========================================================= === === === RogueKillerCMD Changelog === === === ========================================================= ------------------- - Adlice Software - ------------------- V4.9.0 02/09/2024 ================= - Updated to core 6.18.0 * Removed unneeded ACL reset * Replaced folder ACL reset by "Add World ACE" * Added IsInstalled verification in core * Now using current directory's subdir for non-installed core instances * Modular core, preparing for core optimizations * Added UCheck bitness detection algorithm * Minor fixes - Fixed infinite loop during scan - Consolidated Tech portable available features - Added "fully portable" feature, if not installed will work from a current dir's subdir V4.8.0 01/18/2024 ================= - Updated to core 6.17.2 * Error management in UCheck APIs * Fixed issue with json decoding from array * Better progress count * Fix for cloud config (proxy not applied) * Fixed potential crash in filesystem scanner * Fixed possible hang in scan worker * Minor fixes - Removed old translations (now only available in EN) V4.7.0 11/03/2023 ================= - Updated to core 6.14.0 * Truesight 3.4, fixed vulnerabilities * Truesight 3.4, fixed possible handle leak * Now avoiding killing protected processes * Minor Fixes V4.6.1 10/19/2023 ================= - Updated to core 6.13.3 * Fixed possible crashes on logging * Fixed potential crash on exiting core with a scan running * Fix for explorer path parser * Fixed performance issue in UCheck engine * Fixes for UCheck portable detection * Truesight 3.3 (fixed security issue) * Minor Fixes V4.6.0 08/30/2023 ================= - Updated to core 6.12.0 * Cloud config * Cloud scanning no increment on rescan * Minor Fixes V4.5.0 06/23/2023 ================= - Updated to core 6.11.0 * Deployed cloud config * Added cloud config for MalPE * Fixed potential crashes in DirectoryCounter * Fixed issue where files removed at reboot were not triggering user notice * Added SearchScope (Bing) search rules * Fixed issue where ACLs protected registry keys could not be read/deleted * Fixed minor issues for URL scanning * Fixed issue were Cloud mitigated detections were not showing in Diag * Minor Fixes V4.4.0 05/25/2023 ================= - Updated to core 6.10.0 * NTFS module * FileScanner fast enumeration during scan * Now showing progress during filesystem scanning * Minor Fixes V4.3.0 04/25/2023 ================= - Updated to core 6.8.0 * Now uploading unknown files using dedicated cloud API * Fixed an issue where directores with specific ACLs were not removed * Minor Fixes V4.2.2 03/22/2023 ================= - Updated to core 6.7.2 * Fixed an issue where volatile licenses were eating activations * Fixed encoding issue in installer translations * Fixed file types filtering in archives scanning * Minor Fixes - Fixed UI issue during CMD scan V4.2.1 03/06/2023 ================= - Updated to core 6.7.1 * Added client tagging on signatures check/update * Added scheduled scan type in config * Minor Fixes V4.2.0 01/26/2023 ================= - Updated to core 6.7.0 * Updated libraries (libyara) * Fixed issues on Windows XP * Fixed minor issue in Cloud scanner * Fixed multiple issues with cloud scanning * Minor Fixes V4.1.5 01/04/2023 ================= - Updated to core 6.5.8 * Fixed an issue with Curl network check * Minor Fixes V4.1.4 12/15/2022 ================= - Updated to core 6.5.7 * Fix for obtaining default browser path * Abortable scan report * Minor fixes V4.1.3 11/15/2022 ================= - Updated to core 6.5.5 * Minor fixes V4.1.2 10/13/2022 ================= - Updated to core 6.5.4 * Minor fixes V4.1.1 09/22/2022 ================= - Updated to core 6.5.2 * Fixed issue where scanning whitelisted folders' content was not honored in custom scan * Minor fixes V4.1.0 08/24/2022 ================= - Updated to core 6.5.0 * Minor fixes V4.0.3 06/13/2022 ================= - Updated to core 6.4.3 * Fixed a critical issue in signatures engine (some signatures were not working) V4.0.2 06/07/2022 ================= - Updated to core 6.4.2 * Truesight 3.1 (Win10+) - Fixed memory leaks - Fixed missing allocations tagging V4.0.1 05/04/2022 ================= - Updated to core 6.4.1 * Added CLI exclusions (-excluded-paths) * Windows 11 official support * Logs reduction * Fixed potential memory leak in zip module * Fixed issue in cloudscanner where empty batches were sent for analysis * MalPE mitigation: Unknown cloud files are no longer considered malicious * Added background scanner configs * Command scanner is now able to retrieve current process directory and use it for path resolution * Added first cloudscan config * Fixed an issue where detection was added even with a cloudscan invalidation * Fixed an issue where Windows backup history svchost was detected as DLP * Curl timeout increase * Minor fixes V4.0.0 01/26/2022 ================= - Updated to core 6.3.1 * Cloudscanner (new module, BETA) * New detection design (Pipeline, BETA) * Redesigned all command line arguments * Minor fixes * Redesigned usage command * Unified command line arguments * Removed nested arguments * Minor fixes V3.0.5 12/15/2021 ================= - Updated to core 6.1.8 * Fixed potential crash * Fixed possible crashes (log formatting) * Fixed possible crash (CLSID scanner) V3.0.4 11/03/2021 ================= - Updated to core 6.1.5 * Fixed an issue in path parser (task scheduler) * Minor fixes V3.0.3 10/11/2021 ================= - Updated to core 6.1.4 * Fixed an issue with scheduled scans not starting * Added ability to cancel scan during archive scanning * New scheduler * Added EDGE scanner * Minor fixes * New reporting * Fixed an issue when adding exclusions * Fixed a false detection on explorer / DocLock * Fixed an issue with scheduled scans not starting * Added ability to cancel scan during archive scanning V3.0.2 08/05/2021 ================= - Updated to core 6.0.11 * Fixed self folder scanning issue * Asynchronous logging * Fixed possible deadlock * Fixed possible infinite loop in config migration * certificate update * Fixed possible crashes when stopping * Quarantine delete all * Minor fixes - Fixed possible issue with information update at startup - Re-enabled thanks page opening - Deactivated Cloud Upload windows (later integrated into own worker) - Added Proxy authentication settings V3.0.1 06/15/2021 ================= - Updated to core 6.0.5 * Fixed potential crash getting username from session ID * Fixed crash issue when old config is present (Config migration) * Fixed an issue where dates are not saved properly in config file * Fixed potential crash in getting computer name * Fixed issue with Windows Updates status * Fixed issue with ucheck progress V3.0.0 05/25/2021 ================= - Updated to core 6.0.1 * Refactored using safer memory management (smart pointers) * Refactored with asynchronous initialization (faster to start) * Minor fixes - Replaced [O] (outdated), [M] (malware) and [P] (PUP/PUM) labels on results V2.14.3 03/25/2021 ================= - Updated to core 5.3.5 * Fixed potential stack overflows * Reducing Cloud.Generic FPs by ignoring some 3rd parties * Translations update * Minor fixes V2.14.2 02/15/2021 ================= - Updated to core 5.3.4 * Fixed possible hang on Zip * Fix for XP compat (CancelSynchronousIo) * Fix for disk enumeration hang * Fix for network file resolution hang V2.14.1 12/15/2020 ================= - Updated to core 5.3.1 * Fixed licensing issue with XP * Fixed issue in VTScanner on exit (submit on exit) * Fixed possible memory leak in scan items * Fixed possible memory leak in zlib module * Fixed possible memory leak in zip module * Fixed possible memory leak in COM module * Fixed possible memory leak in Event module * Fixed possible memory leak in SigCheck module * Fixed possible stack overflox in Time module * Fixed possible hang in Drives enumeration (async file opening) * Minor fixes V2.14.0 11/17/2020 ================= - Updated to core 5.3 * Fixed possible issue (small buffer) in filter com * Fixed VTScanner cache, not working in some conditions * Fixed FileMemoryScanner, archive not scanning in some conditions * Fixed DigisigScanner, suspicious CAs * Fixed multiple crashes in PE module * Fixed possible crashes (SO) in registry, path modules * Fixed possible crashes (except) in string, buffer, curl modules * Minor fixes V2.13.3 10/09/2020 ================= - Fixed an issue in -generate_portable where portable config did not have proper license info in some cases V2.13.2 10/08/2020 ================= - Updated to core 5.1.4 * Fixed potential crash in resources handler * Fixed Technician offline licensing recognition - Added -generate_portable CLI command, to create a portable configuration from Tech license - Fixed issue where PUP/PUM default action was "remove", now fully honoring -deleteall flag V2.13.1 09/15/2020 ================= - Updated to core 5.1.3 * Fixed several memory leaks * Fixed potential crash in digisig module for x86 * Fix for digisig module (check file from cert store) * Fixes for MalPE pre-filtering * Fixed crash in PE parser * Fixed crash in config Migration * Minor fixes V2.13.0 07/28/2020 ================= - Updated to core 5.0.1 * Fix for Bad.Extension on files disguised as performances * Minor fixes V2.12.0 06/16/2020 ================= - Updated to core 5.0.0 * Added more logs for Curl * Proxy validation * Trusight 3.0 (refactored with HLK validation) * Antirootkit module re-integrated (silent mode as a 1st step) * MalPE AI 0.6 * Added default printer location * Added Browser extension type for exclusions * Minor fixes V2.11.0 04/29/2020 ================= - Updated to core 4.3.3 * Fix for crash upload (limitation by dump is present) * Fixed pipe disconnect (retry logic) * Fixed pipe security * Fixed IPC cache * Added config auto-backup/restore * Fixed self-update task * Fixed crash reports upload V2.10.0 04/02/2020 ================= - Updated to core 4.3.0 * Fix for XP (libzip, openssl rebuilt) * Added scan warnings * Added filescanner warning on abnormally long folder scan * Added scan warnings JSON reporting * Size optimizations * Removed warnings * New advert payload * Added some logging * Minor fixes - Added -customscan command line arg - Added -scanoptions command line arg - Added -scanpaths command line arg - Added -listquarantine command line arg V2.9.0 03/24/2020 ================= - Updated to core 4.2.0 * Libraries update (libzip / sqlite) * New version manager (network failure proof) * Flush DNS cache on network domain resolve error * Fix for XP (libcurl rebuilt) * Fixed a possible crash in PE parser (VersionInfo) * Update to roguekillerdll 3.2.0 * Update to roguekillerupdater 3.4.0 * Fixes for early logging * Minor fixes V2.8.0 02/25/2020 ================= - Updated to core 4.1.3 * Fixed url for signatures download * Updated libraries (openssl / libssh2 / libcurl /libyara) * Fixed an issue in Path parser * Improved performances for scanning filesystem network resources V2.7.0 01/21/2020 ================= - Updated to core 4.1.0 * Fixed a possible crash in Buffer module (implicitcasts) * Fixed an issue where threat name wasn't properly parsed * Reduced API calls frequency * Fixed possible crash at exit * Updates libraries (jansson / cryptopp) V2.6.1 01/07/2020 ================= - Updated to core 4.0.5 * Fix for getting username from SYSTEM account * Fixes for scheduler engine * Fixed FP remediation for Proc.Svchost detections * Fixed exclusions when path have spaces * Fixed Bad.Extension on Zero-filled * Fixed heuristics in command-line scanner * Fix for telemetry * Fixed bad reference decrement in Yara scanner * Fixed initialization order in worker threads * Fixed ACLs removal in Debug module * Fixed potential crash in Exclusions and History Events modules * Minor fixes V2.6.0 12/17/2019 ================= - Updated to core 4.0.2 * Fixed possible crashes in logging * New telemetry data * Fixed possible crashes * MalPE model 0.5 (fast) * minor fixes V2.5.4 11/20/2019 ================= - Updated to core 3.2.17 * Fixed possible crash at scanner destroy * Minor fixes V2.5.3 11/08/2019 ================= - Updated to core 3.2.16 * Fixed possible crash when exiting during a scan * Minor fixes V2.5.2 10/24/2019 ================= - Updated to core 3.2.15 * Fixed common folders/files ACLs * Added registry setting to force debug logging * Fixed an issue where folders were not properly quarantined and removed * Added Critical flag manipulation before processes termination * Fixed an issue where exclusions were not working with shortcuts * Minor fixes V2.5.1 10/14/2019 ================= - Updated to core 3.2.13 * Fixed a possible deadlock and crash in scheduler/advert * Fixed an issue where Marketing request wasn't properly processed (notifications loop) * UCheck engine duplicates handle * Minor fixes V2.5.0 10/08/2019 ================= - Updated to core 3.2.10 * Fixed an issue where advert tasks were re-added (and cleared) on network issues * Fixed a handle leak when scanning big files * MalPE model 0.4 * Minor fixes V2.4.3 09/16/2019 ================= - Updated to core 3.2.6 * Minor fixes V2.4.2 08/20/2019 ================= - Updated to core 3.2.4 * Fixed an issue in WinTrust (part 2) * Fixed possible deadlock while enumerating processes * Fixed SearchStrings method * Signatures 20190819_114745 * Added new Scan locations * Fixed an issue with ACLs where config files may not be properly saved * Fixed portable_license CLI parameter * Fixed low privilege Shell extension registration * Fixed scheduler reload * Fixed MalPE threshhold * Fixed Wintrust scan (slow) * Added signatures package integrity check * Fixed MalPE detection name (negatives values sometimes) * Fixed issue with Bad.Extension detection V2.4.1 08/08/2019 ================= - Updated to core 3.2.1 * Fixed MalPE threshhold * Fixed Wintrust scan (slow) * Added signatures package integrity check * Fixed MalPE detection name (negatives values sometimes) * Fixed issue with Bad.Extension detection - Added Shell extension (Explorer context menu entry) - Added Shell extension setting V2.4.0 07/16/2019 ================= - Updated to core 3.2.1 * Signed files are whitelisted by default * Fixed an issue in scheduler * MalPE V2 - Added -portable_license command - Added -portable_signatures command V2.3.2 07/01/2019 ================= - Updated to core 3.1.1 * Fixed an issue where GetErrorMode API isn't present on XP * New machine ID (less prone to changes on Windows install) * Technician trial (if applicable) * Scheduler V2 V2.3.1 06/11/2019 ================= - Updated to core 3.0.11 * Fixed warning message at startup when floppy drive exists * Fixed file not closing after zip operations V2.3.0 05/22/2019 ================= - Updated to core 3.0.10 * Bug fixes - ** Warning: Now requires a Tech license to use Scan feature ** V2.2.2 04/25/2019 ================= - Updated to core 3.0.8 * Updated Signatures * Fixed crash in notifications engine * Fixed COM initialization in real time services * Fixed Scanner queue initialization * MSHTA and WScript detections * Minor Bug fixes * Fixed WebScanner mitigation * Disabled PUM.StartMenu for RogueKiller * Fixed Appdata scan duplicate * Fixed LocalAppdata scan duplicate * Added Firefox registry addons search * Fixed registry items duplicates on scan * Added ability to read encrypted signatures packages (AV detection mitigation) * Fixed a crash in ZIP module * Fixed an issue in Folder creation (preventing creating working directory when executing from non system drive) * Now VT.Unknown is not treated as a threat anymore * Now updater runs installer with /silent V2.2.0 01/28/2019 ================= - Updated: Signatures, package 20190121 - Updated to core 3.0.1 * Fixed: a crash in PE parser when file is driver protected * Ability to download signatures from YED server * Now ignoring excluded items from scanner * Added service detection by name - New: Added Automatic signatures updates from adlice.com YED server (Premium and FREE) - New: Added -updatesigs CLI command (update malware signatures) - New: Added -ignoreall CLI command (skip removal after a scan) - Improvment: Console refresh is now faster, making the whole scanner much faster - Improvment: Now showing signatures package version V2.1.0 01/07/2019 ================= - Updated to core 2.2.2 * Fixed an issue with installer and updater/DLL - Part 2 * Fixed possible crash on File IO operations * Fixed an issue with installer and updater/DLL * Fixed multiple dates * Fixed a issue in Filescanner where LNK arguments were not expanded for variable environment * Fixed a crash in scanner engine when scanning a file locked by driver * Fixed an issue in Curl, leading to download aborts on file sharing issue * Improved Curl file download, now retaining file handle on write (Windows Defender slow download fix) * Added UCheck mini-scan setting (Premium) - Added signatures V2.0.3 11/20/2018 ================= - Updated to core 2.0.22 - Added Registry heuristic scanner - Added signatures - Added deleteall CLI switch V2.0.2 11/09/2018 ================= - Fixed display issue for some items type - Updated to core 2.0.19 V2.0.1 11/07/2018 ================= - Updated engine to Yara 3.8.1 - Updated to core 2.0.18 - Minor fixes and enhancements V2.0.0 10/19/2018 ================= - Initial Release