PC World 2006 November

home *** CD-ROM | disk | FTP | other *** search

/ PC World 2006 November / PCWorld_2006-11_cd.bin / zabezpeceni / avs / avs.msi / en_bb.loc < prev next >

Wrap

Windows Autorun File | 2006-09-14 | 23KB | 593 lines

;------------- proactive defense -------------- [Global] $Behavior_Monitor=Proactive Defense $OG=Office Guard errPpmNotLoaded=$Behavior_Monitor module cannot be loaded. errCalcHash=Cannot open file. RegKeyMaskWithSubfoldersWarning=A mask cannot be used simultaneously with "Include subkeys" option. Using an asterix or a question mark when this option is enabled is only appropriate if they are part of the actual key name. Did you really intend to enter a key name that contains these characters? [REG_ValueName] <empty>=(Default) default=$(@) [BB_Body] Status=Status [StatusRG] 1=$(pdm.state,SubProfileStateFont)$(pdm.state,ProfileState) 0=f(Normal_grey)disabled [Behavior_Blocking_Status] StatusBB=Application Activity Analyzer: StatusPG=Application Integrity Control: StatusRG=Registry Guard: StatusOG=Office Guard: PDMRules=Critical applications: RGRules=Registry rules: OGRules=Office rules: [Behavior_Blocking_Statistics] PDMScaned=Events checked: PDMBlocked=Blocked: OGScaned=Macros checked: [ImportantEvents_PDM_not] #PDM_STATUS_OK=successfully default=not [ImportantEvents_PDM_Action] #PDM_EVENT_INVADER =embed itself into another process #PDM_EVENT_IMG_CHANGED =load new or modified module #PDM_EVENT_APPG_ASCHILD =run process as a child of another process #PDM_EVENT_APPG_BROWSER =hidden launch of Internet browser default =perform suspicious actions [ImportantEvents_PDM] #PDM_ROLLBACK_RESULT =Rollback $(ReportInfo.nStatus,ImportantEvents_PDM_not) completed. #PDM_TERMINATE_PROCESS =Process $(ObjectName) (PID $(nPID)) $(ReportInfo.nStatus,ImportantEvents_PDM_not) terminated. #PDM_DENY_PROCESS_ACTION =Process $(ObjectName) (PID: $(nPID)): attempt to $(EventType,ImportantEvents_PDM_Action) was denied. default =PDM_EVT($(ReportInfo.nEvent)) [ImportantEvents_OG_Action] #ACTION_TERMINATE=Dangerous macro command in file $(ObjectName) has been blocked. [ImportantEvents_OG] #OBJSTATUS_ADDEDTOEXCLUDE=Exclusion rule has been created. default=$(ResultAction,ImportantEvents_OG_Action) ;------------- SettingsWindow.Behavior_Blocking ----------- [SettingsWindow.Behavior_Blocking] StartupGroup=$General BBGroup=Application Activity Analyzer PGGroup=Application Integrity Control OGGroup=Office Guard RGGroup=Registry Guard Excludes=Exclusions... [BBStartup_Group] Startup=Enable $Behavior_Monitor [BB_Group] BB_Enable=Enable Application Activity Analyzer PDM_Settings=Settings... [PG_Group] PG_Enable=Application Integrity Control PG_Settings=Settings... [OG_Group] OG_Enable=Enable Office Guard OG_Settings=Settings... [RG_Group] REG_Enable=Enable Registry Guard REG_Settings=Settings... ;------------- SettingsWindow.Behavior_Blocking.PDM_Settings ----------- [SettingsWindow.Behavior_Blocking.PDM_Settings] dlg_caption=Settings: Application Activity Analyzer Settings=Events Exceptions=Exceptions [SettingsWindow.Behavior_Blocking.PG_Settings] dlg_caption=Settings: Application Integrity Control Rules=Critical applications Shared=Trusted modules Text=Allow these common components to embed in any process: TrustSystemModules=Automatically add components signed by Microsoft Corporation to this list [PdmRulesAction] #rga_allow =Allow #rga_ask =Prompt for action #rga_block =Block #rga_terminate =Terminate #rga_alert =Alert [PdmRulesLog] 0=do not log 1=log [PdmTreatType] #PDM_SET_SUSPICION =Dangerous behaviour #PDM_SET_BROWSER =Launching Internet browser with parameters #PDM_SET_INVADER =Intrusion into process (invaders) #PDM_SET_HIDDENCHECK =Hidden processes (rootkit) #PDM_SET_SETWNDHOOK =Window hooks #PDM_SET_REGSTRANGE =Suspicious values in registry #PDM_SET_SYSCHANGE =Suspicious system activities [PdmSuspicionQuarantine] #rga_terminate =\ Quarantine: <a QuarantineOn v(#(bQuarantine)) enum(0,1)>$(bQuarantine,OnOff)</a>\n [IsActionExAlert] #rgaex_alert=1 [PdmTreatDesc] #PDM_SET_SUSPICION =$(Action,PdmSuspicionQuarantine) #PDM_SET_INVADER =$(Action,PdmSuspicionQuarantine) #PDM_SET_HIDDENCHECK =$(Action,PdmSuspicionQuarantine)Period: <a PdmRootKitPeriod v(dialog:PdmRootKitPeriod)>$(Timeout) min</a>\n [PDM_AppRules.TreatList] Name=Name Action=Action Log=Log [PDM_Settings] Rule=Action: <a Action v(#(Action)) enum($(SetType,PDM_Settings_ActionsEnum))>$(Action,PdmRulesAction)</a>\n$(SetType,PdmTreatDesc)Log: <a Log v(#(bLog)) enum(0,1)>$(bLog,OnOff)</a> [PdmRootKitPeriod] dlg_caption=Settings: Rootkit Detection Period=Please specify scan period: Min=min [PDM_AppRules] Text=Restrict execution of the following applications: Rule=Application: <a PdmAppEdit>$(Data.ImagePath,SpecifyApplication)</a>\n Execute: <a AppStart v(#(AppStart)) enum(#rga_allow,#rga_ask,#rga_block)>$(AppStart,PdmRulesAction)</a> + <a Log v(#(bLog)) enum(0,1)>$(bLog,PdmRulesLog)</a>\n Content change: <a ContentChange v(#(ContentChange)) enum(#rga_allow,#rga_ask,#rga_block)>$(ContentChange,PdmRulesAction)</a> + <a ContentChangeLog v(#(bContentChangeLog)) enum(0,1)>$(bContentChangeLog,PdmRulesLog)</a>\n Run as child: <a AppStartAsChild v(#(AppStartAsChild)) enum(#rga_allow,#rga_ask,#rga_block)>$(AppStartAsChild,PdmRulesAction)</a> + <a LogAsChild v(#(bLogAsChild)) enum(0,1)>$(bLogAsChild,PdmRulesLog)</a> Edit=Details... [PDM_AppRules.AppList] AppName=Application Execute=Execute action Content=Content modification RunAsChild=Run as child process [PDM_AppRules.Edit] dlg_caption=Edit Application Rule dlg_caption.new=Add Application Rule App=Application Action=Action Options=Options [AppGuard_App_Group] AppLabel=File name: Browse=$Browse DescLabel=Description: [AppGuard_Action_Group] ActionLabel=Action: Ask=Prompt for action AskParam=Prompt for action when run with parameters DontAsk=Do not prompt for action Block=Deny execution Notify=Display notification [AppGuard_Options_Group] Content=Content control Log=Log [PDM_Shared.DllList] Dll=Library Action=Action Path=Location TimeCreation=Created TimeModification=Modified Version=Version Vendor=Vendor Description=Description [PDM_AppDllList] dlg_caption=Settings: Application Modules [PDM_AppDllListDlg.DllList] Dll=Library Action=Action Path=Location TimeCreation=Created TimeModification=Modified Version=Version Vendor=Vendor Description=Description [PDM_AppDllListDlg.Edit] dlg_caption=Application Module Action Text=Action: [PDM_AppDllListDlg.Edit_Body.Value] Block=v(0)Block Allow=v(1)Allow ;------------- SettingsWindow.Behavior_Blocking.OG_Settings ----------- [SettingsWindow.Behavior_Blocking.OG_Settings] dlg_caption=Settings: Office Guard Settings=Dangerous macros Exceptions=Exclusions [OGSettings_Group] Info=Specify macro commands to terminate: OGActionGroup=Action [OGSettings_Group.MacrosList] Macro=Macro command MacroDesc=Description [OGAction_Group] Ask=Prompt for action Terminate=Terminate [OGMacro] default=unknown 1=Import module 2=Export module 3=Copy project items 4=Copy modules (Word MacroCopy command) 5=Microsoft Office Excel sheet copy 6=Add module 7=Delete module 8=Delete project items 9=Rename project items 10=Create event procedure 11=Add code to module 12=Insert code in module from file 13=Insert code line(s) 14=Delete code line(s) 15=Replace code line(s) 16=Delete file(s) 17=Change file attributes 18=Create directory 19=Delete directory 20=Open file with write mode 21=Disable 'save normal template' prompt 22=Disable virus protection warning 23=Shell command 24=Create ActiveX object 25=Create ActiveX object on remote server 26=Gain access to ActiveX object 27=Sending keystrokes 28=API functions calls [OGMacroDescr] default=unknown macro 1=Macro attempting to import module into project from file 2=Macro attempting to export module from project 3=Macro attempting to copy a project item from one document to another 4=Macro attempting to copy code to another macro 5=Macro attempting to copy sheet, and possibly macros attached to the sheet 6=Macro attempting to add a module to the project 7=Macro attempting to delete module 8=Macro attempting to delete a project item from the document 9=Macro attempting to rename a project item in the document 10=Macro attempting to create event 11=Macro attempting to add code 12=Macro attempting to insert code from file 13=Macro attempting to insert line(s) of code in document 14=Macro attempting to delete line(s) of code from document 15=Macro attempting to replace line(s) of code in document 16=Macro attempting to delete file(s) 17=Macro attempting to change file attributes 18=Macro attempting to create new directory 19=Macro attempting to delete directory 20=Macro attempting to open a file for writing 21=Macro attempting to disable 'save normal template' prompt 22=Macro attempting to disable virus protection warning 23=Macro attempting to execute command 24=Macro attempting to create ActiveX object 25=Macro attempting to create ActiveX object on server 26=Macro attempting to gain access to ActiveX object 27=Macro attempting to send one or more keystrokes to active window 28=Macro attempting to call API function ;------------- SettingsWindow.Behavior_Blocking.REG_Settings ----------- [SettingsWindow.Behavior_Blocking.REG_Settings] dlg_caption=Settings: Registry Guard [REGSettings_Group] Info=Registry key groups: NewRegGroup=New group [REGSettings_Group.RegList] RegGroup=Name KeysCnt=Keys RulesCnt=Rules ;------------- SettingsWindow.Behavior_Blocking.REG_Settings.Edit ----------- [SettingsWindow.Behavior_Blocking.REG_Settings.Edit] dlg_caption=Edit Group GroupName=Group name: ErrUnknown_RG_AppPath=The application name for one of the rules is undefined. ErrNoAny_RG_Apps=Invalid registry group. No application rules specified. ErrNoAny_RG_Keys=Invalid registry group. No registry keys specified for monitoring. [GroupEdit_Tab] GroupKeys=Keys GroupRules=Rules [RegRules_Descr_AppAny] *=Any default=This [RegRules_Descr_App] *= default=: <a rgAppEdit v(browse:app(Data.ImagePath,Data.Hash))>$(@,SpecifyApplication)</a> [GroupRules_Page] Add=New Rule=Restrict access to this registry key group according to the following rule:\n <a AnyImagePath v(browse:anyapp(Data.ImagePath,Data.Hash))>$(Data.ImagePath,RegRules_Descr_AppAny)</a> application$(Data.ImagePath,RegRules_Descr_App)\n Read: <a DoRead v(#(DoRead)) enum(#rga_allow,#rga_ask,#rga_block)>$(DoRead,PdmRulesAction)</a> + <a LogRead v(#(bLogRead)) enum(0,1)>$(bLogRead,PdmRulesLog)</a>\n Modify: <a DoEdit v(#(DoEdit)) enum(#rga_allow,#rga_ask,#rga_block)>$(DoEdit,PdmRulesAction)</a> + <a LogEdit v(#(bLogEdit)) enum(0,1)>$(bLogEdit,PdmRulesLog)</a>\n Delete: <a DoDelete v(#(DoDelete)) enum(#rga_allow,#rga_ask,#rga_block)>$(DoDelete,PdmRulesAction)</a> + <a LogDel v(#(bLogDel)) enum(0,1)>$(bLogDel,PdmRulesLog)</a> [GroupKeys_Page.KeysList] KeyName=Key path KeyValue=Value [RegKeysIcon] 0=i(unkobj,nonrecursive) default=i(unkobj) [GroupRules_Page.RulesList] AppClmn=Application ReadClmn=Read EditClmn=Modify DeleteClmn=Delete ;------------- SettingsWindow.Behavior_Blocking.Excludes ----------- [SettingsWindow.Behavior_Blocking.Excludes] dlg_caption=Exclusions Info=Assign file masks to be excluded from protection: ;------------- PdmCalcHash ----------- [PdmCalcHash] dlg_caption=Settings: Calculating hash ;------------- RegMakeRule ----------- [RegMakeRule] dlg_caption=Create Allow Rule ForApp=For key ForAll=For group ForIns=For this application instance only ;------------- PdmMakeRule ----------- [PdmMakeRule] dlg_caption=Add Module to Trusted List ForApp=This module only ForAll=Any module loaded by this process ;------------------ ReportWindow ------------- [Report_Body.StatisticsLeft.bb] PDMScaned=Events checked: PDMBlocked=Blocked: OGScaned=Macros checked: OGTerminated=Macros terminated: [Report_Body.ReportDetails.bb] EventsPDM=Events EventsOG=Macros EventsRG=Registry [BB_Events_Allowed] #OBJSTATUS_NOTPROCESSED=\ (by exclusions) [BB_Events] #PDM_HISTORY_PROCESSING = History processing$(ReportInfo.nError,BB_EventError) #PDM_ROLLBACK_ACTION = Rollback$(ReportInfo.nError,BB_EventError) #PDM_ROLLBACK_RESULT = Rollback completed$(ReportInfo.nStatus,=,#PDM_STATUS_OK,!,BB_Events_RollbackResult) #PDM_CREATE_HISTORY_FOLDER= History initialization #PDM_TERMINATING_PROCESS = Attempting to terminate process #PDM_TERMINATE_PROCESS = Attempting to terminate process: $(ReportInfo.nError,BB_Events_TerminateProcess) #PDM_ALLOW_PROCESS_ACTION = $(EventType,PDM_IsDetailsExist,PDMEventLog_Action,removetags) Action allowed$(ObjectStatus,BB_Events_Allowed) #PDM_DENY_PROCESS_ACTION = $(EventType,PDM_IsDetailsExist,PDMEventLog_Action,removetags) Action denied. #PDM_DETECT = $(EventType,PDM_IsDetailsExist,PDMEventLog_Action,removetags) #PDM_QUARANTINE_RESULT = Error moving to Quarantine default = UNK_EVENT($(ReportInfo.nEvent)) [BB_Events_RollbackResult] 0 = default =\ with some errors [BB_Events_TerminateProcess] 0 = success default = $(@,SystemError) [PDM_Report.EventsLog] ObjectName=Name ObjectEvent=Event ReportTime=Time [OG_Status] #ACTION_ALLOW =i(ok)allowed$(ObjectStatus,BB_Events_Allowed) #ACTION_TERMINATE =i(error)blocked default =i(warning)unknown ($(@)) [REG_DataTypes] #REG_NONE = No value type #REG_SZ = Unicode null-terminated string #REG_EXPAND_SZ = Unicode null-terminated string (with environment variable references) #REG_BINARY = Free form binary #REG_DWORD = 32-bit number #REG_DWORD_BIG_ENDIAN = 32-bit number #REG_LINK = Symbolic Link (unicode) #REG_MULTI_SZ = Multiple Unicode strings #REG_RESOURCE_LIST = Resource list in the resource map #REG_FULL_RESOURCE_DESCRIPTOR = Resource list in the hardware description #REG_RESOURCE_REQUIREMENTS_LIST = #REG_QWORD = 64-bit number [PdmRegObjectStatus] 1 = i(warning)detected default = $(ResultAction,AskAction_AllowDeny) [OG_Report.EventsLog] ObjectName=Name ObjectStatus=Status ReportTime=Time [RG_Report.EventsLog] App=Application KeyName=Key name ValueName=Value name Data=Data Type=Data type RegOpType=Operation ObjectStatus=Status ReportTime=Time [REG_OpType_New] #REG_NONE = Create default = Modify [REG_OpType] #eRegRequest_Modify = $(ValueTypeOld,REG_OpType_New) #eRegRequest_Read = Read #eRegRequest_Delete = Delete ;------------- AlertDialog.Behavior_Blocking ----------- [AlertDialog_PRM_DontCheckNames] #PDM_EVENT_REGMODIFY =Add to Trusted Applications... #PDM_EVENT_IMG_CHANGED =Add to Shared dll List... default =Add to Trusted Zone... [AlertDialog_PDM_Event] #PDM_ROLLBACK_ACTION =Process terminated by user. It is recommended to rollback the changes made to the system. #PDM_ROLLBACK_RESULT =Rollback failed. #PDM_TERMINATE_PROCESS =Process cannot be terminated: $(ReportInfo.nError,SystemError). #PDM_QUARANTINE_RESULT =Error moving to Quarantine. default =$(EventType,AlertDialog_Description_PDM) [AlertDialog_Description_PDM] #PDM_EVENT_P2P_SC_RDL =Process seems to be a network worm. #PDM_EVENT_SC_AR =Process is trying to register its copy as startup autorun object. This behaviour is typical of Trojans. #PDM_EVENT_SC_ARsrc =Process is trying to register its copy as startup autorun object. This behaviour is typical of Trojans. #PDM_EVENT_SC2STARTUP =Process is trying to register its copy as startup autorun object. This behaviour is typical of Trojans. #PDM_EVENT_SCN =Process seems to be a P2P worm. #PDM_EVENT_SC_MULTIPLE =Process seems to be a P2P worm. #PDM_EVENT_P2P_SCN =Process is trying to copy itself to network. #PDM_EVENT_RDR =Process is trying to redirect data input/output. #PDM_EVENT_REGMODIFY =Process is trying to gain $(RegOpType,REG_AlertOperation) access to $(strUserDescription,REG_AlertText). #PDM_EVENT_HIDDEN_OBJ =Hidden process (rootkit) detected. Rootkits try to ensure that malicious programs they hide are never discovered. #PDM_EVENT_INVADER =Process is trying to inject into another process. This behaviour is typical of some malicious programs. #PDM_EVENT_INVADER_LOADER =Process is trying to inject module into all processes. This behaviour is typical of some malicious programs. #PDM_EVENT_APPG =Attempt to run critical application. #PDM_EVENT_APPG_CHANGED =This application's executable file has been changed$(strUserDescription,AlertDialog_PDM_UserDescription). #PDM_EVENT_IMG_CHANGED =Attempt to load new or modified module $(NewImage.ImagePath,objfile). #PDM_EVENT_APPG_ASCHILD =Attempt to run process as a child of another process. #PDM_EVENT_APPG_BROWSER =Attempt to run browser with command line parameters. #PDM_EVENT_STRANGEKEY =Process is trying to $(RegOpType,REG_AlertOpType) value with illegal names. #PDM_EVENT_SYSCHANGE =Critical system activity suspicion detected. #PDM_EVENT_HIDDEN_INSTALL =Running hidden installation into system. #PDM_EVENT_BUFFEROVERRUN =Buffer overrun code execute detected. This behaviour is typical of some malicious programs. #PDM_EVENT_DEP =Data execute detected. This behaviour is typical of some malicious programs. default =Process is performing suspicious actions [RegOldValueText] #REG_NONE = default = \nData($(ValueTypeOld,REG_DataTypes)):\n$(ValueOld,reg_data)\n [REG_AlertText] System Startup =list of modules executed during Windows startup Internet Security =Internet security settings Internet Explorer Settings =Internet Explorer settings Internet Explorer Plugins =Internet Explorer.add-ons settings System Security =system security settings HOSTS file =path to TCP/IP routing settings System Services =list of system services default =group $(strUserDescription) [REG_DetailsText] System Startup = \ These keys control the list of modules executed during Windows startup.\n\nYou are advised to grant access to these settings only if you are sure you want to allow this program to run automatically when your computer starts. Otherwise it is better to deny access. Internet Security = \ These keys control Internet security settings.\n\nYou are advised to grant access to these settings only if you are sure you want to allow these settings to be modified. Otherwise it is better to deny access. Internet Explorer Settings = \ These keys control Internet Explorer settings.\n\nYou are advised to grant access to these settings only if you are sure you want to allow these settings to be modified. Otherwise it is better to deny access. Internet Explorer Plugins = \ These keys control Internet Explorer.add-ons settings.\n\nYou are advised to grant access to these settings only if you are sure you want to allow this module to be registered as an Internet Explorer add-on. Otherwise it is better to deny access. System Security = \ These keys control system security settings.\n\nYou are advised to grant access to these settings only if you are sure you want to allow these settings to be modified. Otherwise it is better to deny access. HOSTS file = \ These keys control the path to TCP/IP routing settings.\n\nYou are advised to deny write access to these settings, since there is no reason for any trustworthy application to change this path. System Services = \ These keys controls the list of system services.\n\nYou are advised to grant access to these settings if you want to install/uninstall a driver or system service, and to deny access in other cases. [AlertDetailsPDM_AddInfo_Text] #PDM_EVENT_REGMODIFY =Process is trying to $(RegOpType,REG_AlertOpType) value in system registry key that belongs to group $(strUserDescription).$(strUserDescription,REG_DetailsText)\n\nKey: $(strKeyName)\n\nValue: $(strValueName)\n$(ValueTypeOld,RegOldValueText)\n$(RegOpType,RegValueDataNew)($(ValueType,REG_DataTypes)):\n$(Value,reg_data) #PDM_EVENT_INVADER =Process $(ObjectName) (PID: $(nPID)) is trying to inject into process $(strDestObjectName) (PID: $(DestPID)). #PDM_EVENT_IMG_CHANGED =Attempt to load new or modified module $(NewImage.ImagePath) into process$(strUserDescription,AlertDialog_PDM_UserDescription). #PDM_EVENT_APPG_ASCHILD =Attempt to run process as a child of $(strParentObjectName) (PID: $(nParentPID)). #PDM_EVENT_APPG_BROWSER =Attempt to run browser with command line parameters: $(strUserDescription). #PDM_EVENT_INVADER_LOADER =Process is trying to inject module $(NewImage.ImagePath) into all processes. #PDM_EVENT_STRANGEKEY =Process is trying to $(RegOpType,REG_AlertOpType) value $(strValueName) with illegal names. #PDM_EVENT_SYSCHANGE =$(strUserDescription,AlertDetails_PDM_SysChange) #PDM_EVENT_HIDDEN_INSTALL =Program module $(strUserDescription) installed and $(strKeyName,!!,AlertDetails_PDM_HiddenInstall) without user interaction. This activity is similar to Trojan Downloader/Dropper. #PDM_EVENT_BUFFEROVERRUN =Buffer overrun code execute detected. #PDM_EVENT_DEP =Data execute detected. [AlertDetails_PDM_SysChange] SYSCALL_CHANGED = System entry point R3-R0 changed.\n\nOld address:\t0x$(OldAddr)\nNew address:\t0x$(NewAddr) PHYSICAL_MEMORY_ACCESS = Physical memory access. [AlertDetails_PDM_HiddenInstall] 1 = registering in registry key $(strKeyName) with value $(strValueName) default = running [AlertDetails_PDM] DllList=Modules ChildProcs=Child processes [AlertDetailsPDM_ChildProcs_List] ImagePath=Path PID=PID CommandLine=Command line ;------------- AlertDialog.Behavior_Blocking.PDM ----------- [AlertDetailsPDM_Modules] DllPath=Module: DllSize=Size: DllTimeCr=Created: DllTimeMdf=Modified: DllVersion=Version: DllVendor=Vendor: DllDescription=Description: [AlertDetailsPDM_DllList] DllPath=Module DllInUse=In use DllSize=Size DllTimeCr=Created DllTimeMdf=Modified DllVersion=Version DllVendor=Vendor DllDescription=Description ;------------- AlertDialog.Behavior_Blocking.REG ----------- [REG_AlertOpType_New] #REG_NONE = create default = modify [REG_AlertOpType] #eRegRequest_Modify = $(ValueTypeOld,REG_AlertOpType_New) #eRegRequest_Read = read #eRegRequest_Delete = delete [RegValueDataNew] #eRegRequest_Modify = New data default = Data [REG_AlertOperation] #eRegRequest_Read = read default = write