20.5. THOR 10.3
20.5.1. THOR 10.3.1
Type |
Description |
|---|---|
Bugfix |
Files mentioned in Archivescan do not show up in CSV export |
20.5.2. THOR 10.3.0
Type |
Description |
|---|---|
Feature |
Iterate over process handles (files, events, mutants) natively without external tools |
Feature |
Automatically set a random Scan ID that will be added to each log line |
Feature |
Log to local syslog with '--local-syslog' (Linux and macOS only) |
Feature |
SHIMCache entries will be scanned in Registry Hive files, too |
Feature |
Do not skip registry paths with low relevance by using '--fullregistry' or '--intense' |
Feature |
New license type 'Silent' for rollout / deployment testing |
Feature |
Cross-platform filename IOCs in '--fsonly' mode (or with flag '--cross-platform') |
Feature |
New exclude configurations 'registry-excludes.cfg' and 'eventlog-excludes.cfg' |
Feature |
Enrich process information for event and mutant handles |
Feature |
Apply regexes on event and mutant handles |
Feature |
Added few more eventlog targets |
Feature |
New flag '--process <pid>' to scan a specific process |
Change |
Added comment to users' last logon date |
Change |
Enrich file information in process check output |
Change |
New flag '--max_file_size_intense' to set max file size for intense mode separately |
Change |
Removed flag '--buffer_size'. THOR's buffer will now be as big as '--max_file_size' |
Change |
Added YARA rules' date to match output |
Change |
Upgraded THOR Util to 1.9.8 |
Change |
Wordings in flag descriptions |
Change |
Duplicates in IOCs will be filtered automatically |
Bugfix |
'-j <hostname>' will also rewrite names of THOR's logfiles |
Bugfix |
Fixed sporadically missing start- and endtime in html report |
Bugfix |
Fixed off-by-one error for '--maxloglines' flag |
Bugfix |
Skip directory junctions when scanning remotely mounted windows ntfs partitions |
Bugfix |
Fixed interaction of relevant file extensions and some file types |