Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
7 Example
The following sample rule will check that the target is running Windows 7 or 8, and
does not have Kaspersky or Norton installed.
example.rule
or { os.family(win7)
os.family(win8)
}
not import(kaspersky.rule)
not import(norton.rule)
kaspersky.rule
or { process(“avp.exe”).exists
directory(“%PROGRAMFILES%\\Kaspersky Lab”).exists
directory(“%PROGRAMFILES(X86)%\\Kaspersky Lab”).exists
}
norton.rule
or { process(“ccsvchst.exe“).exists
directory(“%PROGRAMFILES%\\Norton Internet Security“).exists
directory(“%PROGRAMFILES(X86)%\\Norton Internet Security“).exists
directory(“%PROGRAMFILES%\\Norton 360“).exists
directory(“%PROGRAMFILES(X86)%\\Norton 360“).exists
}
68
SECRET//NOFORN