Example #1
0
        static void Firewall_AccessDenied(string username, string app, string protocol, string source, string destination, string direction)
        {
            try
            {
                if (!Firewall.Apps.Contains(app))
                {
                    if (!SettingsManager.Silence)
                    {
                        Firewall.Apps.Add(app);
                        KavprotVoice.SpeakAsync("Would you like to allow this network access");
                        DevComponents.DotNetBar.TaskDialogInfo inf = new DevComponents.DotNetBar.TaskDialogInfo();
                        inf.DialogButtons = DevComponents.DotNetBar.eTaskDialogButton.Yes | DevComponents.DotNetBar.eTaskDialogButton.No;

                        inf.Title          = "Firewall Rule";
                        inf.Text           = "An application is trying to connect to a remote host (" + destination + ") via " + protocol + " protocol. \n " + Path.GetFileName(app) + "\n do you want to authorize this connection?";
                        inf.TaskDialogIcon = DevComponents.DotNetBar.eTaskDialogIcon.Exclamation;
                        inf.Header         = "Application Connection";
                        inf.FooterText     = "Kavprot smart security";
                        inf.DialogColor    = DevComponents.DotNetBar.eTaskDialogBackgroundColor.Silver;

                        DevComponents.DotNetBar.eTaskDialogResult dl = DevComponents.DotNetBar.TaskDialog.Show(inf);

                        if (dl == DevComponents.DotNetBar.eTaskDialogResult.Yes)
                        {
                            Firewall.Add("AllowAll", app);
                        }
                        else
                        {
                            Firewall.Add("DenyAll", app);
                        }
                    }
                    else
                    {
                        Firewall.Apps.Add(app);
                        if (!Scanner.CheckReputation(app))
                        {
                            Firewall.Add("AllowAll", app);
                        }
                        else
                        {
                            Firewall.Add("DenyAll", app);
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                AntiCrash.LogException(ex);
            }
            finally
            {
            }
        }
Example #2
0
 static void FilterData(Session session)
 {
     if (session.fullUrl.EndsWith(".js") || session.fullUrl.EndsWith(".vbs") || session.fullUrl.EndsWith(".bat") || session.fullUrl.EndsWith(".com"))
     {
         object v = VDB.GetScript(Security.ConvertToHex(session.GetResponseBodyAsString()));
         if (v != null)
         {
             KavprotVoice.SpeakAsync("A malicious code detected : " + v.ToString());
             session.utilCreateResponseAndBypassServer();
             session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage));
             session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
         }
     }
 }
Example #3
0
 static object VoiceCommand(string text)
 {
     // add more
     if (text.StartsWith("run process "))
     {
         Process.Start(text.Replace("run process", ""));
         return("Process started");
     }
     else if (text.StartsWith("kill process "))
     {
         foreach (Process p in Process.GetProcessesByName(text.Replace("kill process", "")))
         {
             p.Kill();
         }
         return("Process killed");
     }
     else if (text.StartsWith("say "))
     {
         KavprotVoice.SpeakAsync(text.Replace("say", ""));
         return("text said");
     }
     else if (text.StartsWith("shutdown computer in "))
     {
         KAVE.Windows.WindowsControl.Shutdown(Int32.Parse(text.Replace("shutdown computer in ", "").Replace("seconds", "")));
         return("shuting down computer");
     }
     else if (text.StartsWith("reboot computer in "))
     {
         KAVE.Windows.WindowsControl.Reboot(Int32.Parse(text.Replace("rboot computer in ", "").Replace("seconds", "")));
         return("rebooting computer");
     }
     else
     {
         KavprotVoice.SpeakAsync("Unknow command, try again");
         return("Unknown command");
     }
 }
Example #4
0
        static bool SafeBrowse(Session session)
        {
            // WBSD
            if (SettingsManager.WebAgentSmartDetection)
            {
                foreach (string word in Blockers)
                {
                    if (session.fullUrl.Contains(word))
                    {
                        if (SettingsManager.BlockUrls)
                        {
                            KavprotVoice.SpeakAsync("This url contains a blocked word.");
                            session.utilCreateResponseAndBypassServer();
                            session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage));
                            session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
                            return(true);
                        }
                    }
                }
            }

            // filter data
            if (SettingsManager.ParentalControl)
            {
                BlackListResult result = CheckUrl(session.fullUrl);
                if (result == BlackListResult.MalwareAttack)
                {
                    if (SettingsManager.BlockUrls)
                    {
                        KavprotVoice.SpeakAsync("A malware website access was blocked.");
                        session.utilCreateResponseAndBypassServer();
                        session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage));
                        session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
                        return(true);
                    }
                }
                else if (result == BlackListResult.PhishingAttack)
                {
                    if (SettingsManager.BlockUrls)
                    {
                        KavprotVoice.SpeakAsync("A phishing website access was blocked");

                        session.utilCreateResponseAndBypassServer();

                        session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Phishing Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Phishing Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PhishMessage));
                        session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
                        return(true);
                    }
                }
                else if (result == BlackListResult.PornAttack)
                {
                    if (SettingsManager.BlockUrls)
                    {
                        KavprotVoice.SpeakAsync("A pornographic website access was blocked");

                        session.utilCreateResponseAndBypassServer();

                        session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a P**n Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a P**n Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PornMSG));
                        session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
                        return(true);
                    }
                }
                else if (result == BlackListResult.Undetermined)
                {
                    if (SettingsManager.BlockUrls)
                    {
                        KavprotVoice.SpeakAsync("Kavprot blocked this website for unknown reason");
                        session.utilCreateResponseAndBypassServer();
                        session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Proxy Error") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart securityProxy ERROR") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.UnderterminedMSG));
                        session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
                        return(true);
                    }
                }
            }


            return(false);
        }