<messages type=“osfwPresentText” value=”%process_name% estAA intentando comunicarse con %target_process% mediante OLE o COM” locale=“es-ES” />
<messages type=“osfwPastText” value=”%process_name% estaba intentando comunicarse con %target_process% mediante OLE o COM” locale=“es-ES” />
<messages type=“osfwBlockedText” value=“Se ha evitado que %process_name% se comunicara con %target_process% mediante OLE o LDBXz{COM” locale=“es-ES” />
<messages type=“osfwPresentText” value=”%process_name% sta cercando di comunicare con %target_process% utilizzando OLE o COM” locale=“it-IT” />
<messages type=“osfwPastText” value=”%process_name% ha cercato di comunicare con %target_process% utilizzando OLE o COM” locale=“it-IT” />
<messages type=“osfwBlockedText” value=”A? stato impedito a %process_name% di comunicare con %target_process% utilizzando OLE LDBX{|o COM” locale=“it-IT” />
</customevent>
<!—
Rulegroups used soley to map events to customevents. We
can get rid of this if the evententry element is ever
extended to allow specification of customtext.
—>
<!— ASKING —>
<!— Malicious behavior —>
<rulegroup name=“rg-malwr-ask” customtext=“2001” ask=“true” />
LDBX|} <!— Dangerous behavior —>
<rulegroup name=“rg-memmp-ask” customtext=“3004” ask=“true” />
<rulegroup name=“rg-glbhook-ask” customtext=“3005” ask=“true” />
<rulegroup name=“rg-drvld-ask” customtext=“3006” ask=“true” />
<rulegroup name=“rg-drvcr-ask” customtext=“3007” ask=“true” />
<rulegroup name=“rg-drvmd-ask” customtext=“3008” ask=“true” />
<rulegroup name=“rg-drvdl-ask” custLDBX}~omtext=“3009” ask=“true” />
<!— Suspicious behavior —>
<rulegroup name=“rg-drvud-ask” customtext=“4002” ask=“true” />
<rulegroup name=“rg-drvct-ask” customtext=“4003” ask=“true” />
<!— Normal behavior —>
<rulegroup name=“rg-modld-ok” customtext=“5001” allow=“true” notify=“true” />
<!— Severity depends upon the target process — >
<rulegroup name=“rg-openp-askLDBX~” customtext=“6001” ask=“true” />
<rulegroup name=“rg-opent-ask” customtext=“6002” ask=“true” />
<rulegroup name=“rg-spawn-ask” customtext=“6003” ask=“true” />
<rulegroup name=“rg-start-ask” customtext=“6004” ask=“true” />
<rulegroup name=“rg-keybd-ask” customtext=“6005” ask=“true” />
<rulegroup name=“rg-mouse-ask” customtext=“6006” ask=“true” />
<rulegroup name=“rg-ddein-ask” customtext=“60LDBX?07” ask=“true” />
<rulegroup name=“rg-callb-ask” customtext=“6008” ask=“true” />
<rulegroup name=“rg-whook-ask” customtext=“6009” ask=“true” />
<rulegroup name=“rg-termp-ask” customtext=“6010” ask=“true” />
<rulegroup name=“rg-msg-ask” customtext=“6011” ask=“true” />
<rulegroup name=“rg-olecn-ask” customtext=“6012” ask=“true” />
<!— BLOCKING —>
<!— Malicious behavior LDBX??—>
<rulegroup name=“rg-malwr-blk” customtext=“2001” allow=“false” notify=“true” />
<!— Dangerous behavior — >
<rulegroup name=“rg-memmp-blk” customtext=“3004” allow=“false” notify=“true” />
<rulegroup name=“rg-glbhook-blk” customtext=“3005” allow=“false” notify=“true” />
<rulegroup name=“rg-drvld-blk” customtext=“3006” allow=“false” notify=“true” />
<rulegroup name=“rg-drvcr-blk” cusLDBX??tomtext=“3007” allow=“false” notify=“true” />
<rulegroup name=“rg-drvmd-blk” customtext=“3008” allow=“false” notify=“true” />
<rulegroup name=“rg-drvdl-blk” customtext=“3009” allow=“false” notify=“true” />
<!— Suspicious behavior —>
<rulegroup name=“rg-drvud-blk” customtext=“4002” allow=“false” notify=“true” />
<rulegroup name=“rg-drvct-blk” customtext=“4003” allow=“false” notify=“true” />
LDBX?? <rulegroup name=“rg-regall-blk” customtext=“4005” allow=“false” notify=“true” />
<!— Severity depends upon the target process —>
<rulegroup name=“rg-openp-blk” customtext=“6001” allow=“false” notify=“true” />
<rulegroup name=“rg-opent-blk” customtext=“6002” allow=“false” notify=“true” />
<rulegroup name=“rg-spawn-blk” customtext=“6003” allow=“false” notify=“true” />
