Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove too loose filter in notepad++ updater rule #305

Merged
merged 4 commits into from
Apr 19, 2019
Merged

Remove too loose filter in notepad++ updater rule #305

merged 4 commits into from
Apr 19, 2019

Conversation

Karneades
Copy link
Contributor

@Karneades Karneades commented Apr 4, 2019

We should remove such a loose filter as default filter ('*\updater\*').

Instead of removing the filter completely, we could make a more restricted filters for default Notepad++ installation paths. According to Notepad++ Install Folder folders are typically %APPDATA%\Notepad++\ or C:\Program Files\Notepad++\. But filtering for AppData may again be more dangerous than it might help.

@Neo23x0
Copy link
Collaborator

Neo23x0 commented Apr 14, 2019

The rule is useless without a filter

@Karneades
Copy link
Contributor Author

@Neo23x0 I added more restricted paths to the filter.

@Neo23x0
Copy link
Collaborator

Neo23x0 commented Apr 19, 2019

We can do this because XP with its language dependent "Documents and Settings" is not used as OS on actively used Workstation anymore. It is however still widely in use on display or production line systems but these systems typically have no Notepad++ installed.

It is still possible that FP occur on Windows 2003 Server systems and admins running Notepad++ on these. I'll add that to the false positive conditions.

@Karneades
Copy link
Contributor Author

And we could add PortableApps installations which paths widely differ for each installation to the informative field false positives too.

@Neo23x0 Neo23x0 merged commit d5fa51e into SigmaHQ:master Apr 19, 2019
@Karneades Karneades deleted the patch-3 branch April 19, 2019 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants