? 1 : 0 [s_AlertInfoDialogByHipsAction] #evtPrtStgAccess #evtUseBITS #evtUseDNS = dialog("HipsInfo", p_action(@)) default = 0 [s_AlertInfoDialogByPdmEventType] #PDM2_EVENT_P2P_SC_RDL #PDM2_EVENT_P2P_SCN #PDM2_EVENT_SC_MULTIPLE #PDM2_EVENT_SC_AR #PDM2_EVENT_SC_ARsrc #PDM2_EVENT_SC2STARTUP #PDM2_EVENT_TROJAN_GEN #PDM2_EVENT_SCN #PDM2_EVENT_RDR #PDM2_EVENT_HIDDEN_OBJ #PDM2_EVENT_INVADER #PDM2_EVENT_INVADER_LOADER #PDM2_EVENT_STRANGEKEY #PDM2_EVENT_SYSCHANGE #PDM2_EVENT_HIDDEN_INSTALL #PDM2_EVENT_BUFFEROVERRUN #PDM2_EVENT_DEP #PDM2_EVENT_HOSTS #PDM2_EVENT_DOWNLOADER #PDM2_EVENT_DRIVER_INS #PDM2_EVENT_HIDDEN_SEND #PDM2_EVENT_KEYLOGGER #PDM2_EVENT_IRP_TABLE_CHANGED #PDM2_EVENT_NEGATIVE_PID #PDM2_EVENT_DNS_QUERY #PDM2_EVENT_PSTORE #PDM2_EVENT_BSS_DETECT = dialog("HipsInfo", p_eventtype(@)) default = 0 [s_MalwareInfo_Hdr] antiphishing = s_AlertDialogCaption(@) default = @1 [s_Use_AlertDialog_VirWareCategory] hipstask hips_group = 0 default = 1 [s_Use_AlertInfoDialog] ;#evtUseBrowserCL ;#evtUseBrowserAPI #evtPrtStgAccess #evtUseBITS #evtUseDNS = 1 default = 0 [s_ResultActionByTaskType] oas ods avs = #ACTION_CANCEL default = #ACTION_ALLOW [s_AlertFooterLink] 1 = "Hotlink_White" 2 = 4 = "HotlinkAlert" 8 = default = "HotlinkAlert" [Global] $EventAppName = if(AppID, f_EventAppLink(compressPath(f_AppInfo(AppID).sImagePath, 40)) + if($hasNativePID," (PID: " + $AppNativePID + ")") + ": " ) $EventAppNameNS = if(AppID, f_EventAppLink($AppName)) $EventObjText = (s_NeedToCompressPathByObjectType(ObjectType) ? compressPath($ObjectText, @1) : $ObjectText) $EventShow = (($IsEventObjInfected && DecisionReason != #eDETECT_INFORMATION) || Verdict == #ePASSWORD_PROTECTED || Verdict == #eCONNECTED) [f_EventAppLink] ret = f_MakeLink(@ != $UnknownApp, "AppName onclick(f_EventAppClick())", @) [f_EventAppClick] ret = window("AppRulesEdit", p_image(f_AppInfo(AppID).sImagePath), p_appID(AppID)) [f_EventObjClick] ret = f_EventObjClickEx(c_object(ObjectID, object(ObjectID))) [f_EventObjClickEx] ret = window("AppRulesEdit", p_image(hipsGroup(@,1)), p_appID(getGroupIdByName(hipsGroup(@))) ) [f_addAppToTrusted] ret = @ ? addToExclude(ser(ObjectName), dialog("[ExclusionEdit] alias(settings)", p_new(#true)), @1) : addToTrusted(ObjectName, dialog("[TrustedAppEdit] alias(settings)")) [f_IsProdStateCritical] ret = s_ProdStateSeverity(@) == #eProtStateCrit [f_VerdictDesc] ret = s_Verdict(Verdict) + if(Verdict == #eNOT_DISINFECTED, ": " + s_DecisionReason(DecisionReason)) [f_PIDValue] ret = if(@, " (PID:" + fmt("ld", @) + ")") [f_VulnerUrl] ret = "http://www.viruslist.com/" + env("Localization") + "/advisories/" + @ [s_RegValType] 1 = "REG_SZ" 2 = "REG_EXPAND_SZ" 3 = "REG_BINARY" 4 = "REG_DWORD" 5 = "REG_MULTI_SZ" [f_regFormat] ret = "\n\n" + @ + " (" + s_RegValType(@1) + "):\n" + regFormat(@1, @2) [s_ProdStatusVisibleFilter] #ProdStateKeyInvalid = !((global.UpdateState & #eBasesCorrupted) && (global.LicInfo.InvalidReason == #ekirInconsistentUpdate)) default = 1 [f_appParenItem] ret = "" + f_ProcessName(OwnerPid) + "" [s_NeedToCompressPathByObjectType] #eFile #eDirectory #eRegKey #eProcess #eModule #eURL #eDriver = 1 def = 0 [s_MainThreats_Tab_Statistics_Filter] Month = "(Date >= " + (@1 - 60*60*24*30) + " && Date < " + @1 + ")" + @2 Week = "(Date >= " + (@1 - 60*60*24*7) + " && Date < " + @1 + ")" + @2 Yesterday = "(Date >= " + (@1 - 60*60*24) + " && Date < " + @1 + ")" + @2 Today = "(Date >= " + @1 + ")" + @2 def = "1 "+ @2 [s_AvzSecurityAnalyserWizardWelcomeMask] 0 = (wizMask = wizPagesMask("Welcome,Search,Vulnerab,Problems,Fix,Finish"); RunMode = 0; ScriptMode = 1; savesettings()) 1 = (wizMask = wizPagesMask("Welcome,Vulnerab,Problems,Fix,Finish"); RunMode = 1; ScriptMode = 2; savesettings()) 2 = (wizMask = wizPagesMask("Welcome,Search,Problems,Fix,Finish"); RunMode = 2; ScriptMode = 4; savesettings()) [f_getStateIcon] ret = @ ? (@1 ? "ok_state" : (@2 ? "error_state" : "warning_state")) : (@1 ? "ok_state_na" : (@2 ? "error_state_na" : "warning_state_na")) [f_getFilesDataStateIcon] $fm = !f_isInstalled("File_Monitoring") || s_IsStateRunning(File_Monitoring.state) $hips = !f_isInstalled("HipsTask") || s_IsStateRunning(HipsTask.state) $pdm = !f_isInstalled("pdm") || s_IsStateRunning(pdm.state) $allOk = $fm && $pdm && $hips $anyFail = #StateFailed == File_Monitoring.state || #StateFailed == HipsTask.state || #StateFailed == pdm.state ret = f_getStateIcon(@, $allOk, $anyFail) [f_getSysAppStateIcon] $mm = !f_isInstalled("Mail_Monitoring") || s_IsStateRunning(Mail_Monitoring.state) $wm = !f_isInstalled("Web_Monitoring") || s_IsStateRunning(Web_Monitoring.state) $im = !f_isInstalled("IM_Monitoring") || s_IsStateRunning(IM_Monitoring.state) $ids = !f_isInstalled("ids") || s_IsStateRunning(ids.state) $hips = !f_isInstalled("HipsTask") || s_IsStateRunning(HipsTask.state) $pdm = !f_isInstalled("pdm") || s_IsStateRunning(pdm.state) $as = !f_isInstalled("Anti_Spam") || s_IsStateRunning(Anti_Spam.state) $allOk = $mm && $wm && $im && $ids && $hips && $pdm && $as $anyFail = #StateFailed == Mail_Monitoring.state || #StateFailed == Web_Monitoring.state || #StateFailed == IM_Monitoring.state || #StateFailed == pdm.state || #StateFailed == ids.state || #StateFailed == HipsTask.state || #StateFailed == Anti_Spam.state ret = f_getStateIcon(@, $allOk, $anyFail) [f_getProtOnlinesStateIcon] $mm = !f_isInstalled("Mail_Monitoring") || s_IsStateRunning(Mail_Monitoring.state) $wm = !f_isInstalled("Web_Monitoring") || s_IsStateRunning(Web_Monitoring.state) $im = !f_isInstalled("IM_Monitoring") || s_IsStateRunning(IM_Monitoring.state) $ids = !f_isInstalled("ids") || s_IsStateRunning(ids.state) $as = !f_isInstalled("Anti_Spam") || s_IsStateRunning(Anti_Spam.state) $fw = !f_isInstalled("Firewall") || s_IsStateRunning(Firewall.state) $allOk = $mm && $wm && $im && $ids && $as && $fw && $g_antiphishAll $anyFail = #StateFailed == Mail_Monitoring.state || #StateFailed == Web_Monitoring.state || #StateFailed == IM_Monitoring.state || #StateFailed == ids.state || #StateFailed == Firewall.state || #StateFailed == Anti_Spam.state ret = f_getStateIcon(@, $allOk, $anyFail) [f_repairProduct] ret = if (msg("ProductRepairConfirmation", #m_yesno) == #m_res_yes, repair()) [f_getStateSemaphor2] ret = s_IsStateRunning(@) ? "GreenSemaphorSmall" : (@ == #StateFailed ? "RedSemaphorSmall" : "GraySemaphorSmall") [f_getStateSemaphor] ret = (ctl.hotlight ? f_getStateSemaphor2(@) + ",1" : f_getStateSemaphor2(@) + ",0") [s_getStateIcon] #green = "GreenSemaphorSmall" #gray = "GraySemaphorSmall" #red = "RedSemaphorSmall" #warn = "WarnSemaphorSmall" [f_IsStateRunning] ret = s_IsStateRunning(@) ? 1 : 0 [s_ChartBg] #eVirware = "Chart1" #eTrojware = "Chart2" #eMalware = "Chart3" #eAdware = "Chart7" #eRiskware = "Chart6" #ePhishing = "Chart4" #ePornware = "Chart8" #eXFiles = "Chart5" #eSoftware = "Chart5" #eAttack = "Chart1" #eRegistryAccess = "Chart10" #eSuspicionActivity = "Chart6" #eVulnerability = "Chart9" #eBanner = "Chart3" #eSpam = "Chart10" #eUnwantedWebContent = "Chart9" [s_ComponentKISInstalledOnly] HipsTask = 1 Firewall = 1 ids = 1 Anti_Spam = 1 AdBlocker = 1 ParCtl = 1 [f_getHelpTopic] $specialCure = nActionID == #AlertActionActiveDetect ret = $specialCure ? 8009 : f_getHelpTopic2() [f_getHelpTopic2] $uncurable = (ActionsAll & #ACTION_DISINFECT) && !(ActionsMask & #ACTION_DISINFECT) ret = $uncurable ? 8008 : f_getHelpTopic3() [f_getHelpTopic3] $netActivity = (ObjectType == #eNetwork) && (TaskType == "hipstask" || TaskType == "firewall") ret = $netActivity ? 16153 : f_getHelpTopic4() [f_getHelpTopic4] $hidden = TaskType == "pdm" && PDM2_EVENT_NEGATIVE_PID == EventType $dangerActivity = TaskType == "pdm" ret = $hidden ? 8017 : ($dangerActivity ? 8012 : s_getHelpTopic(DetectType)) [s_getHelpTopic] #DETYPE_MALWARE = 16013 #DETYPE_PHISHING = 8024 #DETYPE_REGISTRY = 8019 #DETYPE_TROJWARE #DETYPE_VIRWARE = TaskType == "httpscan" ? 8011 : (ActionsAll & #ACTION_DISINFECT ? 8010 : 8007) def = 920