20.8. THOR 10.0

20.8.1. THOR 10.0.14

Type	Description
Bugfix	Ignore filepaths of archives when scanning the contents with YARA

Type	Description
Bugfix	Fixes in exclusions and firewall indicator regex filters

Type	Description
Bugfix	Fixed obfuscated exclusion and apt presets

Type	Description
Change	ZEUS port detection regex adjusted

Type	Description
Change	More process excludes (OneDrive issue)

Type	Description
Change	Adjusted process excludes list (Windows Defender, OneDrive)

Type	Description
Change	Adjusted suspicious locations to avoid some SHIMCache false positives

Type	Description
Bugfix	Eventlog module deactivation disfunctional (--noeventlog, --quick)

Type	Description
Feature	Linux and MacOS support
Feature	Scan eventlog and logfiles with Sigma
Feature	STIX v2 in various checks and modules
Feature	Log to JSON file, send JSON via UDP/TCP
Feature	Scan templates '-t <template-file>' that holds preset command line arguments
Feature	Get license from ASGARD with '--asgard <host>'
Change	Update signatures with thor-util update
Change	Upgrade scanner with thor-util upgrade
Change	Changed programming language from Python to Golang
Change	Configure actions with command line arguments '--action-command <cmd>', '--action-args <argN>' and '--action-level <level>'
Change	Encrypt (RSA) scan results with '--encrypt', use custom key (or key file) with '--pubkey <key\|file>'
Change	Removed obsolete 'thor-upgrade.exe' tool
Change	THOR doesn't require SYSINTERNALS 'autorunsc.exe' in tools directory anymore
Change	Removed obsolete fast mode '--fast'
Change	Command line arguments with multiple values can not be appended anymore, they require a key in front of each value
	Example: '-p <path1> -p <path2> ... -p <pathN>' instead of '-p <path1> <path2> ... <pathN>'
Change	Short command line arguments with more than one character were removed. E.g. '-em <days>', use '--lookback <days>' instead
Change	Removed log caching in ThorDB