Sister Carrie

CurrentVersionRunServices” />

<itementry param=“key” operator=“equalnocase” type=“ansi” value=“HKLMSoftwareMicrosoftWindows CurrentVersionRunServicesOnce” />

<itementry param=“key” operator=“equalnocase” type=“ansi” value=“HKLMSoftwareMicrosoftWindows CurrentVersionRunOnce” />

LDBX-. <itementry param=“key” operator=“equalnocase” type=“ansi” value=“HKLMSoftwareMicrosoft WindowsCurrentVersionRunOnceEx” />

<itementry param=“key” operator=“equalnocase” type=“ansi” value=“HKLMSoftwareMicrosoftWindows CurrentVersionPoliciesExplorerRun” />

<itementry param=“key” operator=“equalnocase” type=“ansi” value=“HKLMSoftwareMicrosoftWindows CurrentVersionShellServiceObjectDelayLoad” />

</ruleentry>

LDBX./

</rulegroup>

<rulegroup name=“block-run2”>

<ruleentry event=“registry” match=“all” allow=“false” notify=“true” customtext=“4004”>

<!— Windows AutoRuns Registry Values —>

<itementry param=“key” operator=“equalnocase” type=“ansi” value=“HKCUSoftwareMicrosoftWindows NTCurrentVersionWindows” />

<itementry param=“value” operator=“equalnocase” type=“ansi” value=“LDBX/0Run” />

</ruleentry>

</rulegroup>

<rulegroup name=“block-run3”>

<ruleentry event=“registry” match=“all” allow=“false” notify=“true” customtext=“4004”>

<!— Windows AutoRuns Registry Values —>

<itementry param=“key” operator=“equalnocase” type=“ansi” value=“HKCUSoftwareMicrosoftWindows NTCurrentVersionWindows” />

<itementry param=“value” LDBX01operator=“equalnocase” type=“ansi” value=“Load” />

</ruleentry>

</rulegroup>

<rulegroup name=“block-run4”>

<ruleentry event=“registry” match=“all” allow=“false” notify=“true” customtext=“4004”>

<!— Windows AutoRuns Registry Values —>

<itementry param=“key” operator=“equalnocase” type=“ansi” value=“HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon” />

LDBX12 <itementry param=“value” operator=“equalnocase” type=“ansi” value=“Userinit” />

</ruleentry>

</rulegroup>

<rulegroup name=“block-run5”>

<ruleentry event=“registry” match=“all” allow=“false” notify=“true” customtext=“4004”>

<!— Windows AutoRuns Registry Values —>

<itementry param=“key” operator=“equalnocase” type=“ansi” value=“HKLMSOFTWAREMicrosoLDBX23ft Windows NTCurrentVersionWinlogon” />

<itementry param=“value” operator=“equalnocase” type=“ansi” value=“Shell” />

</ruleentry>

</rulegroup>

<ruleset name=“rs-regd-block” allow=“true”>

<rulerefentry rulegroupref=“block-run1”/>

<rulerefentry rulegroupref=“block-run2”/>

<rulerefentry rulegroupref=“block-run3”/>

<rulerefentry rLDBX34ulegroupref=“block-run4”/>

<rulerefentry rulegroupref=“block-run5”/>

<rulerefentry rulegroupref=“block-shellex”/>

<rulerefentry rulegroupref=“block-appinit”/>

<rulerefentry rulegroupref=“blk-ie-search1”/>