static void Firewall_AccessDenied(string username, string app, string protocol, string source, string destination, string direction)
{
try
{
if (!Firewall.Apps.Contains(app))
{
if (!SettingsManager.Silence)
{
Firewall.Apps.Add(app);
KavprotVoice.SpeakAsync("Would you like to allow this network access");
DevComponents.DotNetBar.TaskDialogInfo inf = new DevComponents.DotNetBar.TaskDialogInfo();
inf.DialogButtons = DevComponents.DotNetBar.eTaskDialogButton.Yes | DevComponents.DotNetBar.eTaskDialogButton.No;
inf.Title = "Firewall Rule";
inf.Text = "An application is trying to connect to a remote host (" + destination + ") via " + protocol + " protocol. \n " + Path.GetFileName(app) + "\n do you want to authorize this connection?";
inf.TaskDialogIcon = DevComponents.DotNetBar.eTaskDialogIcon.Exclamation;
inf.Header = "Application Connection";
inf.FooterText = "Kavprot smart security";
inf.DialogColor = DevComponents.DotNetBar.eTaskDialogBackgroundColor.Silver;
DevComponents.DotNetBar.eTaskDialogResult dl = DevComponents.DotNetBar.TaskDialog.Show(inf);
if (dl == DevComponents.DotNetBar.eTaskDialogResult.Yes)
{
Firewall.Add("AllowAll", app);
}
else
{
Firewall.Add("DenyAll", app);
}
}
else
{
Firewall.Apps.Add(app);
if (!Scanner.CheckReputation(app))
{
Firewall.Add("AllowAll", app);
}
else
{
Firewall.Add("DenyAll", app);
}
}
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
static void FilterData(Session session)
{
if (session.fullUrl.EndsWith(".js") || session.fullUrl.EndsWith(".vbs") || session.fullUrl.EndsWith(".bat") || session.fullUrl.EndsWith(".com"))
{
object v = VDB.GetScript(Security.ConvertToHex(session.GetResponseBodyAsString()));
if (v != null)
{
KavprotVoice.SpeakAsync("A malicious code detected : " + v.ToString());
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
}
}
}
static object VoiceCommand(string text)
{
// add more
if (text.StartsWith("run process "))
{
Process.Start(text.Replace("run process", ""));
return("Process started");
}
else if (text.StartsWith("kill process "))
{
foreach (Process p in Process.GetProcessesByName(text.Replace("kill process", "")))
{
p.Kill();
}
return("Process killed");
}
else if (text.StartsWith("say "))
{
KavprotVoice.SpeakAsync(text.Replace("say", ""));
return("text said");
}
else if (text.StartsWith("shutdown computer in "))
{
KAVE.Windows.WindowsControl.Shutdown(Int32.Parse(text.Replace("shutdown computer in ", "").Replace("seconds", "")));
return("shuting down computer");
}
else if (text.StartsWith("reboot computer in "))
{
KAVE.Windows.WindowsControl.Reboot(Int32.Parse(text.Replace("rboot computer in ", "").Replace("seconds", "")));
return("rebooting computer");
}
else
{
KavprotVoice.SpeakAsync("Unknow command, try again");
return("Unknown command");
}
}
static bool SafeBrowse(Session session)
{
// WBSD
if (SettingsManager.WebAgentSmartDetection)
{
foreach (string word in Blockers)
{
if (session.fullUrl.Contains(word))
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("This url contains a blocked word.");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
}
}
// filter data
if (SettingsManager.ParentalControl)
{
BlackListResult result = CheckUrl(session.fullUrl);
if (result == BlackListResult.MalwareAttack)
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("A malware website access was blocked.");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
else if (result == BlackListResult.PhishingAttack)
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("A phishing website access was blocked");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Phishing Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Phishing Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PhishMessage));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
else if (result == BlackListResult.PornAttack)
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("A pornographic website access was blocked");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a P**n Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a P**n Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PornMSG));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
else if (result == BlackListResult.Undetermined)
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("Kavprot blocked this website for unknown reason");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Proxy Error") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart securityProxy ERROR") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.UnderterminedMSG));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
}
return(false);
}