home *** CD-ROM | disk | FTP | other *** search
/ PC World 2004 December / PCWorld_2004-12_cd.bin / software / temacd / tiny / tf6pro-6[1].0.140.exe / Tiny Firewall Pro 6.0.msi / Sandbox.xml < prev    next >
Encoding:
Extensible Markup Language  |  2004-07-28  |  41.5 KB  |  452 lines
  1.  ■<?xml version="1.0" encoding="UTF-16" standalone="no"?>
  2. <SecDb xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="Sandbox.xsd">
  3.     <VersionInfo major="2"/>
  4.     <Module id="Sandbox"/>
  5.     <Globals>
  6.         <Property id="SBXChangeSecurityAL" type="int">1</Property>
  7.         <Property id="StartProcessAL" type="int">1</Property>
  8.         <Property id="EndProcessAL" type="int">1</Property>
  9.         <Property id="ChangeConditionAL" type="int">1</Property>
  10.         <Property id="ChangeProcConditionAL" type="int">1</Property>
  11.         <Property id="UnkAppStartDlg" type="int">1</Property>
  12.         <Property id="UnkSysAppStartDlg" type="int">0</Property>
  13.         <Property id="SafeToInjectDllGroup" type="str">SafeDlls</Property>
  14.     </Globals>
  15.     <Definitions>
  16.         <Object ot="File" id="Fixed drives">
  17.             <Item>%FixedDrives%</Item>
  18.         </Object>
  19.         <Object ot="File" id="Removable drives">
  20.             <Item>%RemovableDrives%</Item>
  21.         </Object>
  22.         <Object ot="File" id="CD-ROM files">
  23.             <Item>%CdRoms%</Item>
  24.         </Object>
  25.         <Object ot="File" id="Personal Contacts">
  26.             <Item>%UserSpecific%\Local AppData\\\Microsoft\Outlook</Item>
  27.             <Item>%UserSpecific%\AppData\\\Microsoft\Address Book</Item>
  28.         </Object>
  29.         <Object ot="File" id="System Config">
  30.             <Item>%SystemRoot%\System32\Config</Item>
  31.             <Item>%SystemRoot%\Repair</Item>
  32.         </Object>
  33.         <Object ot="File" id="Temporary Folders">
  34.             <Item>%UserSpecific%\Local Settings\\\Temp</Item>
  35.             <Item>%UserSpecific%\Local Settings\\\Temporary Internet Files</Item>
  36.         </Object>
  37.         <Object ot="Registry" id="RunKeys">
  38.             <Item>HKLM\Software\Microsoft\Windows\CurrentVersion\Run</Item>
  39.             <Item>HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce</Item>
  40.             <Item>HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx</Item>
  41.             <Item>HKCU\Software\Microsoft\Windows\CurrentVersion\Run</Item>
  42.             <Item>HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce</Item>
  43.             <Item>HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows</Item>
  44.             <Item>HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows</Item>
  45.             <Item>HKLM\Software\Microsoft\Active Setup\Installed Components</Item>
  46.         </Object>
  47.         <Object ot="Registry" id="ExtensionAssociation">
  48.             <Item>HKCR\exefile</Item>
  49.             <Item>HKCR\.exe</Item>
  50.             <Item>HKCR\comfile</Item>
  51.             <Item>HKCR\.com</Item>
  52.             <Item>HKCR\batfile</Item>
  53.             <Item>HKCR\.bat</Item>
  54.             <Item>HKCR\cmdfile</Item>
  55.             <Item>HKCR\.cmd</Item>
  56.             <Item>HKCR\vbsfile</Item>
  57.             <Item>HKCR\.vbs</Item>
  58.             <Item>HKCR\vbefile</Item>
  59.             <Item>HKCR\.vbe</Item>
  60.             <Item>HKCR\jsefile</Item>
  61.             <Item>HKCR\.jse</Item>
  62.             <Item>HKCR\wsffile</Item>
  63.             <Item>HKCR\.wsf</Item>
  64.             <Item>HKCR\wshfile</Item>
  65.             <Item>HKCR\.wsh</Item>
  66.             <Item>HKCR\scrfile</Item>
  67.             <Item>HKCR\.scr</Item>
  68.             <Item>HKCR\piffile</Item>
  69.             <Item>HKCR\.pif</Item>
  70.             <Item>HKCR\regfile</Item>
  71.             <Item>HKCR\.reg</Item>
  72.         </Object>
  73.         <Object ot="Registry" id="DebugKeys">
  74.             <Item>HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug</Item>
  75.             <Item>HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options</Item>
  76.         </Object>
  77.         <Object ot="Registry" id="PolicyKeys">
  78.             <Item>HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System</Item>
  79.             <Item>HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System</Item>
  80.         </Object>
  81.         <Object ot="Registry" id="DriverLoading">
  82.             <Item>HKLM\System\CurrentControlSet\Control\GroupOrderList</Item>
  83.             <Item>HKLM\System\CurrentControlSet\Control\ServiceGroupOrder</Item>
  84.         </Object>
  85.         <Object ot="Registry" id="IEKeys">
  86.             <Item>HKLM\Software\Microsoft\Internet Explorer\Explorer Bars</Item>
  87.             <Item>HKLM\Software\Microsoft\Internet Explorer\Search</Item>
  88.         </Object>
  89.     </Definitions>
  90.     <ExceptionList>
  91.         <AppItem app="*" activeGuardsMask="File|Registry|Spawning|Service|Device|COM|SystemPrivilege|DllLoading" priority="high"/>
  92.         <AppItem app="*" activeGuardsMask="Spawning|Device" priority="high" account="system"/>
  93.         <AppItem app_id="$TrustedSystemApps" activeGuardsMask="Spawning|Device" priority="high" account="system"/>
  94.         <AppItem app="explorer.exe" activeGuardsMask="Spawning|Device" priority="high"/>
  95.         <AppItem app="cmd.exe" activeGuardsMask="Spawning|Device" priority="high"/>
  96.         <AppItem app="userinit.exe" activeGuardsMask="Spawning|Device" priority="high" account="both"/>
  97.         <AppItem app="msiexec.exe" activeGuardsMask="Spawning|Device" priority="high" account="both"/>
  98.         <AppItem app="ikernel.exe" activeGuardsMask="Spawning|Device" priority="high" account="both"/>
  99.         <AppItem app="winword.exe" activeGuardsMask="*" priority="high"/>
  100.         <AppItem app="excel.exe" activeGuardsMask="*" priority="high"/>
  101.         <AppItem app="powerpnt.exe" activeGuardsMask="*" priority="high"/>
  102.         <AppItem app="outlook.exe" activeGuardsMask="*" priority="high"/>
  103.     </ExceptionList>
  104.     <RuleList>
  105.         <Rule id="FS1" priority="high" ot="File" obj_id="*" app_id="Trusted"/>
  106.         <Rule id="FS2" priority="low" ot="File" app="*">
  107.             <Object>%SystemRoot%\Sti_Trace.log</Object>
  108.             <AccessDesc at="*" ar="Allow" al="Ignore"/>
  109.         </Rule>
  110.         <Rule id="FS3" priority="low" ot="File" app="*">
  111.             <Object>%SystemRoot%\Temp</Object>
  112.             <AccessDesc at="*" ar="Allow" al="Ignore"/>
  113.         </Rule>
  114.         <Rule id="FS4" priority="low" ot="File" app="*">
  115.             <Object>%DirOnKeyEnumValue%\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache</Object>
  116.             <AccessDesc at="*" ar="Allow" al="Ignore"/>
  117.         </Rule>
  118.         <Rule id="FS5" priority="low" ot="File" app="*">
  119.             <Object>%SystemRoot%</Object>
  120.             <AccessDesc at="FileWrite" ar="AskUser" al="Monitor"/>
  121.             <AccessDesc at="FileCreate" ar="AskUser" al="Monitor"/>
  122.             <AccessDesc at="FileDelete" ar="AskUser" al="Monitor"/>
  123.         </Rule>
  124.         <Rule id="FS6" priority="low" ot="File" obj_id="Personal Contacts" app="*">
  125.             <AccessDesc at="*" ar="Prevent" al="Monitor"/>
  126.         </Rule>
  127.         <Rule id="FS7" priority="low" ot="File" obj_id="Personal Contacts" app="outlook.exe">
  128.             <AccessDesc at="*" ar="Allow" al="Ignore"/>
  129.         </Rule>
  130.         <Rule id="FS8" priority="low" ot="File" obj_id="Personal Contacts" app="msimn.exe">
  131.             <AccessDesc at="*" ar="Allow" al="Ignore"/>
  132.         </Rule>
  133.         <Rule id="FS9" priority="low" ot="File" obj_id="System Config" app="*">
  134.             <AccessDesc at="*" ar="Prevent" al="Monitor"/>
  135.         </Rule>
  136.         <Rule id="FS10" priority="low" ot="File" app="*">
  137.             <Object>%UserSpecific%\Startup</Object>
  138.             <AccessDesc at="FileWrite" ar="AskUser" al="Monitor"/>
  139.             <AccessDesc at="FileCreate" ar="AskUser" al="Monitor"/>
  140.             <AccessDesc at="FileDelete" ar="AskUser" al="Monitor"/>
  141.         </Rule>
  142.         <Rule id="FS11" priority="low" ot="File" obj_id="Temporary Folders" app="*">
  143.             <AccessDesc at="*" ar="Allow" al="Ignore"/>
  144.         </Rule>
  145.         <Rule id="FS12" priority="low" ot="File" obj_id="*" app="*"/>
  146.         <Rule id="FS13" priority="high" ot="File" app="*">
  147.             <Object>%DirOnKeyValue%\HKLM\Software\Tiny Software\Tiny Firewall\\InstallDir\\\Quarantine</Object>
  148.             <AccessDesc at="FileWrite" ar="Prevent" al="Monitor"/>
  149.             <AccessDesc at="FileDelete" ar="Prevent" al="Monitor"/>
  150.         </Rule>
  151.         <Rule id="FS14" priority="high" ot="File" obj_id="*" app_id="Tracking">
  152.             <AccessDesc at="FileWrite" ar="Allow" al="Monitor"/>
  153.             <AccessDesc at="FileCreate" ar="Allow" al="Monitor"/>
  154.             <AccessDesc at="FileDelete" ar="Allow" al="Monitor"/>
  155.         </Rule>
  156.         <Rule id="FS15" priority="high" ot="File" obj_id="*" app_id="$Tracking" account="system">
  157.             <AccessDesc at="FileWrite" ar="Allow" al="Monitor"/>
  158.             <AccessDesc at="FileCreate" ar="Allow" al="Monitor"/>
  159.             <AccessDesc at="FileDelete" ar="Allow" al="Monitor"/>
  160.         </Rule>
  161.         <Rule id="RS1" priority="high" ot="Registry" obj_id="*" app_id="Trusted"/>
  162.         <Rule id="RS2" priority="low" ot="Registry" app="*">
  163.             <Object>HKLM\System\CurrentControlSet\Control\Session Manager</Object>
  164.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  165.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  166.         </Rule>
  167.         <Rule id="RS3" priority="low" ot="Registry" app="*">
  168.             <Object>HKLM\System\CurrentControlSet\Control\WOW</Object>
  169.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  170.         </Rule>
  171.         <Rule id="RS4" priority="low" ot="Registry" app="*">
  172.             <Object>HKLM\System\CurrentControlSet\Control\hivelist</Object>
  173.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  174.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  175.         </Rule>
  176.         <Rule id="RS5" priority="low" ot="Registry" app="*">
  177.             <Object>HKLM\System\CurrentControlSet\Hardware Profiles</Object>
  178.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  179.         </Rule>
  180.         <Rule id="RS6" priority="low" ot="Registry" app="*">
  181.             <Object>HKLM\System\CurrentControlSet\Services</Object>
  182.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  183.             <AccessDesc at="KeyCreate" ar="AskUser" al="Monitor"/>
  184.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  185.         </Rule>
  186.         <Rule id="RS7" priority="low" ot="Registry" app="*">
  187.             <Object>HKLM\System</Object>
  188.             <AccessDesc at="KeyCreate" ar="Allow" al="Monitor"/>
  189.             <AccessDesc at="KeyDelete" ar="Allow" al="Monitor"/>
  190.         </Rule>
  191.         <Rule id="RS8" priority="low" ot="Registry" app="*">
  192.             <Object>HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon</Object>
  193.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  194.             <AccessDesc at="KeyCreate" ar="AskUser" al="Monitor"/>
  195.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  196.         </Rule>
  197.         <Rule id="RS9" priority="low" ot="Registry" app="*">
  198.             <Object>HKLM\Software\Microsoft\Windows NT\CurrentVersion\SvcHost</Object>
  199.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  200.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  201.         </Rule>
  202.         <Rule id="RS10" priority="low" ot="Registry" app="*">
  203.             <Object>HKLM\Software\Microsoft\Windows NT</Object>
  204.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  205.             <AccessDesc at="KeyCreate" ar="AskUser" al="Monitor"/>
  206.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  207.         </Rule>
  208.         <Rule id="RS11" priority="low" ot="Registry" app="*">
  209.             <Object>HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced</Object>
  210.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  211.         </Rule>
  212.         <Rule id="RS12" priority="low" ot="Registry" app="*">
  213.             <Object>HKLM\Software</Object>
  214.             <AccessDesc at="KeyDelete" ar="Allow" al="Monitor"/>
  215.         </Rule>
  216.         <Rule id="RS13" priority="low" ot="Registry" obj_id="IEKeys" app="*">
  217.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  218.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  219.         </Rule>
  220.         <Rule id="RS14" priority="low" ot="Registry" obj_id="RunKeys" app="*">
  221.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  222.             <AccessDesc at="KeyCreate" ar="AskUser" al="Monitor"/>
  223.             <AccessDesc at="KeyDelete" ar="Allow" al="Monitor"/>
  224.         </Rule>
  225.         <Rule id="RS15" priority="low" ot="Registry" obj_id="ExtensionAssociation" app="*">
  226.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  227.             <AccessDesc at="KeyCreate" ar="AskUser" al="Monitor"/>
  228.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  229.         </Rule>
  230.         <Rule id="RS16" priority="low" ot="Registry" obj_id="DebugKeys" app="*">
  231.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  232.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  233.         </Rule>
  234.         <Rule id="RS17" priority="low" ot="Registry" obj_id="PolicyKeys" app="*">
  235.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  236.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  237.         </Rule>
  238.         <Rule id="RS18" priority="low" ot="Registry" obj_id="DriverLoading" app="*">
  239.             <AccessDesc at="KeyWrite" ar="AskUser" al="Monitor"/>
  240.             <AccessDesc at="KeyDelete" ar="AskUser" al="Monitor"/>
  241.         </Rule>
  242.         <Rule id="RS19" priority="low" ot="Registry" obj_id="*" app="*">
  243.             <AccessDesc at="*" ar="Allow" al="Ignore"/>
  244.         </Rule>
  245.         <Rule id="RS20" priority="high" ot="Registry" obj_id="*" app_id="Tracking">
  246.             <AccessDesc at="KeyWrite" ar="Allow" al="Monitor"/>
  247.             <AccessDesc at="KeyCreate" ar="Allow" al="Monitor"/>
  248.             <AccessDesc at="KeyDelete" ar="Allow" al="Monitor"/>
  249.         </Rule>
  250.         <Rule id="RS21" priority="high" ot="Registry" obj_id="*" app_id="$Tracking" account="system">
  251.             <AccessDesc at="KeyWrite" ar="Allow" al="Monitor"/>
  252.             <AccessDesc at="KeyCreate" ar="Allow" al="Monitor"/>
  253.             <AccessDesc at="KeyDelete" ar="Allow" al="Monitor"/>
  254.         </Rule>
  255.         <Rule id="PS1" priority="low" ot="Spawning" obj_id="Trusted" app="ikernel.exe">
  256.             <AccessDesc at="SpawnProcInOwnSbx" ar="Prevent" al="Ignore"/>
  257.         </Rule>
  258.         <Rule id="PS2" priority="low" ot="Spawning" obj_id="Trusted" app="msiexec.exe">
  259.             <AccessDesc at="SpawnProcInOwnSbx" ar="Prevent" al="Ignore"/>
  260.         </Rule>
  261.         <Rule id="PS3" priority="low" ot="Spawning" obj_id="Trusted" app_id="Trusted"/>
  262.         <Rule id="PS4" priority="low" ot="Spawning" obj_id="Trusted" app="*"/>
  263.         <Rule id="PS5" priority="low" ot="Spawning" obj_id="*" app="ikernel.exe">
  264.             <AccessDesc at="SpawnProc" ar="Allow" al="Ignore"/>
  265.             <AccessDesc at="SpawnProcInOwnSbx" ar="Prevent" al="Ignore"/>
  266.         </Rule>
  267.         <Rule id="PS6" priority="low" ot="Spawning" obj_id="*" app="msiexec.exe">
  268.             <AccessDesc at="SpawnProc" ar="Allow" al="Ignore"/>
  269.             <AccessDesc at="SpawnProcInOwnSbx" ar="Prevent" al="Ignore"/>
  270.         </Rule>
  271.         <Rule id="PS7" priority="low" ot="Spawning" obj_id="*" app_id="Trusted"/>
  272.         <Rule id="PS8" priority="low" ot="Spawning" obj_id="*" app="*">
  273.             <AccessDesc at="SpawnProc" ar="AskUser" al="Monitor"/>
  274.             <AccessDesc at="SpawnProcInOwnSbx" ar="Allow" al="Monitor"/>
  275.         </Rule>
  276.         <Rule id="PS9" priority="high" ot="Spawning" obj_id="BlackList" app="*">
  277.             <AccessDesc at="SpawnProc" ar="Prevent" al="Monitor"/>
  278.         </Rule>
  279.         <Rule id="PS10" priority="high" ot="Spawning" obj_id="BlackList" app="*" account="system">
  280.             <AccessDesc at="SpawnProc" ar="Prevent" al="Monitor"/>
  281.         </Rule>
  282.         <Rule id="PS11" priority="low" ot="Spawning" obj_id="*" app_id="Tracking">
  283.             <AccessDesc at="SpawnProc" ar="Allow" al="Monitor"/>
  284.             <AccessDesc at="SpawnProcInOwnSbx" ar="Prevent" al="Monitor"/>
  285.         </Rule>
  286.         <Rule id="PS12" priority="low" ot="Spawning" obj_id="Trusted" app_id="Tracking">
  287.             <AccessDesc at="SpawnProc" ar="Allow" al="Monitor"/>
  288.             <AccessDesc at="SpawnProcInOwnSbx" ar="Prevent" al="Monitor"/>
  289.         </Rule>
  290.         <Rule id="PS13" priority="low" ot="Spawning" obj_id="*" app_id="$Tracking" account="system">
  291.             <AccessDesc at="SpawnProc" ar="Allow" al="Monitor"/>
  292.             <AccessDesc at="SpawnProcInOwnSbx" ar="Prevent" al="Monitor"/>
  293.         </Rule>
  294.         <Rule id="PS14" priority="low" ot="Spawning" obj_id="Trusted" app_id="$Tracking" account="system">
  295.             <AccessDesc at="SpawnProc" ar="Allow" al="Monitor"/>
  296.             <AccessDesc at="SpawnProcInOwnSbx" ar="Prevent" al="Monitor"/>
  297.         </Rule>
  298.         <Rule id="PS15" priority="low" ot="Spawning" app_id="Trusted">
  299.             <Object>cmd.exe</Object>
  300.         </Rule>
  301.         <Rule id="PS16" priority="low" ot="Spawning" app="*">
  302.             <Object>cmd.exe</Object>
  303.             <AccessDesc at="SpawnProc" ar="AskUser" al="Monitor"/>
  304.             <AccessDesc at="SpawnProcInOwnSbx" ar="Allow" al="Monitor"/>
  305.         </Rule>
  306.         <Rule id="SS1" priority="low" ot="Service" obj_id="*" app="*">
  307.             <AccessDesc at="ServiceRemove" ar="AskUser" al="Monitor"/>
  308.             <AccessDesc at="ServiceInstall" ar="AskUser" al="Monitor"/>
  309.             <AccessDesc at="ServiceStop" ar="AskUser" al="Monitor"/>
  310.         </Rule>
  311.         <Rule id="SS2" priority="low" ot="Service" obj_id="*" app_id="Trusted"/>
  312.         <Rule id="SS3" priority="low" ot="Service" obj_id="*" app_id="Tracking">
  313.             <AccessDesc at="*" ar="Allow" al="Monitor"/>
  314.         </Rule>
  315.         <Rule id="SS4" priority="low" ot="Service" obj_id="*" app_id="$Tracking" account="system">
  316.             <AccessDesc at="*" ar="Allow" al="Monitor"/>
  317.         </Rule>
  318.         <Rule id="CS1" priority="low" ot="COM" obj_id="*" app="*">
  319.             <AccessDesc at="COMCreateRemSrv" ar="Allow" al="Monitor"/>
  320.         </Rule>
  321.         <Rule id="CS2" priority="low" ot="COM" obj_id="*" app_id="Trusted"/>
  322.         <Rule id="CS3" priority="low" ot="COM" obj_id="*" app_id="Tracking">
  323.             <AccessDesc at="COMCreateInProc" ar="Allow" al="Monitor"/>
  324.             <AccessDesc at="COMCreateLocSrv" ar="Allow" al="Monitor"/>
  325.             <AccessDesc at="COMCreateRemSrv" ar="Allow" al="Monitor"/>
  326.         </Rule>
  327.         <Rule id="CS4" priority="low" ot="COM" obj_id="*" app_id="$Tracking" account="system">
  328.             <AccessDesc at="COMCreateInProc" ar="Allow" al="Monitor"/>
  329.             <AccessDesc at="COMCreateLocSrv" ar="Allow" al="Monitor"/>
  330.             <AccessDesc at="COMCreateRemSrv" ar="Allow" al="Monitor"/>
  331.         </Rule>
  332.         <Rule id="LS0" priority="low" ot="DllLoading" obj_id="*" app_id="Tracking">
  333.             <AccessDesc at="*" ar="Allow" al="Monitor"/>
  334.         </Rule>
  335.         <Rule id="LS1" priority="low" ot="DllLoading" obj_id="*" app_id="$Tracking" account="system">
  336.             <AccessDesc at="*" ar="Allow" al="Monitor"/>
  337.         </Rule>
  338.         <Rule id="YS1" priority="low" ot="SystemPrivilege" obj_id="*" app="*">
  339.             <AccessDesc at="InjectCode" ar="Prevent" al="Alert"/>
  340.             <AccessDesc at="AcquireSysPriv" ar="Prevent" al="Alert"/>
  341.             <AccessDesc at="ForceProcThreadTerm" ar="Prevent" al="Alert"/>
  342.         </Rule>
  343.         <Rule id="YS2" priority="low" ot="SystemPrivilege" obj_id="*" app_id="Trusted"/>
  344.         <Rule id="YS3" priority="low" ot="SystemPrivilege" obj_id="*" app="iexplore.exe">
  345.             <AccessDesc at="InjectCode" ar="Prevent" al="Alert"/>
  346.             <AccessDesc at="AcquireSysPriv" ar="Prevent" al="Alert"/>
  347.         </Rule>
  348.         <Rule id="YS4" priority="low" ot="SystemPrivilege" obj_id="*" app_id="Tracking">
  349.             <AccessDesc at="*" ar="Allow" al="Monitor"/>
  350.         </Rule>
  351.         <Rule id="YS5" priority="low" ot="SystemPrivilege" obj_id="*" app_id="$Tracking" account="system">
  352.             <AccessDesc at="*" ar="Allow" al="Monitor"/>
  353.         </Rule>
  354.                 
  355.         <!-- Rules remaining unchanged regardless any checkbox state -->
  356.         <Rule id="DS1" priority="low" ot="Device" obj_id="*" app="*"/>
  357.         <Rule id="DS2" priority="low" ot="Device" obj_id="*" app="*" account="system"/>
  358.         
  359.         <!-- Rules need to be set for USB Drives -->
  360.         <Rule id="DS3" priority="low" ot="Device" app="*">
  361.             <Object>Disk\Link\*\usbstor*</Object>
  362.         </Rule>
  364.         <!-- Rules need to be set for FireWire Drives -->
  365.         <Rule id="DS4" priority="low" ot="Device" app="*">
  366.             <Object>Disk\Link\*\Sbp2*</Object>
  367.         </Rule>
  369.         <!-- Rules need to be set for Infrared -->
  370.         <Rule id="DS5" priority="low" ot="Device" app="*">
  371.             <Object>irda\DevN\*\</Object>
  372.         </Rule>
  373.         <Rule id="DS6" priority="low" ot="Device" app="*" account="system">
  374.             <Object>irda\DevN\*\</Object>
  375.         </Rule>
  376.         <Rule id="DS7" priority="low" ot="Device" app="*">
  377.             <Object>*\Link\Infrared\*</Object>
  378.         </Rule>
  379.         <Rule id="DS8" priority="low" ot="Device" app="*" account="system">
  380.             <Object>*\Link\Infrared\*</Object>
  381.         </Rule>
  383.         <!-- Rules need to be set for Modems -->
  384.         <Rule id="DS9" priority="low" ot="Device" app="*">
  385.             <Object>*\Link\Modem\*</Object>
  386.         </Rule>
  387.         <Rule id="DS10" priority="low" ot="Device" app="*" account="system">
  388.             <Object>*\Link\Modem\*</Object>
  389.         </Rule>
  391.         <!-- Rules need to be set for Serial/Parallel Ports -->
  392.         <Rule id="DS11" priority="low" ot="Device" app="*">
  393.             <Object>*\Link\Ports\*</Object>
  394.         </Rule>
  395.         <Rule id="DS12" priority="low" ot="Device" app="*" account="system">
  396.             <Object>*\Link\Ports\*</Object>
  397.         </Rule>
  399.         <!-- Rules need to be set for FloppyDisks -->
  400.         <Rule id="DS13" priority="low" ot="Device" app="*">
  401.             <Object>*\Link\FloppyDisk\*</Object>
  402.         </Rule>
  403.         <Rule id="DS14" priority="low" ot="Device" app="*" account="system">
  404.             <Object>*\Link\FloppyDisk\*</Object>
  405.         </Rule>
  407.         <!-- Rules need to be set for CD-ROMS/DVD-ROMS -->
  408.         <Rule id="DS15" priority="low" ot="Device" app="*">
  409.             <Object>*\Link\CDROM\*</Object>
  410.         </Rule>
  411.         <Rule id="DS16" priority="low" ot="Device" app="*" account="system">
  412.             <Object>*\Link\CDROM\*</Object>
  413.         </Rule>
  414.         
  415.         <!-- Rules remaining unchanged regardless any checkbox state (Raw Packets)-->
  416.         <Rule id="DS17" priority="low" ot="Device" app_id="Trusted">
  417.             <Object>Tcpip\DevN\*\RawIp</Object>
  418.         </Rule>
  419.         <Rule id="DS18" priority="low" ot="Device" app_id="Trusted">
  420.                     <Object>Tcpip\DevN\*\IPMULTICAST</Object>
  421.         </Rule>
  422.         <Rule id="DS19" priority="low" ot="Device" app_id="Trusted">
  423.             <Object>Tcpip\DevN\*\Ip</Object>
  424.         </Rule>
  425.         <Rule id="DS20" priority="low" ot="Device" app_id="Trusted">
  426.             <Object>Ndisuio\DevN\*\</Object>
  427.         </Rule>
  429.         <!-- Rules need to be set for TCPIP - Raw Packets -->
  430.         <Rule id="DS21" priority="low" ot="Device" app="*">
  431.             <Object>Tcpip\DevN\*\RawIp</Object>
  432.         </Rule>
  433.         <Rule id="DS22" priority="low" ot="Device" app="*">
  434.             <Object>Tcpip\DevN\*\IPMULTICAST</Object>
  435.         </Rule>
  436.         <Rule id="DS23" priority="low" ot="Device" app="*">
  437.             <Object>Tcpip\DevN\*\Ip</Object>
  438.         </Rule>
  439.         <Rule id="DS24" priority="low" ot="Device" app="*">
  440.             <Object>Ndisuio\DevN\*\</Object>
  441.         </Rule>
  443.         <!-- Rules remaining unchanged regardless any checkbox state (Dangerous Disk Device ioctls) -->
  444.         <Rule id="DS25" priority="low" ot="Device" app_id="Trusted">
  445.             <Object>DangerousIoctl\*</Object>
  446.         </Rule>
  447.         <!-- Rules need to be set for Dangerous Disk Device ioctls -->
  448.         <Rule id="DS26" priority="low" ot="Device" app="*">
  449.             <Object>DangerousIoctl\*</Object>
  450.         </Rule>
  451.     </RuleList>
  452. </SecDb>