neo23x0/raccine issues and pull requests

#135 - Create exceptions for certain applications

Issue - State: open - Opened by migmam 12 months ago - 1 comment

#134 - Fix README typos

Pull Request - State: closed - Opened by luis261 about 1 year ago - 1 comment

#133 - GUI Customization in Code

Issue - State: open - Opened by Wajahat-Ahmed-NED over 1 year ago

#132 - Install Raccine in other folder different than C:\Program Files

Issue - State: open - Opened by migmam over 1 year ago

#131 - False positive (Termius)

Issue - State: open - Opened by Permanently about 2 years ago - 1 comment

#130 - Update README.md

Pull Request - State: closed - Opened by deFr0ggy over 2 years ago

#129 - Empty Form1 is produced by RaccineSettings

Issue - State: open - Opened by pberba almost 3 years ago

#128 - Update Raccine.ADMX

Pull Request - State: closed - Opened by chris-newswanger about 3 years ago - 1 comment

#127 - GPO deploys wrong registry key

Issue - State: open - Opened by chris-newswanger about 3 years ago

#126 - Prometheus / Thanos Ransomware kills Raccine process

Issue - State: closed - Opened by certrik over 3 years ago - 1 comment

#125 - Remove duplicate condition in gen_ransomware_command_lines.yar

Pull Request - State: closed - Opened by Karneades over 3 years ago

#124 - Error installing

Issue - State: closed - Opened by adoello over 3 years ago - 2 comments

#123 - Fix misspelling on the Readme

Pull Request - State: closed - Opened by Apro123 over 3 years ago

#122 - Prevent malicious and rapid creation of new snapshots

Issue - State: open - Opened by ghost over 3 years ago

#121 - BSOD on Server 2019

Issue - State: closed - Opened by RavenfireIT over 3 years ago - 4 comments

#120 - GUI issue

Issue - State: open - Opened by jmmalcala over 3 years ago

#119 - Raccine Return code

Issue - State: closed - Opened by nobur almost 4 years ago - 2 comments

#118 - Place tray icon in HKLM, create temp folder

Pull Request - State: closed - Opened by Neo23x0 almost 4 years ago

#117 - Registry debugger entry is not removed for "net.exe" when uninstalling

Issue - State: closed - Opened by paulw-uk almost 4 years ago - 1 comment

#116 - [Request for explaination] why does it look like only the user that install the tool get restricted ?

Issue - State: open - Opened by nobur almost 4 years ago - 9 comments

#115 - altenative source server for yara files

Issue - State: open - Opened by nobur almost 4 years ago

#114 - Incorrect newline character in downloaded yara rules

Issue - State: closed - Opened by nobur almost 4 years ago - 5 comments

#113 - New rules

Pull Request - State: closed - Opened by Neo23x0 almost 4 years ago

#112 - Update README.md

Pull Request - State: closed - Opened by ruppde almost 4 years ago

#111 - Updating version number in dialog box

Pull Request - State: closed - Opened by kodeMunky almost 4 years ago

#110 - fix: build fix, github issue

Pull Request - State: closed - Opened by Neo23x0 almost 4 years ago

#109 - Refactor logging

Pull Request - State: closed - Opened by Neo23x0 almost 4 years ago

#108 - fix on win7 for GetModuleFileNameEx failing due to High integrity exp…

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago - 1 comment

#107 - add version info to raccine.exe binary

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#106 - Update test-cases.yml

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#105 - 32 bit yara and installer fixes

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago - 1 comment

#104 - Update raccine-reg-patch-uninstall.reg

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#103 - Update install-raccine.bat

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#102 - update to support compiled yara rules

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#101 - Enhanced logging in event log

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#100 - feat: yara-only matching test

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago

#99 - Fix 87 - wrong program name in comparison

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago

#98 - Add Image details to Windows Event Log

Issue - State: closed - Opened by S3COPS about 4 years ago - 2 comments

#97 - RaccineSettings.exe doesn't show the current settings

Issue - State: closed - Opened by Neo23x0 about 4 years ago - 1 comment

#96 - Hardening suggestions

Issue - State: open - Opened by JohnLaTwC about 4 years ago - 1 comment

#95 - fix possible crash

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#94 - Update RaccineCfg.cs

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#93 - Move source files to source directory

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#92 - Yara mem matching

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago

#91 - Update RaccineCfg.cs

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#90 - Update RaccineCfg.Designer.cs

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#89 - Update Program.cs

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#88 - Defender detects Raccine as a Trojan

Issue - State: open - Opened by atlantsecurity about 4 years ago - 11 comments

#87 - yara64 errors out every second after installation with VCRUNTIME140.dll missing.

Issue - State: closed - Opened by atlantsecurity about 4 years ago - 13 comments

#86 - Update frmBootstrap.cs

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago - 2 comments

#85 - Hardening Script Conflict

Issue - State: closed - Opened by co-devs about 4 years ago - 2 comments

#84 - Updater

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago

#83 - Make run_yara.bat usable on 32bit systems

Issue - State: closed - Opened by Neo23x0 about 4 years ago - 2 comments
Labels: enhancement

#82 - feat: working with new lines in cmdlines

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago

#81 - feat: good commands

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago

#80 - PowerShell Invocation Fails

Issue - State: closed - Opened by Neo23x0 about 4 years ago - 16 comments
Labels: bug

#79 - fix #76

Pull Request - State: closed - Opened by Eran-YT about 4 years ago - 9 comments

#78 - initial test - setup

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago

#77 - Unable to kill / invalid handle

Issue - State: closed - Opened by Neo23x0 about 4 years ago - 1 comment
Labels: bug

#76 - Suspended processes doesn't resume

Issue - State: closed - Opened by Neo23x0 about 4 years ago - 3 comments
Labels: bug

#75 - Debugging features

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago

#74 - YARA External Variables - FromRaccine > ParentFromRaccine

Issue - State: open - Opened by Neo23x0 about 4 years ago - 2 comments

#73 - Refactors

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#72 - YARA match line breaks missing

Issue - State: closed - Opened by Neo23x0 about 4 years ago - 2 comments

#71 - Fix bug in config

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#70 - Move from yara.exe to library version of Yara

Issue - State: open - Opened by JohnLaTwC about 4 years ago - 2 comments

#69 - Fix merge problems for yara-ext-vars

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#68 - Feature: Pass external variables into YARA matching

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago - 11 comments

#67 - Branch `yara-ext-vars` Raccine-Test issues

Issue - State: closed - Opened by Neo23x0 about 4 years ago - 2 comments

#66 - Fix memory leak and some refactors

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#65 - Coding conventions

Issue - State: open - Opened by Eran-YT about 4 years ago

#64 - Move malicious command line testing to function

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#63 - Yara rules registry override doesn't work

Issue - State: closed - Opened by Eran-YT about 4 years ago

#62 - Started creating configuration class

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#61 - Wrong YARA Dir - Can't fix

Issue - State: closed - Opened by Neo23x0 about 4 years ago - 2 comments

#60 - refactor: instead of copy, concatenate YARA rules

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago - 2 comments

#59 - Yara support now only reports the first matching rule.

Issue - State: closed - Opened by JohnLaTwC about 4 years ago - 4 comments

#58 - YARA Scan of Images and Process Memory in the Process Tree

Issue - State: open - Opened by Neo23x0 about 4 years ago
Labels: enhancement

#57 - Move test to another workflow

Issue - State: open - Opened by Neo23x0 about 4 years ago

#56 - Add more tests & Use warning level 4

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#55 - Add tests for all functions

Issue - State: open - Opened by Eran-YT about 4 years ago

#54 - Add gtest runner to github actions

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#53 - Added test project

Pull Request - State: closed - Opened by Eran-YT about 4 years ago - 10 comments

#52 - CI: add GitHub Action to build Raccine

Pull Request - State: closed - Opened by mback2k about 4 years ago - 5 comments
Labels: hacktoberfest-accepted

#51 - Refactor pid code

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#50 - Refactor integrity code and bug fix for allowlist

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#49 - Update raccine.cpp

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#48 - Rewrite YARA runner to modern C++

Pull Request - State: closed - Opened by Eran-YT about 4 years ago - 20 comments

#47 - C:\ProgramData\Raccine\Raccine_log.txt is first created with privileges of the task that triggered it

Issue - State: closed - Opened by wdormann about 4 years ago - 2 comments

#46 - Don't attempt to run yara64.exe from the current directory

Issue - State: closed - Opened by wdormann about 4 years ago - 1 comment

#45 - Update frmBootstrap.cs

Pull Request - State: closed - Opened by JohnLaTwC about 4 years ago

#44 - Empty Event Message

Issue - State: closed - Opened by Neo23x0 about 4 years ago - 3 comments

#43 - Unit Tests

Issue - State: closed - Opened by Eran-YT about 4 years ago - 1 comment

#42 - More refactors

Pull Request - State: closed - Opened by Eran-YT about 4 years ago

#41 - Changes with Raccine 1.0 BETA

Issue - State: open - Opened by Neo23x0 about 4 years ago - 10 comments

#40 - Yara matching

Pull Request - State: closed - Opened by Neo23x0 about 4 years ago

#38 - Emotet obfuscation detection ideas to consider

Issue - State: closed - Opened by Omodaka9375 about 4 years ago - 1 comment

#32 - GUI branch doesn't compile

Issue - State: closed - Opened by Eran-YT about 4 years ago - 1 comment

#15 - Too easily bypassed

Issue - State: open - Opened by ghost about 4 years ago - 3 comments

#11 - Consider Parent PID spoofing

Issue - State: open - Opened by JohnLaTwC about 4 years ago - 5 comments

GitHub / neo23x0/raccine issues and pull requests