[Script] Process Whitelist

Post your working scripts, libraries and tools
0x00
Posts: 80
Joined: 22 Jan 2019, 13:12

[Script] Process Whitelist

12 Mar 2019, 23:50

I'd like to acknowledge that there are a few other scripts like this, but are either too resource intensive to be effective &/or lacking in logically basic functionality.

All currently running processes are implicitly white-listed on first run, and by default only user mode applications will be managed, set sysModeToo := True to manage all processes.

Anytime a new (unknown) process is launched process is suspended & user's prompted to:
  • Whitelist, where application will always be allowed to run unimpeded (default selection)
    Terminate, need i say more...
    Blacklist, where application will never be allowed to run, being terminated if detected
    ...&...
    'A', to allow for current session,such that if script is restarted, application needs to be allowed again


    >The First Letter of MsgBox buttons 'W', 'T', 'B' can be used for a quick reply to prompt.
Prompt where possible provides detailed information about the executable behind the process for an informed response to prompt.
The prompt can additionally either 'Timeout' or 'Loose Focus', both of which will terminate waiting process.

Ctrl+Ins Provides Folder,then File Selection to allow you to WHITELIST/BLACKLIST contents of a folder,such as to whitelist your entire steam library or blacklist that folder that contains your malware 'samples'.

By default it can react to a new process with in no less than 75ms of execution, modify SetTimer, OnNewProc, 75 accordingly if you're on a particularly low end system & it's using up over 1% of CPU while monitoring.




EDIT: Added Path Whitelisting(MANUAL-InScript) as i don't recommend it otherwise, and Did a Bunch Of Optimizations.

Code: Select all

#NoEnv  ; Recommended for performance and compatibility with future AutoHotkey releases.
; #Warn  ; Enable warnings to assist with detecting common errors.
SetWorkingDir %A_ScriptDir%  ; Ensures a consistent starting directory.
#SingleInstance, Force
ListLines, Off
SetBatchLines, -1
Process, Priority,, High

whiteListedPaths := "C:\Program Files|C:\Program Files (x86)|A:\"		;any process in these paths will be automatically whitelisted. '|' delimited.

trayNotification := true
debug := False			;turn on to test with no files written, Whitelists & Blacklists in memory.
sysModeToo := False		;will also perform whitelisting on system processes,like windows services, by default it's userMode processes only that are managed.

If !debug{
	IfNotExist, %A_ScriptName%.WHITELIST.log	;initialise with every active process in white list on first run
		for i, v in WTSEnumerateProcessesEx(){
			whiteList .= "," v.ProcessName
			FileAppend, %whiteList%, %A_ScriptName%.WHITELIST.log
		}
	FileRead, whiteList, %A_ScriptName%.WHITELIST.log
	FileRead, blackList, %A_ScriptName%.BLACKLIST.log
}Else{
	for i, v in WTSEnumerateProcessesEx()	;whitelist every active process...
		whiteList .= "," v.ProcessName
	;Init base list with all currently active processes
	List := ""
	for i, v in WTSEnumerateProcessesEx()
		List .= v.ProcessName "|" v.ProcessID "|" v.SessionID "`n"
}

SetTimer, OnNewProc, 75
Return

OnNewProc(){
	Static
	processCount := EnumProcesses(pidlist)
	If (processCount != lastCount) || ListGetDifference(pidlist, lastPidlist, diff, "|") || diff{
		Gosub Monitor
		lastCount := processCount, lastPidlist := pidlist
	}
}

Monitor:
for i, v in WTSEnumerateProcessesEx(){
	
	thisProcess := v.ProcessName "|" v.ProcessID "|" v.SessionID "`n", thisPID := v.ProcessID, thisName := v.ProcessName
	
	If InStr(Allow4Now, v.ProcessName) && !InStr(blackList, v.ProcessName) 	;whitelist exemption for process...
		Continue
	
	If (v.SessionID = 1) || sysModeToo{	;if user mode application only - by default
		If (InStr(whiteList, v.ProcessName) AND !InStr(blackList, v.ProcessName) AND !InStr(List, thisProcess)){		;if white listed process allow this session
			List .= thisProcess
		}Else If InStr(blackList, v.ProcessName){
			If trayNotification
				TrayTip, ProcessWhiteList, % "Terminating: `n" v.ProcessName
			Process, Close, % v.ProcessID
		}Else If !InStr(List,thisProcess) && !IsInWhitelistedPath(){
			vEx := ProcessCommandLineByPID(v.ProcessID)
			,thisCommandLine := vEx.CommandLine
			,thisExecutablePath := vEx.ExecutablePath
			
			If !debug
				ProcSus(v.ProcessID)
			
			;Get Process Attributes
			thisAttrib := ""
			,Props := ["Path","Copyright","File description","File version","Language","Product name","Product version","Company", "System.OriginalFileName"]
			For k,v in Filexpro( thisExecutablePath ? thisExecutablePath : GetModuleFileNameEx(thisPID), "Program", Props* )
				thisAttrib .= v "`n`n"
			
			SoundBeep, ,50
			Gui +OwnDialogs
			SetTimer, OnWinChangeMsgBoxOff, 100	;if Notification Msgbox doesn't have focus,new process that triggered alert will be terminated.
			If trayNotification
				TrayTip, ProcessWhiteList, Press 'A' to Allow For Current Session Only!
			OnMessage(0x44, "OnMsgBox")
			MsgBox 0x40033, New Process Warning Alert!, Process Is In Suspension Awaiting Approval to Run? `n`n %thisProcess% `n %thisExecutablePath% `n`n-------------------------`n`n %thisAttrib% `n`n-------------------------`n Press 'A' to Allow For Current Session Only!, 10
			OnMessage(0x44, "")			
			
			IfMsgBox Yes, {	;whitelist
				If InStr(Allow4Now, thisName){	;Allow4Now Override
					ProcRes(thisPiD)
					Continue
				}
				List .= thisProcess
				whiteList .= "," thisName
				If trayNotification
					TrayTip, ProcessWhiteList, % "White Listed: `n" thisName
				If !debug{
					ProcRes(thisPiD)
					FileDelete, %A_ScriptName%.WHITELIST.log
					FileAppend, %whiteList%, %A_ScriptName%.WHITELIST.log
				}
			} Else IfMsgBox No, {	;terminate
				If InStr(Allow4Now, thisName){	;Allow4Now Override
					ProcRes(thisPiD)
					Continue
				}
				If trayNotification
					TrayTip, ProcessWhiteList, % "Terminating: `n" thisName
				FormatTime, DATE, R
				If !debug
					FileAppend, % DATE "	[TERMINATED]	" thisName "	<>	" thisCommandLine "`n`n",  %A_ScriptName%.TERMINATED.log
				Process, Close, % thisPiD
				Sleep 250	;to give process enough time to gracefully exit
				Process, Exist, % thisPiD
				If ErrorLevel
					RunWait % comspec " /c taskkill /f /t /pid " thisPiD,, Hide
			} Else IfMsgBox Cancel, {	;blackList
				If InStr(Allow4Now, thisName){	;Allow4Now Override
					ProcRes(thisPiD)
					Continue
				}
				Process, Close, % thisPiD
				blackList .= "," thisName
				If trayNotification
					TrayTip, ProcessBlackList, % "Black Listed & Terminating: `n" thisName
				If !debug{
					FileDelete, %A_ScriptName%.BLACKLIST.log
					FileAppend, %blackList%, %A_ScriptName%.BLACKLIST.log
				}
			} Else IfMsgBox Timeout , {	;terminate
				If trayNotification
					TrayTip, ProcessWhiteList, % "Terminating: `n" thisName
				FormatTime, DATE, R
				If !debug
					FileAppend, % DATE "	[TimeOut-Terminated]	" thisName "	<>	" thisCommandLine "`n`n",  %A_ScriptName%.TERMINATED.log
				Process, Close, % thisPID
				Sleep 250	;to give process enough time to gracefully exit
				Process, Exist, % thisPiD
				If ErrorLevel
					RunWait % comspec " /c taskkill /f /t /pid " thisPID,, Hide
			}
		}
	}
}
Return

IsInWhitelistedPath(){	;returns true & whitelists process so as not to evaluate the same process more than once...
	Global
	Local thisPath
	thisPath := ProcessCommandLineByPID(v.ProcessID).ExecutablePath
	,thisPath := thisPath ? thisPath : GetModuleFileNameEx(v.ProcessID)	;failsafe incase null is returned...
	Loop, Parse, whiteListedPaths, |
		If InStr(thisPath, A_LoopField){
			; FileAppend, % "," v.ProcessName, %A_ScriptName%.WHITELIST.log
			; FileRead, whiteList, %A_ScriptName%.WHITELIST.log
			Allow4Now .=  "," thisName
			If trayNotification
				TrayTip, ProcessWhiteList, % "White Listed: `n" thisPath
			Return true
		}
}

#IfWinActive New Process Warning Alert!
a::
If trayNotification
	TrayTip, ProcessWhiteList, % "Process Whitelisted For Current Session Only: `n" thisName
Allow4Now .=  "," thisName
WinKill, New Process Warning Alert!
Return
#IfWinActive

^Ins::	;to add executables from directories in bulk from trusted locations such as to whitelist all executables in your entire steam directory.
FileSelectFolder, selFolder,,, Select Folder Wherein,`nAll Contained Executables Will Be Whitelisted!
IfEqual, selFolder,, MsgBox, 0x40010, %A_ScriptName%, No Folder Selected`, Aborting`, TryAgain!
IfEqual, selFolder,, Return
Loop, %selFolder%\*.exe,,1
 exeList .= !Instr(exeList, A_LoopFileName) ? "," A_LoopFileName : ""

FileSelectFile, selFile, s, %A_ScriptDir%\%A_ScriptName%.WHITELIST.log, Select File To Append Exe List Into`, i.e WHITELIST/BLACKLIST file, *.log
IfEqual, selFile,, MsgBox, 0x40010, %A_ScriptName%, No File Selected`, Aborting`, TryAgain!
IfEqual, selFile,, Return
FileAppend, % exeList, % selFile
Reload
Return


OnWinChangeMsgBoxOff(){
	IfWinNotActive, New Process Warning Alert!
		IfWinNotActive, ahk_class #32770 ahk_exe AutoHotkey.exe
			ControlClick, Button2, ahk_class #32770 ahk_exe AutoHotkey.exe	;No/Terminate
}

OnMsgBox() {
	DetectHiddenWindows, On
	Process, Exist
	If (WinExist("ahk_class #32770 ahk_pid " . ErrorLevel)) {
		ControlSetText Button1, &WhiteList
		ControlSetText Button2, &Terminate
		ControlSetText Button3, &BlackList
	}
}

ProcSus(PID_or_Name)
{
	If InStr(PID_or_Name, ".") {
		Process, Exist, %PID_or_Name%
		PID_or_Name := ErrorLevel
	}
	If !(h := DllCall("OpenProcess", "uInt", 0x1F0FFF, "Int", 0, "Int", PID_or_Name))
		Return -1
	DllCall("ntdll.dll\NtSuspendProcess", "Int", h), DllCall("CloseHandle", "Int", h)
}
ProcRes(PID_or_Name)
{
	If InStr(PID_or_Name, ".") {
		Process, Exist, %PID_or_Name%
		PID_or_Name := ErrorLevel
	}
	If !(h := DllCall("OpenProcess", "uInt", 0x1F0FFF, "Int", 0, "Int", PID_or_Name))
		Return -1
	DllCall("ntdll.dll\NtResumeProcess", "Int", h), DllCall("CloseHandle", "Int", h)
}

WTSEnumerateProcessesEx()
{
	static hWTSAPI := DllCall("LoadLibrary", "str", "wtsapi32.dll", "ptr")
	
	if !(DllCall("wtsapi32\WTSEnumerateProcessesEx", "ptr", 0, "uint*", 0, "uint", -2, "ptr*", buf, "uint*", TTL))
		throw Exception("WTSEnumerateProcessesEx failed", -1)
	addr := buf, WTS_PROCESS_INFO := []
	loop % TTL
	{
		WTS_PROCESS_INFO[A_Index, "SessionID"]   := NumGet(addr+0, "uint")
		WTS_PROCESS_INFO[A_Index, "ProcessID"]   := NumGet(addr+4, "uint")
		WTS_PROCESS_INFO[A_Index, "ProcessName"] := StrGet(NumGet(addr+8, "ptr"))
		WTS_PROCESS_INFO[A_Index, "UserSID"]     := NumGet(addr+8+A_PtrSize, "ptr")
		addr += 8 + (A_PtrSize * 2)
	}
	if !(DllCall("wtsapi32\WTSFreeMemoryEx", "int", 0, "ptr", buf, "uint", TTL))
		throw Exception("WTSFreeMemoryEx failed", -1)
	return WTS_PROCESS_INFO
}

ProcessCommandLineByPID(PID){
	for process in ComObjGet("winmgmts:").ExecQuery("Select * from Win32_Process where ProcessId=" . PID)
		Return {Name:process.Name, CommandLine:process.CommandLine, ExecutablePath:process.ExecutablePath, SessionID:process.SessionId,ParentProcessId:process.ParentProcessId}
}


GetModuleFileNameEx( p_pid ) ; by shimanov -  www.autohotkey.com/forum/viewtopic.php?t=9000
{
	h_process := DllCall( "OpenProcess", "uint", 0x10|0x400, "int", false, "uint", p_pid )
	
	if ( ErrorLevel or h_process = 0 )
		return
	
	name_size := 255
	,VarSetCapacity( name, name_size )
	,result := DllCall( "psapi.dll\GetModuleFileNameExW", "uint", h_process, "uint", 0, "str", name, "uint", name_size )
	,DllCall( "CloseHandle", h_process )
	
	Return name
}


EnumProcesses(byref Var) {		;SKAN
	IfEqual, A_OSType, WIN32_WINDOWS, Return 0
		List_Sz := VarSetCapacity(Pid_List, 4000)
	Res := DllCall("psapi.dll\EnumProcesses", UInt,&Pid_List
	, Int,List_Sz, "UInt *",PID_List_Actual)
	IfLessOrEqual,Res,0, Return, Res
		_a := &PID_List
	Var :=
	Loop, % (PID_List_Actual//4) {
		Var := Var "|" (*(_a)+(*(_a+1)<<8)+(*(_a+2)<<16)+(*(_a+3)<<24))
		_a += 4
	}
	StringTrimLeft, Var, Var, 1
	Return, (PID_List_Actual//4)
}


;evaluates the number of occurrences in one but not the other to get difference instead of checking using InStr().
ListGetDifference(ByRef a,ByRef b,ByRef diff,delim:="`n"){	;returns difference between lists using same delims as original lists
	diff := ""
	Loop, parse, a, %delim%
		diff .= ( StringCharCount(a,A_LoopField) <> StringCharCount(b,A_LoopField) AND !InStr(diff, A_LoopField) ? A_LoopField . delim : "" )
	Loop, parse, b, %delim%
		diff .= ( StringCharCount(a,A_LoopField) <> StringCharCount(b,A_LoopField) AND !InStr(diff, A_LoopField) ? A_LoopField . delim : "" )
}

;Returns the number of ooccurrences of a character in a string
StringCharCount(string, char){
	StringReplace, string, string, %char%, %char%, UseErrorLevel
	Return ErrorLevel
}






Filexpro( sFile := "", Kind := "", P* ) {           ; v.90 By SKAN on D1CC @ goo.gl/jyXFo9
	Local
	Static xDetails
	
	If ( sFile = "" )
	{                                                           ;   Deinit static variable
		xDetails := ""
		Return
	}
	
	fex := {}, _FileExt := ""
	
	Loop, Files, % RTrim(sfile,"\*/."), DF
	{
		If not FileExist( sFile:=A_LoopFileLongPath )
		{
			Return
		}
		
		SplitPath, sFile, _FileExt, _Dir, _Ext, _File, _Drv
		
		If ( p[p.length()] = "xInfo" )                          ;  Last parameter is xInfo
		{
			p.Pop()                                           ;         Delete parameter
			fex.SetCapacity(11)                               ; Make room for Extra info
			fex["_Attrib"]    := A_LoopFileAttrib
			fex["_Dir"]       := _Dir
			fex["_Drv"]       := _Drv
			fex["_Ext"]       := _Ext
			fex["_File"]      := _File
			fex["_File.Ext"]  := _FileExt
			fex["_FilePath"]  := sFile
			fex["_FileSize"]  := A_LoopFileSize
			fex["_FileTimeA"] := A_LoopFileTimeAccessed
			fex["_FileTimeC"] := A_LoopFileTimeCreated
			fex["_FileTimeM"] := A_LoopFileTimeModified
		}
		Break
	}
	
	If Not ( _FileExt )                                   ;    Filepath not resolved
	{
		Return
	}
	
	
	objShl := ComObjCreate("Shell.Application")
	objDir := objShl.NameSpace(_Dir)
	objItm := objDir.ParseName(_FileExt)
	
	If ( VarSetCapacity(xDetails) = 0 )                           ;     Init static variable
	{
		i:=-1,  xDetails:={},  xDetails.SetCapacity(309)
		
		While ( i++ < 309 )
		{
			xDetails[ objDir.GetDetailsOf(0,i) ] := i
		}
		
		xDetails.Delete("")
	}
	
	If ( Kind and Kind <> objDir.GetDetailsOf(objItm,11) )        ;  File isn't desired kind
	{
		Return
	}
	
	i:=0,  nParams:=p.Count(),  fex.SetCapacity(nParams + 11)
	
	While ( i++ < nParams )
	{
		Prop := p[i]
		
		If ( (Dot:=InStr(Prop,".")) and (Prop:=(Dot=1 ? "System":"") . Prop) )
		{
			fex[Prop] := objItm.ExtendedProperty(Prop)
			Continue
		}
		
		If ( PropNum := xDetails[Prop] ) > -1
		{
			fex[Prop] := ObjDir.GetDetailsOf(objItm,PropNum)
			Continue
		}
	}
	
	fex.SetCapacity(-1)
	Return fex
	
} ;- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Last edited by 0x00 on 22 Mar 2019, 09:29, edited 6 times in total.
WOlfen
Posts: 15
Joined: 14 Jan 2018, 16:48

Re: [Script] Process Whitelist

16 Mar 2019, 12:14

Hello.
I didn´t tried your script out yet, but from what i´m reading this is actually a Tool which can for example stop unwanted Processes?
If this is true, this would be great. I was searching long for a thing like this, but couldn´t know how i would start in the first place.
I have one question about it tho. Could you maybe rework it or how i can i do it that the Script won´t asks for every Process if it should be White/Blacklisted, and instead you just manually type in the Process you want to have Blacklisted? So it would never asks in the first place?
I want this cause in my case for example, i have too much Programs, in which case it could be a much better experience just by typing your wished processes into a list instead of constantly asking you for every single Process (which are over 800 for me).
User avatar
SpeedMaster
Posts: 354
Joined: 12 Nov 2016, 16:09

Re: [Script] Process Whitelist

17 Mar 2019, 06:28

Thanks for this great script. I tested it on win7 and it works well. :thumbup:
WOlfen wrote:
16 Mar 2019, 12:14
I didn´t tried your script out yet, but from what i´m reading this is actually a Tool which can for example stop unwanted Processes?
That's exactly what it is. :)
WOlfen wrote:
16 Mar 2019, 12:14
Could you maybe rework it or how i can i do it that the Script won´t asks for every Process if it should be White/Blacklisted, and instead you just manually type in the Process you want to have Blacklisted?
The script creates 3 files in the working folder (ScriptName.BLACKLIST.log, ...WHITELIST.log and ....TERMINATED.log)
You can edit them directly with notepad but you have to reload the script for the changes to take effect ;)
WOlfen
Posts: 15
Joined: 14 Jan 2018, 16:48

Re: [Script] Process Whitelist

17 Mar 2019, 07:10

I should rewrite my question.
So today i had time to test this. This is a great Script which i was needed. Thank you for that.
But i have to still ask about some things. Forget the previous post from me please.

1. It´s cool that it looks for all Processes you open, but for me, i have over 800 Programs/Games, which means the list will got really big at some point, and i don´t believe this Script will still run so light when it must looks at the Whitelist/Blacklist with 800 entrys all the time.
So, could you maybe add a additional feature to it as an option? Disabling Whitelist and let the Script only look for the Blacklist. So you don´t have to whitelist all the procceses you like, instead the Script only looks for blacklisted Processes and kills them when they show up.
This way, the list get´s not overflood from the many Processes it will become at one point.
This should also greatly enhance the resources the Script needs, cause it only needs to look on 1 list and not 2.

2. How can i disable the notifications? Are there coming from Windows itself or the Script?

3. I still don´t understand what Terminating means in the end. It closes a Process, i understand that. So i did that for an Process as a test, the script closed it, it then creates a Terminate Log also, which i don´t know for what reason this is.
User avatar
Cerberus
Posts: 138
Joined: 12 Jan 2016, 15:46

Re: [Script] Process Whitelist

17 Mar 2019, 21:16

Very interesting—bookmarked!

It might also be interesting to add some explanation of how fast the script will intercept processes to suspend them, and/or how it works.
0x00
Posts: 80
Joined: 22 Jan 2019, 13:12

Re: [Script] Process Whitelist

17 Mar 2019, 23:02

SpeedMaster wrote:
17 Mar 2019, 06:28
Thanks for this great script. I tested it on win7 and it works well. :thumbup:
Cheers, much appreciated.

WOlfen wrote:
17 Mar 2019, 07:10
1. It´s cool that it looks for all Processes you open, but for me, i have over 800 Programs/Games, which means the list will got really big at some point, and i don´t believe this Script will still run so light when it must looks at the Whitelist/Blacklist with 800 entrys all the time.
So, could you maybe add a additional feature to it as an option? Disabling Whitelist and let the Script only look for the Blacklist. So you don´t have to whitelist all the procceses you like, instead the Script only looks for blacklisted Processes and kills them when they show up.
This way, the list get´s not overflood from the many Processes it will become at one point.
This should also greatly enhance the resources the Script needs, cause it only needs to look on 1 list and not 2.
It doesn't much matter how many processes are in your LISTS, it DOES NOT check every item on the list against every active process, instead it checks every NEW process against the lists which are RESIDENT IN MEMORY,unless manually modified the lists in which case script will need to be restarted. But you won't find a performance impact by the sheer amount of processes in the lists.

And blacklisting only actually defeats the purpose of the script & will result in no greater a performance boost, I've optimized it to use less than 1% of CPU when monitoring on an Intel(R) Core(TM) i7-2630QM CPU @ 2.5GHZ.

I've added a hotkey, Ctrl+Ins which Provides Folder,then File Selection to allow you to WHITELIST/BLACKLIST contents of a folder,such as to whitelist your entire steam library or blacklist that folder that contains your malware 'samples'.
WOlfen wrote:
17 Mar 2019, 07:10
2. How can i disable the notifications? Are there coming from Windows itself or the Script?
See updated script with option to toggle Tray Notifications. set trayNotification := false, default True, as it's useful to preview the script before anyone might commit to using it.
WOlfen wrote:
17 Mar 2019, 07:10
3. I still don´t understand what Terminating means in the end. It closes a Process, i understand that. So i did that for an Process as a test, the script closed it, it then creates a Terminate Log also, which i don´t know for what reason this is.
The Terminate.log is unlike the other two files simply there to LOG terminations so that you can examine it if necessary, i suppose it was my mistake in giving them all a '.log' extension, this one is trully the only 'LOG' file, the others are functional lists.
Cerberus wrote:
17 Mar 2019, 21:16
Very interesting—bookmarked!

It might also be interesting to add some explanation of how fast the script will intercept processes to suspend them, and/or how it works.
Updated post for a brief explanation,but it reacts with in 75ms of a new process in any modern system not running at peak load.


Cheers guys. :cookie:
AHKStudent
Posts: 602
Joined: 05 May 2018, 12:23

Re: [Script] Process Whitelist

18 Mar 2019, 01:07

Cerberus wrote:
17 Mar 2019, 21:16
Very interesting—bookmarked!

It might also be interesting to add some explanation of how fast the script will intercept processes to suspend them, and/or how it works.
If you write a small script and compile and run it , it will execute before the suspend. This is a great tool overall.

Sample script

MSGBOX, How Fast
ExitApp
0x00
Posts: 80
Joined: 22 Jan 2019, 13:12

Re: [Script] Process Whitelist

18 Mar 2019, 02:14

AHKStudent wrote:
18 Mar 2019, 01:07

Code: Select all

t := A_TickCount
MsgBox % A_TickCount - t
Compiled or otherwise doesn't nearly require 75ms,hence the MsgBox.

Thanks & Hope you find it useful.
WOlfen
Posts: 15
Joined: 14 Jan 2018, 16:48

Re: [Script] Process Whitelist

18 Mar 2019, 09:48

Thanks for your answers. I tried your new Script.
For some reason i can´t get it to do anything. I launch the Script, it´s running in the background, but it doesn´t do anything now. The Previous Version of your Script did worked without any problems.
0x00
Posts: 80
Joined: 22 Jan 2019, 13:12

Re: [Script] Process Whitelist

18 Mar 2019, 23:46

WOlfen wrote:
18 Mar 2019, 09:48
Thanks for your answers. I tried your new Script.
For some reason i can´t get it to do anything. I launch the Script, it´s running in the background, but it doesn´t do anything now. The Previous Version of your Script did worked without any problems.
Quiet Baffling, i literally only added a hotkey & trayNotification booleans,so that's shouldn't happen, maybe it's was bad forum formatting, i'll post it again,and for brevity, I'll post the older version right here, let me know if the one below works & the one in the main post doesn't.

And always make sure your running the latest version of ahk. Let me know how it goes.


OLD VERSION FOR @WOlfen
--REMOVED--
Last edited by 0x00 on 19 Mar 2019, 20:05, edited 1 time in total.
WOlfen
Posts: 15
Joined: 14 Jan 2018, 16:48

Re: [Script] Process Whitelist

19 Mar 2019, 01:00

Thanks, the new one (the one from the first Post) works.
WOlfen
Posts: 15
Joined: 14 Jan 2018, 16:48

Re: [Script] Process Whitelist

22 Mar 2019, 02:01

I really like this Script and all. I use it all the time right now. You put a lot of hard work into it.
But there are some things i don´t like and it´s the way how it´s whitelisting contents of specific Folders.
So i have a Harddrive called "A:/" in which i want to whitelist everything. In the Script it does work as it should. It just searches trhough all the "A:/" Hard Drive and adds all the procceses to the Whitelist. This works, yes. But whenever i adding anything new to the Harddrive, it of course asks me again for new processes to add. Sometimes i´m not sure if the Process is even from the "A" Drive.
So, my question would the following:
Could it be possible instead of just adding all Processes of the "A" Drive, instead just type into the Whitelist the entry "A:/"? This way, the script would understand:
"Okay, the Drive A is completly whitelisted now. This means all past/future processes on this Drive are whitelisted."
0x00
Posts: 80
Joined: 22 Jan 2019, 13:12

Re: [Script] Process Whitelist

22 Mar 2019, 08:23

WOlfen wrote:
22 Mar 2019, 02:01
See Updated Script, Note however, there are some exceptional cases where windows won't be able to retrieve process paths for automatic whitelisting, in which cases you'll manually have to verify,should automatically whitelist reliably otherwise.

Path Whitelists Must Be Manually defined, as in whiteListedPaths := "C:\Program Files|C:\Program Files (x86)|A:\"

Cheers.
WOlfen
Posts: 15
Joined: 14 Jan 2018, 16:48

Re: [Script] Process Whitelist

22 Mar 2019, 09:06

Hello, i am as always really thankful that you instantly working on updating your script whenever i have a question. So i´m sorry that i must ask again.
I don´t know if this is supposed like that, but right now it it still adding all the processes i launching from the "A" Drive automaticly to the Whitelist. Is this normal? I thought it doesn´t even scanning any process that´s coming from the "A" Drive.
Also, my second question, is it still possible to add a unwanted Process from the "A" Drive to the Blacklist? But i guess this would work via manual edit into the blacklist.
0x00
Posts: 80
Joined: 22 Jan 2019, 13:12

Re: [Script] Process Whitelist

22 Mar 2019, 09:30

WOlfen wrote:
22 Mar 2019, 09:06
Hello, i am as always really thankful that you instantly working on updating your script whenever i have a question. So i´m sorry that i must ask again.
I don´t know if this is supposed like that, but right now it it still adding all the processes i launching from the "A" Drive automaticly to the Whitelist. Is this normal? I thought it doesn´t even scanning any process that´s coming from the "A" Drive.
Also, my second question, is it still possible to add a unwanted Process from the "A" Drive to the Blacklist? But i guess this would work via manual edit into the blacklist.
It's no trouble at all, i posted it for people to use after all.

Yes it DID automatically whitelist anything on whitelisted paths, because not doing so is computationally costly,i.e would have to check paths of a process repeatedly which uses wmi to retrieve process paths,as you must know the path of the process to exempt it. Now modified to use an internal whitelist which is reset on every script restart, more usable in case one decides to remove a path from a whitelist.

And yes you can still blacklist a process in a whitelisted path, as it first checks against the blacklist before checking it against the whitelist.
SOTE
Posts: 794
Joined: 15 Jun 2015, 06:21

Re: [Script] Process Whitelist

05 May 2019, 11:38

Nice!

Return to “Scripts and Functions”

Who is online

Users browsing this forum: dreyk and 60 guests