kernel level proactive blocking of all system calls for rootkit threads masquerading under system threads (phide_ex);
added applications option \"Silent checksum update for digitally signed files\";
display format of version info in the tray icon tooltip;
added \"WinEvents Hooks\" list to the module \"Hooks\";
new application rule concept: application groups;
added new module: Windows Hooks;
added hidden process (rootkit) detection (eg. FU, FUTo, phide_ex etc.);
added support for Windows XP Fast User Switching;
added version info to the tray icon tooltip;
added PID to the App Activity dialog for both Parent and Child processes;
added new registry objects to the default registry rules;
Process termination protection extended to cover several new termination methods;
added tree-view in process monitor;
added new item - \"reset to default view\" to the context menu of Process Monitor and Rules list;
added tooltip window for CPU Graph;
added Basic Network Firewall (BNF) module - outbound connections only;
added installation mode in the application activity dialog - to reduce the number of pop-ups during installations.
What's new:
\"Locate\" command (Application Activity dialogs, Process Monitor and Rules tab) now uses the default system shell;
发表于 2006-11-15 07:53:33