白名单现在看父进程,如果父进程是白名单的子进程产生的行为都加白(不确定是否可靠,有待观察).

2022-09-02 15:23:34 +08:00
parent e3ae734150
commit fe69282d89
3 changed files with 6 additions and 2 deletions
--- a/Server/process.py
+++ b/Server/process.py
@@ -87,6 +87,7 @@ g_ProcessChainList = []
 class Process:
    def __init__(self, pid, ppid, path, params, time, md5, user, host, is_white=False):
        self.pid = pid
+        self.parent_process = None
        self.ppid = ppid
        self.path = path
        self.params = params
@@ -120,7 +121,7 @@ class Process:
        self.rmppid = rmppid

    def set_score(self, new_score, opertion):
-        if self.is_white:
+        if self.is_white or self.chain.root_process.is_white or self.parent_process.is_white:
            return
        if opertion not in self.operationlist:
            self.risk_score += new_score