Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add internet_detector scheduled task #1178

Merged
merged 1 commit into from
Dec 12, 2024
Merged

Add internet_detector scheduled task #1178

merged 1 commit into from
Dec 12, 2024

Conversation

emtuls
Copy link
Member

@emtuls emtuls commented Nov 25, 2024
edited
Loading

This is step 1 for fixing #1174, which adds internet_detector.exe to a scheduled task so that it is always running, now that fakenet-ng has been updated to version 3.3 which allows blacklisted processes to not be displayed in the terminal interface.

Step 2 is mandiant/flare-vm#630, which is to add the modification of the DNSCache registry key to our flarevm install script so that DNS requests will display as the asking process rather than svchost.

@emtuls emtuls added the 🌀 FLARE-VM A package or feature to be used by FLARE-VM label Nov 25, 2024
@emtuls emtuls self-assigned this Nov 25, 2024
@emtuls emtuls force-pushed the add-internet-detector branch from 31572f7 to e608872 Compare November 25, 2024 02:53
@emtuls emtuls requested a review from Ana06 November 25, 2024 02:55
@emtuls emtuls force-pushed the add-internet-detector branch from e608872 to 9ec60d3 Compare November 25, 2024 03:11
@emtuls emtuls mentioned this pull request Nov 25, 2024
Merged
@emtuls emtuls force-pushed the add-internet-detector branch 2 times, most recently from cbc282d to e30705d Compare December 10, 2024 04:52
@emtuls emtuls requested a review from Ana06 December 10, 2024 05:37
@emtuls emtuls force-pushed the add-internet-detector branch from e30705d to 46db0e8 Compare December 10, 2024 16:32
Ana06
Ana06 requested changes Dec 12, 2024
View reviewed changes
Copy link
Member

@Ana06 Ana06 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@emtuls I have tested this locally, installing FLARE-VM from scratch (with a modified configuration only with hashmyfiles.vm as d). This means I am testing also the change in mandiant/flare-vm#630. But it seems it is not working as expected, the tool is still very noisy in fakenet, not being able to enable it by default:

image

Have you tested it? Can you please explain how to ensure I am not missing anything?

Ana06
Ana06 approved these changes Dec 12, 2024
View reviewed changes
Copy link
Member

@Ana06 Ana06 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After speaking with @emtuls, I can confirm that a restart fix the issue and this works as expected. Not sure if we need to force the restart. I suggest to leave it as it is and improve if it shows being an issue.

@Ana06 Ana06 merged commit 1c7565f into main Dec 12, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ana06 Ana06 Ana06 approved these changes

Assignees

@emtuls emtuls

Labels
🌀 FLARE-VM A package or feature to be used by FLARE-VM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@emtuls @Ana06