| Server IP : 180.180.241.3 / Your IP : 216.73.216.252 Web Server : Microsoft-IIS/7.5 System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586 User : IUSR ( 0) PHP Version : 5.3.28 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /ProgramData/Sophos/AutoUpdate/data/warehouse/ |
Upload File : |
<?xml version="1.0" ?>
<configuration prodver="102" version="7">
<components>
<configurationManager>
<aliases>
<!--
List of aliases
-->
<item alias="Logging" path="configuration/components/logging"/>
<item alias="LocalisationComponent" path="configuration/components/localisation"/>
<item alias="OnAccessScan" path="configuration/scanTemplates/onAccessScan"/>
<item alias="OnDemandScanTemplate" path="configuration/scanTemplates/onDemandScan"/>
<item alias="RightClickScanTemplate" path="configuration/scanTemplates/rightClickScan"/>
<item alias="ShellExtension" path="configuration/components/shellExtension"/>
<item alias="TranslatorFactory" path="configuration/components/translatorFactory"/>
<item alias="Registry" path="configuration/external/registry"/>
<item alias="Sophtainer" path="configuration/external/sophtainer"/>
<item alias="ConsumerFactory" path="configuration/components/consumerFactory"/>
<item alias="EventLogGlobal" path="configuration/external/registry/falcon/EventSource"/>
<item alias="ProductInfo" path="configuration/productInfo"/>
<item alias="ScanJobSchema" path="configuration/scanJobSchema"/>
<item alias="ScanJobs" path="configuration/scanJobs"/>
<item alias="ScanSummaries" path="configuration/scanSummaries"/>
<item alias="SmtpGlobals" path="configuration/notification/consumers/smtpConsumer/settings"/>
<item alias="EEGlobals" path="configuration/notification/consumers/eeConsumer/settings"/>
<item alias="QuarantineManager" path="configuration/quarantineManager"/>
<item alias="QuarantineActions" path="configuration/quarantineManager/actions"/>
<item alias="Locales" path="configuration/locales"/>
<item alias="ExclusionGlobals" path="configuration/TDE/processors/ExclusionFilterProcessor/settings"/>
<item alias="UserDefinedMessage" path="configuration/UserDefinedMessage"/>
<item alias="ICManagementOptions" path="configuration/components/ICManagement"/>
<item alias="ICfixedExclusions" path="configuration/components/ICManagement/ICfixedExclusions"/>
<item alias="ICPerProcessExclusions" path="configuration/components/ICManagement/ICPerProcessExclusions"/>
<item alias="SNMPGlobals" path="configuration/notification/consumers/SNMPMessaging/settings"/>
<item alias="VEAdapterGlobals" path="configuration/TDE/processors/VEAdapter/settings"/>
<item alias="SIPSManagement" path="configuration/components/sipsManagement"/>
<item alias="AuthorisationListManager" path="configuration/authorisationListManager"/>
<item alias="SIPSMessaging" path="configuration/scanTemplates/sipsMessaging"/>
<item alias="WebScanning" path="configuration/scanTemplates/webScanning"/>
<item alias="WebScanningGlobals" path="configuration/components/bhoManagement"/>
<item alias="DCManagementOptions" path="configuration/components/DCManagement"/>
<item alias="DisabledDeviceListManager" path="configuration/disabledDeviceListManager" />
<item alias="DeviceControlManager" path="configuration/deviceControlManager" />
<item alias="DeviceControlManagerPolicy" path="configuration/components/DeviceControlManager" />
<item alias="DeviceControlReporting" path="configuration/scanTemplates/deviceControl" />
<item alias="DataControlReporting" path="configuration/scanTemplates/dataControl"/>
<item alias="DLPManager" path="configuration/components/DataControl"/>
<item alias="swiManagement" path="configuration/components/swiManagement"/>
<item alias="swiMessaging" path="configuration/scanTemplates/swiMessaging"/>
<item alias="DetectionFeedback" path="configuration/components/DetectionFeedback"/>
<item alias="TamperProtectionManagement" path="configuration/components/TamperProtectionManagement"/>
<item alias="TamperProtectionReporting" path="configuration/scanTemplates/tamperProtection"/>
<item alias="ContinuousScanOptions" path="configuration/components/ICManagement/cscan"/>
<item alias="ThreatCauseFactory" path="configuration/components/ThreatCauseFactory"/>
<item alias="JournalProcessors" path="configuration/TDE/processors/journalProcessors/settings"/>
<item alias="ApplicationManagement" path="configuration/components/ApplicationManagement"/>
<item alias="VEManagerGlobals" path="configuration/components/VEManager/settings"/>
<item alias="SEDManagement" path="configuration/components/SEDManagement"/>
</aliases>
<!--
Interval for saving the configuration files. In milliseconds.
-->
<autoSaveInterval>10000</autoSaveInterval>
<security>
<!-- CLSID of SavSecurity.SecurityManager -->
<securityManager>{CE151C3B-36A1-47AE-B2F4-BF755E54DA5B}</securityManager>
<roles>
<role name="SophosAdministrator"/>
<role name="SophosPowerUser"/>
<role name="SophosUser"/>
</roles>
<policies>
<!--
The default policy
If no policy is specified for a secured tree then this policy will apply.
-->
<policy id="0">
<defaults>
<read>yes</read>
<edit>yes</edit>
<use>yes</use>
<addSubnodes>yes</addSubnodes>
<deleteSubnodes>yes</deleteSubnodes>
<changeSecurity>yes</changeSecurity>
<customise>yes</customise>
</defaults>
</policy>
<policy id="1">
<permissionGroup>
<permission>edit</permission>
<roleList>
<role>SophosAdministrator</role>
</roleList>
</permissionGroup>
<permissionGroup>
<permission>addSubnodes</permission>
<roleList>
<role>SophosAdministrator</role>
</roleList>
</permissionGroup>
<permissionGroup>
<permission>deleteSubnodes</permission>
<roleList>
<role>SophosAdministrator</role>
</roleList>
</permissionGroup>
<permissionGroup>
<permission>changeSecurity</permission>
<roleList>
<role>SophosAdministrator</role>
</roleList>
</permissionGroup>
<defaults>
<read>yes</read>
<edit>no</edit>
<use>yes</use>
<addSubnodes>no</addSubnodes>
<deleteSubnodes>no</deleteSubnodes>
<changeSecurity>no</changeSecurity>
<customise>yes</customise>
</defaults>
</policy>
</policies>
</security>
</configurationManager>
<consumerFactory>
<item itemName="ConnectionPoint">
<enabled>true</enabled>
<componentID>
<item context="work">Logging.LogConnectionPoint.1</item>
</componentID>
<globals/>
</item>
<item itemName="Filter">
<enabled>true</enabled>
<componentID>
<item context="work">Logging.LogFilter.1</item>
</componentID>
<globals/>
</item>
<!-- Information about the consumers from here -->
<item itemName="EEConsumer">
<enabled>true</enabled>
<componentID>
<item context="work">EEConsumer.Consumer.1</item>
</componentID>
<globals>EEGlobals</globals>
</item>
<item itemName="DesktopConsumer">
<enabled>true</enabled>
<componentID>
<item context="work">Logging.DesktopConsumer.1</item>
<item context="edit">Logging.DesktopConsumer.1</item>
</componentID>
<globals/>
</item>
<item itemName="EventLog">
<enabled>true</enabled>
<componentID>
<item context="work">Logging.EventLog.1</item>
<item context="edit">Logging.EventLog.1</item>
</componentID>
<globals>EventLogGlobal</globals>
</item>
<item itemName="FileLog">
<enabled>true</enabled>
<componentID>
<item context="work">Logging.FileLog.1</item>
<item context="edit">Logging.FileLog.1</item>
</componentID>
<globals/>
</item>
<item itemName="SmtpConsumer">
<enabled>true</enabled>
<componentID>
<item context="work">Logging.SmtpConsumer.1</item>
<item context="edit">Logging.SmtpConsumer.1</item>
</componentID>
<globals>SmtpGlobals</globals>
</item>
<item itemName="SNMPMessaging">
<enabled>true</enabled>
<componentID>
<item context="work">LegacyConsumers.SNMPMessaging.1</item>
<item context="edit">LegacyConsumers.SNMPMessaging.1</item>
</componentID>
<globals>SNMPGlobals</globals>
</item>
</consumerFactory>
<localisation>
<resources>
<application>
<directory/>
<messageTable>
<file>SavRes.dll</file>
</messageTable>
</application>
<component>
<item id="0" file="SavRes.dll"/>
</component>
</resources>
</localisation>
<logging>
<logController>
<source>ConnPt</source>
<nodes>
<!-- the connection point that all workstation consumers attach to -->
<item name="ConnPt">
<type>ConnectionPoint</type>
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<source/>
<settings/>
</item>
<!-- the consumer for management agent events -->
<item name="EEConsumer">
<type>EEConsumer</type>
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<source>ConnPt</source>
<settings>
<filtering>
<item itemName="Virus">70</item>
<item itemName="Pua">70</item>
<item itemName="Configuration">60</item>
<item itemName="Scanning">70</item>
<item itemName="Update">60</item>
<item itemName="OnAccess">70</item>
<item itemName="SAVAdapter">60</item>
<item itemName="Other">60</item>
<item itemName="SuspiciousFile">70</item>
<item itemName="SuspiciousBehaviour">70</item>
<item itemName="ApplicationControl">70</item>
<item itemName="DataControl">70</item>
<item itemName="DeviceControl">70</item>
<item itemName="TamperProtection">70</item>
<item itemName="ApplicationManagement">70</item>
</filtering>
</settings>
</item>
</nodes>
</logController>
<logSources>
<settings>
<sink>ConnPt</sink>
<logLevel>40</logLevel>
</settings>
<sourceList>
<item itemName="Debug">
<progID>Logging.DebugLogSource</progID>
</item>
<item itemName="User">
<progID>Logging.UserLogSource</progID>
</item>
</sourceList>
</logSources>
<workstation>
<consumers>
<item itemName="EventLog">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<locale>2048</locale>
<filtering>
<item itemName="Virus">90</item>
<item itemName="Pua">90</item>
<item itemName="SuspiciousFile">90</item>
<item itemName="SuspiciousBehaviour">90</item>
<item itemName="ApplicationControl">90</item>
</filtering>
</settings>
</item>
<item itemName="FileLog">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filename dir="common_appdata">Sophos\Sophos Anti-Virus\logs\SAV.txt</filename>
<locale>2048</locale>
<compression>true</compression>
<rotation>
<enabled>true</enabled>
<!-- 1 month -->
<interval>196609</interval>
<oldlogs>4</oldlogs>
<overwrite>false</overwrite>
</rotation>
<filtering>
<item itemName="Virus">70</item>
<item itemName="Pua">70</item>
<item itemName="Configuration">60</item>
<item itemName="Scanning">70</item>
<item itemName="Update">60</item>
<item itemName="OnAccess">70</item>
<item itemName="Other">60</item>
<item itemName="SuspiciousFile">70</item>
<item itemName="SuspiciousBehaviour">70</item>
<item itemName="ApplicationControl">70</item>
<item itemName="ApplicationManagement">70</item>
</filtering>
</settings>
</item>
<item itemName="SmtpConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering/>
<messageFields>
<subject>SAV message from: %MACHINE%</subject>
<recipients/>
</messageFields>
<template>%BODY%</template>
<sendWhenIdle>true</sendWhenIdle>
</settings>
</item>
<item itemName="SNMPMessaging">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering/>
</settings>
</item>
<item itemName="DesktopConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<locale>2048</locale>
<filtering>
<item itemName="HomeDesktop">90</item>
</filtering>
</settings>
</item>
</consumers>
</workstation>
</logging>
<translatorFactory>
<!--
List of translators we can create
-->
<item>Translators.Clip</item>
<item>Translators.Value</item>
<item>Translators.SingleDataList</item>
<item>Translators.List</item>
<item>Translators.PathTranslator</item>
<item>Translators.DateTranslator</item>
<item>Translators.PersistanceTranslator</item>
<item>Translators.ExtensionList</item>
</translatorFactory>
<ICManagement>
<useNetworkChecksums>true</useNetworkChecksums>
<numInitialEngines>2</numInitialEngines>
<asyncOnClose>true</asyncOnClose>
<asyncQueueSize>1024</asyncQueueSize>
<oplockTimeoutMs>30000</oplockTimeoutMs>
<msiOptimization>true</msiOptimization>
<onlyScanPEOnExecute>true</onlyScanPEOnExecute>
<enableReputationLookups>true</enableReputationLookups>
<localChecksums>
<status>auto</status>
<autoThreshold>256</autoThreshold>
</localChecksums>
<ICfixedExclusions>
<item>ntuser.dat</item>
<item>ntuser.dat.log</item>
<item>usrclass.dat</item>
<item>usrclass.dat.log</item>
</ICfixedExclusions>
<ICPerProcessExclusions>
<processList>
<item itemName="csrss1">
<flags>A</flags>
<name>%SystemRoot%\system32\csrss.exe</name>
<folderList>
<item itemName="%SystemRoot%\winsxs\manifests">
<folderName>%SystemRoot%\winsxs\manifests</folderName>
<extensionList>
<item>.manifest</item>
</extensionList>
</item>
<item itemName="%SystemRoot%\winsxs">
<folderName>%SystemRoot%\winsxs</folderName>
<extensionList>
<item>.policy</item>
</extensionList>
</item>
</folderList>
</item>
<item itemName="csrss2">
<flags>AP</flags>
<name>%SystemRoot%\system32\csrss.exe</name>
<folderList>
<item itemName="all">
<folderName>*</folderName>
<extensionList>
<item>.*</item>
</extensionList>
</item>
</folderList>
</item>
<item itemName="csrss3">
<flags>DX</flags>
<name>%SystemRoot%\system32\csrss.exe</name>
<folderList>
<item itemName="all">
<folderName>*</folderName>
<extensionList/>
</item>
</folderList>
</item>
<item itemName="all">
<flags>D</flags>
<name>*</name>
<folderList>
<item itemName="%SystemRoot%\fonts">
<folderName>%SystemRoot%\fonts</folderName>
<extensionList>
<item>.fon</item>
<item>.ttf</item>
</extensionList>
</item>
<item itemName="\$Extend">
<folderName>\$Extend</folderName>
<extensionList>
<item></item>
</extensionList>
</item>
</folderList>
</item>
</processList>
</ICPerProcessExclusions>
<cscan>
<scanKernelMemory>true</scanKernelMemory>
<disableCleanup>false</disableCleanup>
</cscan>
<cookie/>
</ICManagement>
<sipsManagement>
<runtimeBehaviour>
<enabled>true</enabled>
<bufferOverflowProtection>
<enabled>true</enabled>
<allowActions>true</allowActions>
</bufferOverflowProtection>
<resourceShield>
<enabled>true</enabled>
<suspicious>
<enabled>true</enabled>
<allowActions>false</allowActions>
<skipInstallers>false</skipInstallers>
</suspicious>
</resourceShield>
</runtimeBehaviour>
</sipsManagement>
<swiManagement>
<enabled>true</enabled>
<exclusions/>
<sxlTimeout>1000</sxlTimeout>
<sxlMaxRetries>2</sxlMaxRetries>
</swiManagement>
<bhoManagement>
<maxEngines>5</maxEngines>
<reputationEnabled>true</reputationEnabled>
<reputationMode>0</reputationMode>
<reputationAction>0</reputationAction>
<reputationEnabledForOnDemandScans>true</reputationEnabledForOnDemandScans>
</bhoManagement>
<DCManagement>
<serviceControlTimeout>30000</serviceControlTimeout>
<maxServiceStartAttempts>3</maxServiceStartAttempts>
<serviceStartAttemptInterval>15000</serviceStartAttemptInterval>
</DCManagement>
<DataControl>
<settings>
<enabled>false</enabled>
<showPlugin>false</showPlugin>
<extractArchives>true</extractArchives>
<searchTimeout>300</searchTimeout>
<updateWaitTimeout>3000</updateWaitTimeout>
</settings>
<rules/>
<desktopMessaging>
<item itemName="block">
<messageType>block</messageType>
<messageString></messageString>
<displayRule>true</displayRule>
</item>
<item itemName="overridableBlock">
<messageType>overridableBlock</messageType>
<messageString></messageString>
<displayRule>true</displayRule>
</item>
</desktopMessaging>
<appDetector>
<item itemName="ApplicationControl">
<name>ApplicationControl</name>
<value>1</value>
</item>
</appDetector>
<textExtractor>
<item itemName="TrueFileTypeDetection">
<name>TrueFileTypeDetection</name>
<value>1</value>
</item>
<item itemName="StorageDetOnly">
<name>StorageDetOnly</name>
<value>1</value>
</item>
<item itemName="WordText">
<name>WordText</name>
<value>1</value>
</item>
<item itemName="AlwaysReportEncrypted">
<name>AlwaysReportEncrypted</name>
<value>1</value>
</item>
<item itemName="EnableAutoStop">
<name>EnableAutoStop</name>
<value>1</value>
</item>
<!-- The following items are analagous to GrpInternet as of 25/01/2012
[engine]
TNEF, MSO, APPLE, HTML, OLERAW, HTTP, MIME, BASE64, VBE, MBOX, OE, FLTR, UTF16, JAVA
[SAVI]
TnefAttachmentHandling ActiveMimeHandling AppleSingle Html
OleRawHandling Http Mime Base64 Vbe Mbox OutlookExpress
VbFiltering UTF16 Java
Set the group members explicitly - omitting Base64 - in order to solve DEF77296
-->
<item itemName="TnefAttachmentHandling">
<name>TnefAttachmentHandling</name>
<value>1</value>
</item>
<item itemName="ActiveMimeHandling">
<name>ActiveMimeHandling</name>
<value>1</value>
</item>
<item itemName="AppleSingle">
<name>AppleSingle</name>
<value>1</value>
</item>
<item itemName="Html">
<name>Html</name>
<value>1</value>
</item>
<item itemName="OleRawHandling">
<name>OleRawHandling</name>
<value>1</value>
</item>
<item itemName="Http">
<name>Http</name>
<value>1</value>
</item>
<item itemName="Mime">
<name>Mime</name>
<value>1</value>
</item>
<item itemName="Vbe">
<name>Vbe</name>
<value>1</value>
</item>
<item itemName="Mbox">
<name>Mbox</name>
<value>1</value>
</item>
<item itemName="OutlookExpress">
<name>OutlookExpress</name>
<value>1</value>
</item>
<item itemName="VbFiltering">
<name>VbFiltering</name>
<value>1</value>
</item>
<item itemName="UTF16">
<name>UTF16</name>
<value>1</value>
</item>
<item itemName="Java">
<name>Java</name>
<value>1</value>
</item>
<!-- End GrpInternet analogue -->
</textExtractor>
<processExclusions>
<item itemName="DTVaultLock.exe">
<executable>DTVaultLock.exe</executable>
<exclusions>
<item itemName="000">
<path>\desktop.ini</path>
<flags>1</flags>
</item>
<item itemName="001">
<path>\Logout DTVaultLock.lnk</path>
<flags>1</flags>
</item>
</exclusions>
</item>
<item itemName="IronKey.exe">
<executable>IronKey.exe</executable>
<exclusions>
<item itemName="000">
<path>\autorun.inf</path>
<flags>1</flags>
</item>
</exclusions>
</item>
<item itemName="ExmpSrv.exe">
<executable>ExmpSrv.exe</executable>
<exclusions>
<item itemName="000">
<path>\Application Data\support\ExmpSrv_exmp.log</path>
<flags>1</flags>
</item>
<item itemName="001">
<path>\DTSecure Privacy\support\ExmpSrv_exmp.log</path>
<flags>1</flags>
</item>
<item itemName="002">
<path>\ExmpSrv_exmp.log</path>
<flags>1</flags>
</item>
</exclusions>
</item>
<item itemName="exmpsrv.exe">
<executable>exmpsrv.exe</executable>
<exclusions>
<item itemName="000">
<path>\DTBB\support\ExmpSrv_exmp.log</path>
<flags>1</flags>
</item>
</exclusions>
</item>
<item itemName="DTVP_Launcher.exe">
<executable>DTVP_Launcher.exe</executable>
<exclusions>
<item itemName="000">
<path>\DTVPLog.log</path>
<flags>1</flags>
</item>
</exclusions>
</item>
<item itemName="CruzerPro.exe">
<executable>CruzerPro.exe</executable>
<exclusions>
<item itemName="000">
<path>\desktop.ini</path>
<flags>1</flags>
</item>
<item itemName="001">
<path>\Logout Privacy Zone.lnk</path>
<flags>1</flags>
</item>
</exclusions>
</item>
<item itemName="ACCESSCAPSClient.exe">
<executable>ACCESSCAPSClient.exe</executable>
<exclusions>
<item itemName="000">
<path>\__SSDADM.BIN</path>
<flags>1</flags>
</item>
</exclusions>
</item>
<item itemName="explorer.exe">
<executable>explorer.exe</executable>
<exclusions>
<item itemName="000">
<path>\$Extend\$Quota:$Q</path>
<flags>1</flags>
</item>
<item itemName="001">
<path>thumbs.db</path>
<flags>1</flags>
</item>
<item itemName="002">
<path>thumbs.db:encryptable</path>
<flags>1</flags>
</item>
</exclusions>
</item>
<item itemName="svchost.exe">
<executable>svchost.exe</executable>
<exclusions>
<item itemName="000">
<path>\System Volume Information\tracking.log</path>
<flags>1</flags>
</item>
</exclusions>
</item>
</processExclusions>
</DataControl>
<DeviceControlManager>
<settings>
<enabled>false</enabled>
<alertOnly>false</alertOnly>
<desktopMessage></desktopMessage>
</settings>
<rules>
</rules>
</DeviceControlManager>
<TamperProtectionManagement>
<settings>
<enabled>false</enabled>
<password></password>
</settings>
</TamperProtectionManagement>
<ApplicationManagement>
<Settings>
<mode>managed</mode>
</Settings>
<Detection>
<enabled>false</enabled>
<detected></detected>
</Detection>
<AutoExclusions>
<enabled>false</enabled>
<onAccess>
<fileAndFolder></fileAndFolder>
<process></process>
</onAccess>
<onDemand>
<fileAndFolder></fileAndFolder>
</onDemand>
</AutoExclusions>
</ApplicationManagement>
<SEDManagement>
<settings>
<aggressiveEmailScan>false</aggressiveEmailScan>
</settings>
</SEDManagement>
<DetectionFeedback>
<settings>
<lookupDomain>samples.sophosxl.net</lookupDomain>
<!-- MB (currently unused) -->
<maxQueueSize>30</maxQueueSize>
</settings>
</DetectionFeedback>
<ThreatCauseFactory>
<maxComponents>1000</maxComponents>
</ThreatCauseFactory>
<VEManager>
<settings>
<updateTimeout>4</updateTimeout>
<ideMode>2</ideMode>
<vdlMode>2</vdlMode>
<cloud>
<saviOptions>
<item itemName="SXLTimeout">
<name>SXLTimeout</name>
<!-- ms -->
<value>250</value>
</item>
<item itemName="SXLMaxSessions">
<name>SXLMaxSessions</name>
<value>10</value>
</item>
<item itemName="SXLTopLevelDomain">
<name>SXLTopLevelDomain</name>
<value>s.sophosxl.net</value>
</item>
<item itemName="SXLCacheFileStub">
<name>SXLCacheFileStub</name>
<value dir="COMMON_APPDATA">Sophos\Sophos Anti-Virus\Config\C</value>
</item>
</saviOptions>
</cloud>
<scanner>
<onDemandSxlLookups>true</onDemandSxlLookups>
<saviOptions>
<item itemName="SXLDetectionLookups">
<name>SXLDetectionLookups</name>
<value>1</value>
</item>
<item itemName="SampleSubmit">
<name>SampleSubmit</name>
<value>0</value>
</item>
<item itemName="MaxSampleSubmitSize">
<name>MaxSampleSubmitSize</name>
<!-- kb -->
<value>10240</value>
</item>
</saviOptions>
</scanner>
</settings>
</VEManager>
</components>
<!--
External configuration nodes
-->
<external>
<registry>
<falcon path="Software\\Sophos\\SAVService\\Application"/>
</registry>
</external>
<!--
Supported locales
-->
<locales>
<locale>1028</locale>
<locale>1031</locale>
<locale>1033</locale>
<locale>1034</locale>
<locale>1036</locale>
<locale>1040</locale>
<locale>1041</locale>
<locale>2052</locale>
</locales>
<!--
Global messaging settings
-->
<notification>
<consumers>
<smtpConsumer>
<settings>
<locale>1033</locale>
<method>smtp</method>
<batch>25</batch>
<server>
<name/>
<authentication>
<active>false</active>
<userName/>
<password/>
</authentication>
</server>
<sender/>
<replyTo/>
<from/>
</settings>
</smtpConsumer>
<SNMPMessaging>
<settings>
<locale></locale>
<managerAddress></managerAddress>
<managerPort></managerPort>
<communityString></communityString>
<cleanCtrlChars>false</cleanCtrlChars>
<version>1</version>
</settings>
</SNMPMessaging>
<eeConsumer>
<settings>
<!-- Black list of message IDs suppressed by the EE consumer.
Put lowercase hexadecimal numbers here -->
<blackList>
<item>0xa0250009</item> <!-- ID_SAVI_SCAN_ERROR -->
<item>0xa0050014</item> <!-- E_CONFIG_NOT_UPGRADED -->
<item>0xe03d0035</item> <!-- MSG_ID_IO_METHOD_NOT_SUPPORTED -->
<item>0xe03d003f</item> <!-- MSG_ID_MNTMGR_REQUEST_FAILED -->
<item>0xe03d0055</item> <!-- MSG_ID_FILE_POST_TIMEOUT -->
<item>0xe03d0054</item> <!-- MSG_ID_MESSAGE_THROTTLING_STOPPED -->
<item>0xe03d0053</item> <!-- MSG_ID_MESSAGE_THROTTLING -->
<item>0xe03d0052</item> <!-- MSG_ID_FILE_CONTINUATION -->
<item>0xe03d0051</item> <!-- MSG_ID_FILE_CHECK_FAILURE -->
<item>0xe03d0050</item> <!-- MSG_ID_FILE_CHECK_SERVICE_BUSY_ERROR -->
<item>0xe03d0210</item> <!-- MSG_ID_RS_REGISTRY_KEY_REPORT_FAILED -->
<item>0xe03d0211</item> <!-- MSG_ID_RS_REGISTRY_VALUE_REPORT_FAILED -->
<item>0xe03d0222</item> <!-- MSG_ID_RS_PROCESS_REPORT_FAILED -->
<item>0xe03d0231</item> <!-- MSG_ID_RS_FILE_REPORT_FAILED -->
<item>0xe03d0241</item> <!-- MSG_ID_RS_IPCONNECT_REPORT_FAILED -->
<item>0xe03d0250</item> <!-- MSG_ID_RS_REMOTETHREAD_REPORT_FAILED -->
<item>0xe03d0260</item> <!-- MSG_ID_RS_LOAD_DRIVER_REPORT_FAILED -->
<item>0xe03d0233</item> <!-- MSG_ID_RS_REGISTRY_KEY_REPORT_FAILED_EX -->
<item>0xe03d0234</item> <!-- MSG_ID_RS_REGISTRY_VALUE_REPORT_FAILED_EX -->
<item>0xe03d0235</item> <!-- MSG_ID_RS_PROCESS_CREATE_REPORT_FAILED -->
<item>0xe03d0237</item> <!-- MSG_ID_RS_PROCESS_DELETE_REPORT_FAILED -->
<item>0xe03d0236</item> <!-- MSG_ID_RS_FILE_REPORT_FAILED_EX -->
<item>0xa0520000</item> <!-- E_DC_SERVICE_START_FAILED -->
<item>0xa0500011</item> <!-- ID_SIPS_RS_ERROR_WITH_PROCESS -->
<item>0xa0500012</item> <!-- ID_SIPS_RS_ERROR -->
<item>0xa0520032</item> <!-- E_DC_FAILED_TO_PROCESS_DEVICE -->
<item>0xa054000f</item> <!-- E_DATC_CHECK_ERROR -->
<item>0xa0540010</item> <!-- E_DATC_SAVI_ERROR -->
<item>0xa0570002</item> <!-- ID_DFB_SUBMIT_FAILED -->
<item>0xa0570005</item> <!-- ID_DFB_SUBMIT_FAILED_HTTP -->
<item>0xa025003b</item> <!-- ID_SCAN_MUST_CLEANUP_FIRST -->
<item>0xa0200006</item> <!-- E_FSDW_ERROR_PATH_NOT_FOUND -->
<item>0xa020000c</item> <!-- E_FSDW_ERROR_UNKNOWN_ERROR -->
<item>0xa01e0004</item> <!-- E_RAWFS_TIMED_OUT -->
<item>0xa0290001</item> <!-- ID_FAILED_TO_OPEN_VOLUME -->
<item>0xa0290002</item> <!-- ID_MALICIOUS_GOLDEN_FILE -->
<item>0x20290003</item> <!-- ID_USING_SCAN_OPT_CACHE -->
<item>0x20290004</item> <!-- ID_USING_GOLDEN_SCAN_OPT_CACHE -->
<item>0xa0290005</item> <!-- ID_REPLACING_SCAN_OPT_CACHE -->
<item>0xa0290006</item> <!-- ID_UNAVAILABLE_SCAN_OPT_CACHE -->
<item>0xa0290007</item> <!-- ID_UNUSED_GOLDEN_SCAN_OPT_CACHE -->
<item>0xa0290008</item> <!-- ID_JOURNAL_TRACKING_HALTED -->
<item>0xa0290009</item> <!-- ID_UNSUPPORTED_FS_TYPE -->
<item>0xa029000a</item> <!-- ID_READ_ONLY_VOLUME -->
<item>0xa029000b</item> <!-- ID_UNSUPPORTED_JOURNAL_VERSION -->
<item>0xa029000c</item> <!-- ID_JOURNAL_DELETED -->
<item>0xa029000d</item> <!-- ID_JOURNAL_CHANGED -->
<item>0xa01e0005</item> <!-- E_RAWFS_REFS_FS -->
</blackList>
<!-- White list of message IDs always sent by the EE consumer.
Put lowercase hexadecimal numbers here -->
<whiteList>
<item>0xa0580006</item> <!-- E_URLSCAN_CRITICAL_ERR -->
<item>0xa058000c</item> <!-- E_INVALID_LSPCONFIG -->
<item>0xa04b000a</item> <!-- E_CANT_MOVE_NOLOCATION -->
<item>0xa04b0009</item> <!-- E_CANT_MOVE_ACCESSDENIED -->
<item>0xa04b0002</item> <!-- E_CANT_MOVE -->
<item>0xa04b0008</item> <!-- E_CANT_DELETE_ACCESSDENIED -->
<item>0xa04b0003</item> <!-- E_CANT_DELETE -->
<item>0xa04b0000</item> <!-- E_PURGED -->
<item>0xa04b0001</item> <!-- E_INPROCESS -->
<item>0x2028000c</item> <!-- S_ABORT_SCAN -->
<item>0x2028000e</item> <!-- S_COMPLETE_SCAN -->
<item>0x204b000c</item> <!-- ID_NEW_VIRUS_THREAT_DETECTED -->
<item>0x204b000d</item> <!-- ID_VIRUS_THREAT_CLEANED_UP -->
<item>0x204b000b</item> <!-- ID_PUA_ACTION_INFO -->
<item>0xa04b0011</item> <!-- ID_THREAT_NOT_IN_QUARANTINE -->
<item>0xa04b0012</item> <!-- ID_THREAT_ITEM_NOT_IN_QUARANTINE -->
<item>0x204b0013</item> <!-- ID_NEW_MCM_THREAT_DETECTED -->
<item>0x204b0014</item> <!-- ID_MCM_THREAT_CLEANED_UP -->
<item>0x204b0015</item> <!-- ID_INFECTED_FILE_DELETED -->
<item>0x204b0016</item> <!-- ID_INFECTED_FILE_MOVED -->
<item>0xa0250026</item> <!-- ID_MCM_NOT_REMOVED -->
<item>0xa0250012</item> <!-- ID_PUA_NOT_REMOVED -->
<item>0x204b0017</item> <!-- ID_NEW_SUSPICIOUS_BEHAVIOUR_THREAT_DETECTED -->
<item>0x204b0018</item> <!-- ID_NEW_SUSPICIOUS_FILE_THREAT_DETECTED -->
<item>0x204b001a</item> <!-- ID_SUSPICIOUS_FILE_DELETED -->
<item>0x204b001b</item> <!-- ID_SUSPICIOUS_FILE_MOVED -->
<item>0x204b001e</item> <!-- ID_SUSPICIOUS_FILE_AUTHORISED -->
<item>0x204b001f</item> <!-- ID_SUSPICIOUS_BEHAVIOUR_AUTHORISED -->
<item>0x20500005</item> <!-- ACTION_S_RS_NOACTION -->
<item>0x20500006</item> <!-- ACTION_S_BOPS_SUSPENDED -->
<item>0x20500008</item> <!-- ACTION_S_RS_BLOCKED -->
<item>0x2050000a</item> <!-- ACTION_S_RS_KILLED -->
<item>0x204B0022</item> <!-- ID_CONTROLLED_APP_DETECTED -->
<item>0x204B0023</item> <!-- ID_CONTROLLED_APP_BLOCKED -->
<item>0x204B0024</item> <!-- ID_CONTROLLED_APP_AUTHORISED -->
<item>0x20510002</item> <!-- S_WEBSCAN_BLOCKED -->
<item>0x20520023</item> <!-- S_DC_PRESENT_DEVICE_WRITE_BLOCKED -->
<item>0x20520024</item> <!-- S_DC_PRESENT_DEVICE_READ_BLOCKED -->
<item>0x20520025</item> <!-- S_DC_ALERT_ONLY_DEVICE_WRITE_DETECTED -->
<item>0x20520026</item> <!-- S_DC_ALERT_ONLY_DEVICE_READ_DETECTED -->
<item>0x20520027</item> <!-- S_DC_PRESENT_DEVICE_DISABLED_2 -->
<item>0x20520028</item> <!-- S_DC_ALERT_ONLY_DEVICE_DETECTED_2 -->
<item>0x20540001</item> <!-- ID_DATC_FILE_COPY -->
<item>0x20540002</item> <!-- ID_DATC_FILE_MOVE -->
<item>0x20540003</item> <!-- ID_DATC_APPL_OPEN -->
<item>0x20540025</item> <!-- ID_DATC_FILE_EXTRACT -->
<item>0x20480004</item> <!-- ID_SYSTEM_STATUS_CHANGE -->
<item>0x20480005</item> <!-- ID_REMEDIAL_ACTION_REQUESTED -->
<item>0x20560003</item> <!-- ID_TP_AUTHENTICATED -->
<item>0x20560004</item> <!-- ID_TP_UNINSTALL_ATTEMPT -->
<item>0x20580002</item> <!-- S_URLSCAN_BLOCKED -->
<item>0xa025003b</item> <!-- ID_SCAN_MUST_CLEANUP_FIRST -->
<item>0xa025003c</item> <!-- ID_SMS_SCAN_ABORT_RECOVERY_MODE -->
<item>0x2051002a</item> <!-- S_LOW_REPUTATION_FILE_BLOCKED_BY_USER -->
<item>0x2051002b</item> <!-- S_LOW_REPUTATION_FILE_ALLOWED_BY_USER -->
<item>0x2051002c</item> <!-- S_LOW_REPUTATION_FILE_BLOCKED_BY_SYSTEM -->
<item>0x2051002d</item> <!-- S_LOW_REPUTATION_FILE_ALLOWED_BY_SYSTEM -->
</whiteList>
</settings>
</eeConsumer>
</consumers>
</notification>
<!--
Global TDE Processor settings
-->
<TDE>
<processors>
<ExclusionFilterProcessor>
<settings>
<exclusionList>
<item>%SystemRoot%\SYSTEM32\CONFIG\SYSTEM.ALT</item>
<item>%SystemDrive%\HIBERFIL.SYS</item>
</exclusionList>
<groups>
<item itemName="Vista">
<condition>minOSVer=600</condition>
<list>
<item>%SystemRoot%\SYSTEM32\CONFIG\REGBACK\COMPONENTS</item>
<item>%SystemRoot%\SYSTEM32\CONFIG\REGBACK\DEFAULT</item>
<item>%SystemRoot%\SYSTEM32\CONFIG\REGBACK\SAM</item>
<item>%SystemRoot%\SYSTEM32\CONFIG\REGBACK\SOFTWARE</item>
<item>%SystemRoot%\SYSTEM32\CONFIG\REGBACK\SECURITY</item>
<item>%SystemRoot%\SYSTEM32\CONFIG\REGBACK\SYSTEM</item>
<item>%SystemRoot%\SYSTEM32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb</item>
<item>%SystemRoot%\SYSTEM32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb</item>
<item>%SystemDrive%\System Volume Information\*{3808876b-c176-4e48-b7ae-04046e6cc752}</item>
</list>
</item>
<item itemName="Windows 8">
<condition>minOSVer=602</condition>
<list>
<item>%SystemDrive%\SWAPFILE.SYS</item>
</list>
</item>
</groups>
<perUser>
<item itemName="Defender">
<!-- Currently, we only use the Defender exclusions on Vista -->
<condition>defenderRealtime=1;minOSVer=600</condition>
<list>
<item>%LOCALAPPDATA%\Microsoft\Windows Defender\FileTracker\</item>
</list>
</item>
</perUser>
</settings>
</ExclusionFilterProcessor>
<VEAdapter>
<settings>
<saviOptions/>
<!-- The list of SAVI error codes that we consider normal during scans. SAVI
errors not in this list causes the VEA to set the decision to ABORTED
instead of leaving it at UNKNOWN -->
<errorList>
<item>0xa004020f</item> <!-- SOPHOS_SAVI_ERROR_NOT_SUPPORTED -->
<item>0xa0040211</item> <!-- SOPHOS_SAVI_ERROR_FILE_COMPRESSED -->
<item>0xa0040212</item> <!-- SOPHOS_SAVI_ERROR_FILE_ENCRYPTED -->
<item>0xa004021a</item> <!-- SOPHOS_SAVI_ERROR_CORRUPT -->
<item>0xa0040225</item> <!-- SOPHOS_SAVI_ERROR_PART_VOL -->
<item>0xa0040231</item> <!-- SOPHOS_SAVI_ERROR_SCAN_ABORTED -->
<item>0xa005a001</item> <!-- ID_SCANNING_SUSPENDED -->
<item>0xa005a002</item> <!-- ID_SCANNING_TIMEOUT -->
</errorList>
</settings>
</VEAdapter>
<journalProcessors>
<settings>
<enabled>true</enabled>
</settings>
</journalProcessors>
</processors>
</TDE>
<!--
Product information
-->
<productInfo>
<productName>
<object ind="0">
<item ind="0" type="marker">ResStr</item>
<item ind="1" type="unsigned">105</item>
</object>
</productName>
<productVersion major="10" minor="8" build="9" />
<productionBuild>610</productionBuild>
<productStatus>
<object ind="0">
<item ind="0" type="marker">ResStr</item>
<item ind="1" type="unsigned">106</item>
</object>
</productStatus>
<updateDate year="2004" month="01" day="01" hour="00" minute="00" second="00" />
<firstInstallDate year="2004" month="01" day="01" hour="00" minute="00" second="00" />
</productInfo>
<!--
Quarantine manager
-->
<quarantineManager>
<actions>
<user>
<disinfectBoot>false</disinfectBoot>
<disinfectFile>false</disinfectFile>
<deleteFile>false</deleteFile>
<moveFile>false</moveFile>
<authorisePUA>false</authorisePUA>
</user>
<powerUser>
<disinfectBoot>true</disinfectBoot>
<disinfectFile>true</disinfectFile>
<deleteFile>true</deleteFile>
<moveFile>true</moveFile>
<authorisePUA>true</authorisePUA>
</powerUser>
<administrator>
<disinfectBoot>true</disinfectBoot>
<disinfectFile>true</disinfectFile>
<deleteFile>true</deleteFile>
<moveFile>true</moveFile>
<authorisePUA>true</authorisePUA>
</administrator>
</actions>
<maxThreats>100</maxThreats>
</quarantineManager>
<!--
Scan Job Config Schema - for cloning to create new jobs in lower level files
-->
<scanJobSchema>
<summary id="">
<lastTimeRun/>
<lastState/>
<lastRunBy/>
<neutralisedThreats/>
<liveThreats/>
<errors/>
<itemsChecked/>
<logFilename/>
<goldenFiles/>
<threatsInGoldenFiles/>
</summary>
<scan id="" ScanType="NormalScan">
<displayInfo>
<description>
<object ind="0">
<item ind="0" type="marker">ResStr</item>
<item ind="1" type="unsigned">103</item>
</object>
</description>
</displayInfo>
<configuration>
<template>OnDemandScanTemplate</template>
<notification>
<consumers>
<item itemName="FileLog">
<settings>
<rotation/>
<filtering/>
</settings>
</item>
<item itemName="SmtpConsumer">
<settings>
<filtering/>
<messageFields>
<recipients/>
</messageFields>
</settings>
</item>
</consumers>
</notification>
<scanManager/>
<instanceManager/>
<TDE>
<processors>
<item itemName="SOCDecomposer">
<settings/>
</item>
<item itemName="RawFSDecomposer">
<settings />
</item>
<item itemName="DriveDecomposer">
<settings/>
</item>
<item itemName="FileAttributeFilter">
<settings>
<attributeList/>
</settings>
</item>
<item itemName="ExtensionFilter">
<settings>
<extensionList/>
</settings>
</item>
<item itemName="ExclusionFilterProcessor">
<settings>
<exclusionList/>
</settings>
</item>
<item itemName="FSDecomposerProcessor">
<settings></settings>
</item>
<item itemName="ScanPreprocessor">
<settings></settings>
</item>
<item itemName="VEAdapter">
<settings>
<general/>
<stopScan/>
<saviOptions/>
</settings>
</item>
<item itemName="FileOpProcessor">
<settings>
<suspiciousFiles/>
</settings>
</item>
<item itemName="ScanPostprocessor">
<settings></settings>
</item>
</processors>
</TDE>
</configuration>
<areas>
<object ind="0">
<item type="marker" ind="0">SOCollection</item>
<item type="unsigned" ind="1">0</item>
</object>
</areas>
</scan>
</scanJobSchema>
<!--
Concrete on-demand scan configurations
-->
<scanJobs/>
<!--
Scan summaries
-->
<scanSummaries/>
<!--
Scan templates
-->
<scanTemplates>
<webScanning>
<owner>BHOManager</owner>
<OnAccess>false</OnAccess>
<scanSettings>
<minimiseScanImpact>false</minimiseScanImpact>
</scanSettings>
<notification>
<consumers>
<item itemName="DesktopConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering>
<item itemName="Virus">90</item>
<item itemName="Pua">90</item>
<item itemName="SuspiciousFile">90</item>
<item itemName="ApplicationControl">90</item>
<item itemName="UserQuery">90</item>
</filtering>
</settings>
</item>
</consumers>
</notification>
<TDE>
<processors>
<item itemName="VEAdapter">
<factory>
<name>VEAdapterFactory</name>
<settings/>
</factory>
<settings>
<control>VEAdapter</control>
<UseCommonFactory>False</UseCommonFactory>
<general>
<disinfect>false</disinfect>
<mcmRemoval>false</mcmRemoval>
<reportAllThreats>false</reportAllThreats>
<scanVdlArchives>false</scanVdlArchives>
<puaRemoval>false</puaRemoval>
<sxlOverride>0</sxlOverride>
<scanSuspiciousEmail>false</scanSuspiciousEmail>
</general>
<stopScan>
<maxKClassifyLoops>0</maxKClassifyLoops>
<maxKbDecompress>0</maxKbDecompress>
<maxSubFiles>0</maxSubFiles>
<maxThreatsPerItem>1</maxThreatsPerItem>
<maxTimeToScan>300</maxTimeToScan>
<maxUpdateWaitTime>3000</maxUpdateWaitTime>
</stopScan>
<saviOptions>
<item itemName="FullSweep">
<name>FullSweep</name>
<value>0</value>
</item>
<!-- Instructs the engine to look for MAC resouce forks
This is not required as we pass the file and resource
we want checking
-->
<item itemName="OpenMacRf">
<name>OpenMacRf</name>
<value>0</value>
</item>
<!-- Instructs the engine to check for MAC and DOS viruses -->
<item itemName="NamespaceSupport">
<name>NamespaceSupport</name>
<value>1</value> <!-- do not check MAC -->
</item>
<item itemName="PuaDetection">
<name>PuaDetection</name>
<value>0</value>
</item>
<item itemName="DetectSecondaries">
<name>DetectSecondaries</name>
<value>0</value>
</item>
<!-- Currently, the ThreatAccumulation option must be enabled in order
to detect secondary PUA components. Force it off for web scanning
-->
<item itemName="ThreatAccumulation">
<name>ThreatAccumulation</name>
<value>0</value>
</item>
<!-- Enables SAVI and VE to stop scans that appear to have hung -->
<item itemName="EnableAutoStop">
<name>EnableAutoStop</name>
<value>1</value>
</item>
<item itemName="BehaviourSuspicious">
<name>BehaviourSuspicious</name>
<value>0</value>
</item>
<item itemName="SfxArchives">
<name>SfxArchives</name>
<value>1</value>
</item>
<item itemName="GrpWebArchive">
<name>GrpWebArchive</name>
<value>1</value>
</item>
<item itemName="GrpWebEncoding">
<name>GrpWebEncoding</name>
<value>1</value>
</item>
<!-- Enables VE to scan inside .Z files (not yet included in GrpWebArchive) -->
<item itemName="CmzDecompression">
<name>CmzDecompression</name>
<value>1</value>
</item>
</saviOptions>
</settings>
</item>
<item itemName="WebScanningOperations">
<factory>
<name>WebScanningProcessorFactory</name>
<settings/>
</factory>
<settings>
<mode>asOnAccess</mode>
<mimeTypeList>
<item>text/html</item>
<item>text/javascript</item>
<item>text/emcascript</item>
<item>text/vbscript</item>
<item>audio/unknown</item>
<item>image/*</item>
<item>video/*</item>
<item>application/octet-stream</item>
<item>application/javascript</item>
<item>application/x-javascript</item>
<item>application/emcascript</item>
<item>application/vbscript</item>
<item>application/xhtml</item>
<item>application/x-msdos-program</item>
<item>application/x-msdownload</item>
<item>application/x-zip-compressed</item>
<item>application/vnd.ms-htmlhelp</item>
<item>application/x-msmetafile</item>
<item>application/zip</item>
</mimeTypeList>
<contentSizeLimit>2048</contentSizeLimit>
</settings>
</item>
</processors>
</TDE>
</webScanning>
<onAccessScan>
<displayInfo>
<description>
<object ind="0">
<item ind="0" type="marker">ResStr</item>
<item ind="1" type="unsigned">102</item>
</object>
</description>
</displayInfo>
<instanceManager/>
<OnAccess>True</OnAccess>
<scanSettings>
<minimiseScanImpact>false</minimiseScanImpact>
</scanSettings>
<owner/>
<notification>
<consumers>
<item itemName="DesktopConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering>
<item itemName="Virus">90</item>
<item itemName="Pua">90</item>
<item itemName="SuspiciousFile">90</item>
<item itemName="ApplicationControl">90</item>
</filtering>
</settings>
</item>
<item itemName="SmtpConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering/>
<messageFields>
<subject>SAV message from: %MACHINE%</subject>
<recipients/>
</messageFields>
<template>User: %USERNAME%%NL%Scan: %SCAN%%NL%Machine: %MACHINE%%NL%%NL%%BODY%</template>
<sendWhenIdle>true</sendWhenIdle>
</settings>
</item>
</consumers>
</notification>
<TDE>
<processors>
<item itemName="SOCDecomposer">
<factory>
<name>SOCDecomposerFactory</name>
<settings/>
</factory>
<settings>
<control>SOCDecomposer</control>
</settings>
</item>
<item itemName="DriverOperations">
<factory>
<name>DriverOperationsFactory</name>
<settings/>
</factory>
<settings>
<control>DriverOperationsProcessor</control>
<!-- state = [true|false] -->
<running>true</running>
<!-- state = [true|false] -->
<appControlRunning>false</appControlRunning>
<!-- onReadCheck = [true|false] -->
<onReadCheck>true</onReadCheck>
<!-- onWriteCheck = [true|false] -->
<onWriteCheck>true</onWriteCheck>
<!-- onRenameCheck = [true|false] -->
<onRenameCheck>true</onRenameCheck>
<!-- checkAll = [true|false] -->
<checkAll>false</checkAll>
<!-- checkMac = [true|false] -->
<!-- Tells the driver to check a file if it is identified
as a MAC resource fork. If the option is not set MAC
resource forks will not be checked.
-->
<checkMac>false</checkMac>
<!-- blockControlledApps = [true|false] -->
<blockControlledApps>true</blockControlledApps>
<!-- allowBootSectorAccess = [true|false] -->
<allowBootSectorAccess>false</allowBootSectorAccess>
<!-- cxMailScanAllFiles = [true|false] -->
<cxMailScanAllFiles>false</cxMailScanAllFiles>
</settings>
</item>
<item itemName="DriverExtensions">
<factory>
<name>DriverExtensionsFactory</name>
<settings/>
</factory>
<settings>
<control>DriverExtensionsProcessor</control>
<extensionList/>
</settings>
</item>
<item itemName="FileExclusions">
<factory>
<name>FileExclusionsFactory</name>
<settings/>
</factory>
<settings>
<control>FileExclusionsProcessor</control>
<exclusionList/>
</settings>
</item>
<item itemName="DriveExclusions">
<factory>
<name>DriveExclusionsFactory</name>
<settings/>
</factory>
<settings>
<control>DriveExclusionsProcessor</control>
<exclusionList/>
</settings>
</item>
<item itemName="ProcessExclusions">
<factory>
<name>ProcessExclusionsFactory</name>
<settings/>
</factory>
<settings>
<control>ProcessExclusionsProcessor</control>
<exclusionList/>
</settings>
</item>
<item itemName="GeneralExclusions">
<factory>
<name>GeneralExclusionsFactory</name>
<settings/>
</factory>
<settings>
<control>GeneralExclusionsProcessor</control>
<!-- exclude MVFS by default: item 4 -->
<exclusionList>
<item>4</item>
</exclusionList>
</settings>
</item>
<item itemName="UserExclusions">
<factory>
<name>UserExclusionsFactory</name>
<settings>
<enabled>false</enabled>
</settings>
</factory>
<settings>
<control>UserExclusionsProcessor</control>
<exclusionList/>
</settings>
</item>
<item itemName="ScanPreprocessor">
<factory>
<name>ScanPreprocessorFactory</name>
<settings></settings>
</factory>
<settings>
<enabled>true</enabled>
</settings>
</item>
<item itemName="VEAdapter">
<factory>
<name>VEAdapterFactory</name>
<settings/>
</factory>
<settings>
<control>VEAdapter</control>
<UseCommonFactory>True</UseCommonFactory>
<general>
<disinfect>true</disinfect>
<mcmRemoval>true</mcmRemoval>
<reportAllThreats>false</reportAllThreats>
<scanVdlArchives>false</scanVdlArchives>
<puaRemoval>false</puaRemoval>
<sxlOverride>0</sxlOverride>
<scanSuspiciousEmail>false</scanSuspiciousEmail>
</general>
<stopScan>
<maxKClassifyLoops>0</maxKClassifyLoops>
<maxKbDecompress>0</maxKbDecompress>
<maxSubFiles>0</maxSubFiles>
<maxThreatsPerItem>1</maxThreatsPerItem>
<maxTimeToScan>0</maxTimeToScan>
<maxUpdateWaitTime>3000</maxUpdateWaitTime>
</stopScan>
<saviOptions>
<item itemName="FullSweep">
<name>FullSweep</name>
<value>0</value>
</item>
<!-- Instructs the engine to look for MAC resouce forks
This is not required as we pass the file and resource
we want checking
-->
<item itemName="OpenMacRf">
<name>OpenMacRf</name>
<value>0</value>
</item>
<!-- Instructs the engine to check for MAC and DOS viruses -->
<item itemName="NamespaceSupport">
<name>NamespaceSupport</name>
<value>1</value> <!-- do not check MAC -->
</item>
<item itemName="PuaDetection">
<name>PuaDetection</name>
<value>1</value>
</item>
<item itemName="DetectSecondaries">
<name>DetectSecondaries</name>
<value>0</value>
</item>
<!-- Currently, the ThreatAccumulation option must be enabled in order
to detect secondary PUA components. Force it off for on-access
-->
<item itemName="ThreatAccumulation">
<name>ThreatAccumulation</name>
<value>0</value>
</item>
<!-- Enables SAVI and VE to stop scans that appear to have hung -->
<item itemName="EnableAutoStop">
<name>EnableAutoStop</name>
<value>1</value>
</item>
<item itemName="BehaviourMalware">
<name>BehaviourMalware</name>
<value>1</value>
</item>
<item itemName="BehaviourSuspicious">
<name>BehaviourSuspicious</name>
<value>0</value>
</item>
<item itemName="ApplicationControl">
<name>ApplicationControl</name>
<value>0</value>
</item>
</saviOptions>
</settings>
</item>
<item itemName="FileOpProcessor">
<factory>
<name>FileOpProcessorFactory</name>
<settings/>
</factory>
<settings>
<move>false</move>
<delete>false</delete>
<infectedDir dir="common_appdata">Sophos\Sophos Anti-Virus\INFECTED</infectedDir>
<deleteMCM>true</deleteMCM>
<suspiciousFiles>
<move>false</move>
<delete>false</delete>
<infectedDir dir="common_appdata">Sophos\Sophos Anti-Virus\INFECTED</infectedDir>
</suspiciousFiles>
</settings>
</item>
<item itemName="ScanPostprocessor">
<factory>
<name>ScanPostprocessorFactory</name>
<settings/>
</factory>
<settings/>
</item>
</processors>
</TDE>
</onAccessScan>
<onDemandScan>
<instanceManager/>
<OnAccess>false</OnAccess>
<scanSettings>
<minimiseScanImpact>false</minimiseScanImpact>
</scanSettings>
<owner/>
<notification>
<consumers>
<item itemName="FileLog">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filename dir="local_appdata">Sophos\Sophos Anti-Virus\logs\OnDemandScan.txt</filename>
<locale>1024</locale>
<compression>true</compression>
<rotation>
<enabled>false</enabled>
<!-- 1 month -->
<interval>196609</interval>
<oldlogs>4</oldlogs>
<overwrite>true</overwrite>
</rotation>
<filtering>
<item itemName="Virus">60</item>
<item itemName="Pua">60</item>
<item itemName="Configuration">60</item>
<item itemName="Scanning">60</item>
<item itemName="Update">60</item>
<item itemName="Other">60</item>
<item itemName="SuspiciousFile">60</item>
<item itemName="ApplicationControl">60</item>
</filtering>
</settings>
</item>
<item itemName="SmtpConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering/>
<messageFields>
<subject>SAV message from: %MACHINE%</subject>
<recipients/>
</messageFields>
<template>User: %USERNAME%%NL%Scan: %SCAN%%NL%Machine: %MACHINE%%NL%%NL%%BODY%</template>
<sendWhenIdle>false</sendWhenIdle>
</settings>
</item>
</consumers>
</notification>
<TDE>
<processors>
<item itemName="SOCDecomposer">
<factory>
<name>SOCDecomposerFactory</name>
<settings/>
</factory>
<settings>
<control>SOCDecomposer</control>
</settings>
</item>
<item itemName="RawFSDecomposer">
<factory>
<name>ScannableRawFSFactory</name>
<settings />
</factory>
<settings>
<control>RawFSDecomposer</control>
<enabled>true</enabled>
</settings>
</item>
<item itemName="DriveDecomposer">
<factory>
<name>DriveDecomposerFactory</name>
<settings/>
</factory>
<settings>
<control>DriveDecomposer</control>
</settings>
</item>
<item itemName="FileAttributeFilter">
<factory>
<name>FileAttributeFilterFactory</name>
<settings/>
</factory>
<settings>
<attributeList>
<!-- FILE_ATTRIBUTE_OFFLINE -->
<item>0x00001000</item>
</attributeList>
</settings>
</item>
<item itemName="ExtensionFilter">
<factory>
<name>ExtensionFilterProcessorFactory</name>
<settings/>
</factory>
<settings>
<control>ExtensionFilterProcessor</control>
<extensionList/>
<extensionNone>true</extensionNone>
<scanAllFiles>false</scanAllFiles>
</settings>
</item>
<item itemName="ExclusionFilterProcessor">
<factory>
<name>ExclusionFilterProcessorFactory</name>
<settings/>
</factory>
<settings>
<control>ExclusionFilterProcessor</control>
<exclusionList/>
</settings>
</item>
<item itemName="FSDecomposerProcessor">
<factory>
<name>FSDecomposerFactory</name>
<settings/>
</factory>
<settings>
<control>FSDecomposer</control>
<maxChildren>1000</maxChildren>
<decomposeADS>false</decomposeADS>
</settings>
</item>
<item itemName="SEDScanProcessor">
<factory>
<name>SEDScanProcessorFactory</name>
<settings/>
</factory>
<settings>
</settings>
</item>
<item itemName="ScanPreprocessor">
<factory>
<name>ScanPreprocessorFactory</name>
<settings/>
</factory>
<settings>
<enabled>true</enabled>
</settings>
</item>
<item itemName="VEAdapter">
<factory>
<name>VEAdapterFactory</name>
<settings/>
</factory>
<settings>
<control>VEAdapter</control>
<UseCommonFactory>False</UseCommonFactory>
<general>
<disinfect>true</disinfect>
<mcmRemoval>true</mcmRemoval>
<reportAllThreats>false</reportAllThreats>
<scanVdlArchives>false</scanVdlArchives>
<puaRemoval>false</puaRemoval>
<sxlOverride>1</sxlOverride>
<scanSuspiciousEmail>false</scanSuspiciousEmail>
</general>
<stopScan>
<maxKClassifyLoops>0</maxKClassifyLoops>
<maxKbDecompress>0</maxKbDecompress>
<maxSubFiles>0</maxSubFiles>
<maxThreatsPerItem>250</maxThreatsPerItem>
<maxTimeToScan>0</maxTimeToScan>
<maxUpdateWaitTime>0</maxUpdateWaitTime>
</stopScan>
<saviOptions>
<item itemName="FullSweep">
<name>FullSweep</name>
<value>0</value>
</item>
<!-- Instructs the engine to check for MAC and DOS viruses -->
<item itemName="NamespaceSupport">
<name>NamespaceSupport</name>
<value>1</value> <!-- DO NOT check MAC -->
</item>
<item itemName="PuaDetection">
<name>PuaDetection</name>
<value>1</value>
</item>
<item itemName="DetectSecondaries">
<name>DetectSecondaries</name>
<value>1</value>
</item>
<!-- Currently, the ThreatAccumulation option must be enabled in order
to detect secondary PUA components
-->
<item itemName="ThreatAccumulation">
<name>ThreatAccumulation</name>
<value>1</value>
</item>
<!-- Enables SAVI and VE to stop scans that appear to have hung -->
<item itemName="EnableAutoStop">
<name>EnableAutoStop</name>
<value>1</value>
</item>
<item itemName="BehaviourMalware">
<name>BehaviourMalware</name>
<value>1</value>
</item>
<item itemName="BehaviourSuspicious">
<name>BehaviourSuspicious</name>
<value>0</value>
</item>
<item itemName="ApplicationControl">
<name>ApplicationControl</name>
<value>0</value>
</item>
</saviOptions>
</settings>
</item>
<item itemName="FileOpProcessor">
<factory>
<name>FileOpProcessorFactory</name>
<settings/>
</factory>
<settings>
<control>FileOpProcessor</control>
<move>false</move>
<delete>false</delete>
<infectedDir dir="common_appdata">Sophos\Sophos Anti-Virus\INFECTED</infectedDir>
<deleteMCM>false</deleteMCM>
<suspiciousFiles>
<move>false</move>
<delete>false</delete>
<infectedDir dir="common_appdata">Sophos\Sophos Anti-Virus\INFECTED</infectedDir>
</suspiciousFiles>
</settings>
</item>
<item itemName="ScanPostprocessor">
<factory>
<name>ScanPostprocessorFactory</name>
<settings/>
</factory>
<settings/>
</item>
</processors>
</TDE>
</onDemandScan>
<rightClickScan>
<instanceManager/>
<OnAccess>false</OnAccess>
<scanSettings>
<minimiseScanImpact>false</minimiseScanImpact>
</scanSettings>
<owner/>
<notification>
<consumers>
<item itemName="FileLog">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filename dir="local_appdata">Sophos\Sophos Anti-Virus\logs\RightClickScan.txt</filename>
<locale>1024</locale>
<compression>true</compression>
<rotation>
<enabled>false</enabled>
<!-- 1 month -->
<interval>196609</interval>
<oldlogs>4</oldlogs>
<overwrite>true</overwrite>
</rotation>
<filtering>
<item itemName="Virus">60</item>
<item itemName="Pua">60</item>
<item itemName="Configuration">60</item>
<item itemName="Scanning">60</item>
<item itemName="Update">60</item>
<item itemName="Other">60</item>
<item itemName="SuspiciousFile">60</item>
<item itemName="ApplicationControl">60</item>
</filtering>
</settings>
</item>
<item itemName="SmtpConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering/>
<messageFields>
<subject>SAV message from: %MACHINE%</subject>
<recipients/>
</messageFields>
<template>User: %USERNAME%%NL%Scan: %SCAN%%NL%Machine: %MACHINE%%NL%%NL%%BODY%</template>
<sendWhenIdle>false</sendWhenIdle>
</settings>
</item>
</consumers>
</notification>
<TDE>
<processors>
<item itemName="SOCDecomposer">
<factory>
<name>SOCDecomposerFactory</name>
<settings/>
</factory>
<settings>
<control>SOCDecomposer</control>
</settings>
</item>
<item itemName="RawFSDecomposer">
<factory>
<name>ScannableRawFSFactory</name>
<settings />
</factory>
<settings>
<control>RawFSDecomposer</control>
<enabled>false</enabled>
</settings>
</item>
<item itemName="DriveDecomposer">
<factory>
<name>DriveDecomposerFactory</name>
<settings/>
</factory>
<settings>
<control>DriveDecomposer</control>
</settings>
</item>
<item itemName="FileAttributeFilter">
<factory>
<name>FileAttributeFilterFactory</name>
<settings/>
</factory>
<settings>
<attributeList>
<!-- FILE_ATTRIBUTE_OFFLINE -->
<item>0x00001000</item>
</attributeList>
</settings>
</item>
<item itemName="ExtensionFilter">
<factory>
<name>ExtensionFilterProcessorFactory</name>
<settings/>
</factory>
<settings>
<control>ExtensionFilterProcessor</control>
<extensionList/>
<extensionNone>true</extensionNone>
<scanAllFiles>true</scanAllFiles>
</settings>
</item>
<item itemName="ExclusionFilterProcessor">
<factory>
<name>ExclusionFilterProcessorFactory</name>
<settings/>
</factory>
<settings>
<control>ExclusionFilterProcessor</control>
<exclusionList/>
</settings>
</item>
<item itemName="FSDecomposerProcessor">
<factory>
<name>FSDecomposerFactory</name>
<settings/>
</factory>
<settings>
<control>FSDecomposer</control>
<maxChildren>1000</maxChildren>
<decomposeADS>false</decomposeADS>
</settings>
</item>
<item itemName="SEDScanProcessor">
<factory>
<name>SEDScanProcessorFactory</name>
<settings/>
</factory>
<settings>
</settings>
</item>
<item itemName="ScanPreprocessor">
<factory>
<name>ScanPreprocessorFactory</name>
<settings/>
</factory>
<settings>
<enabled>true</enabled>
</settings>
</item>
<item itemName="VEAdapter">
<factory>
<name>VEAdapterFactory</name>
<settings/>
</factory>
<settings>
<control>VEAdapter</control>
<UseCommonFactory>False</UseCommonFactory>
<general>
<disinfect>false</disinfect>
<mcmRemoval>false</mcmRemoval>
<reportAllThreats>false</reportAllThreats>
<scanVdlArchives>true</scanVdlArchives>
<puaRemoval>false</puaRemoval>
<sxlOverride>0</sxlOverride>
<scanSuspiciousEmail>false</scanSuspiciousEmail>
</general>
<stopScan>
<maxKClassifyLoops>0</maxKClassifyLoops>
<maxKbDecompress>0</maxKbDecompress>
<maxSubFiles>0</maxSubFiles>
<maxThreatsPerItem>250</maxThreatsPerItem>
<maxTimeToScan>0</maxTimeToScan>
<maxUpdateWaitTime>0</maxUpdateWaitTime>
</stopScan>
<saviOptions>
<item itemName="FullSweep">
<name>FullSweep</name>
<value>0</value>
</item>
<!-- Instructs the engine to check for MAC and DOS viruses -->
<item itemName="NamespaceSupport">
<name>NamespaceSupport</name>
<value>1</value> <!-- DO NOT check MAC -->
</item>
<item itemName="PuaDetection">
<name>PuaDetection</name>
<value>1</value>
</item>
<item itemName="DetectSecondaries">
<name>DetectSecondaries</name>
<value>1</value>
</item>
<!-- Currently, the ThreatAccumulation option must be enabled in order
to detect secondary PUA components
-->
<item itemName="ThreatAccumulation">
<name>ThreatAccumulation</name>
<value>1</value>
</item>
<!-- Enables SAVI and VE to stop scans that appear to have hung -->
<item itemName="EnableAutoStop">
<name>EnableAutoStop</name>
<value>1</value>
</item>
<item itemName="BehaviourMalware">
<name>BehaviourMalware</name>
<value>1</value>
</item>
<item itemName="BehaviourSuspicious">
<name>BehaviourSuspicious</name>
<value>0</value>
</item>
<item itemName="ApplicationControl">
<name>ApplicationControl</name>
<value>0</value>
</item>
</saviOptions>
</settings>
</item>
<item itemName="FileOpProcessor">
<factory>
<name>FileOpProcessorFactory</name>
<settings/>
</factory>
<settings>
<control>FileOpProcessor</control>
<move>false</move>
<delete>false</delete>
<infectedDir dir="common_appdata">Sophos\Sophos Anti-Virus\INFECTED</infectedDir>
<deleteMCM>false</deleteMCM>
<suspiciousFiles>
<move>false</move>
<delete>false</delete>
<infectedDir dir="common_appdata">Sophos\Sophos Anti-Virus\INFECTED</infectedDir>
</suspiciousFiles>
</settings>
</item>
<item itemName="ScanPostprocessor">
<factory>
<name>ScanPostprocessorFactory</name>
<settings/>
</factory>
<settings/>
</item>
</processors>
</TDE>
</rightClickScan>
<sipsMessaging>
<instanceManager/>
<OnAccess>False</OnAccess>
<scanSettings>
<minimiseScanImpact>false</minimiseScanImpact>
</scanSettings>
<owner>SIPSManager</owner>
<notification>
<consumers>
<item itemName="DesktopConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering>
<item itemName="Virus">90</item>
<item itemName="SuspiciousFile">90</item>
<item itemName="SuspiciousBehaviour">90</item>
</filtering>
</settings>
</item>
<item itemName="SmtpConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering/>
<messageFields>
<subject>SAV message from: %MACHINE%</subject>
<recipients/>
</messageFields>
<template>User: %USERNAME%%NL%Machine: %MACHINE%%NL%%NL%%BODY%</template>
<sendWhenIdle>true</sendWhenIdle>
</settings>
</item>
</consumers>
</notification>
</sipsMessaging>
<swiMessaging>
<instanceManager/>
<OnAccess>False</OnAccess>
<scanSettings>
<minimiseScanImpact>false</minimiseScanImpact>
</scanSettings>
<owner>SWIManager</owner>
<notification>
<consumers>
<item itemName="DesktopConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering>
<item itemName="Virus">60</item>
</filtering>
</settings>
</item>
</consumers>
</notification>
</swiMessaging>
<dataControl>
<instanceManager/>
<OnAccess>False</OnAccess>
<scanSettings>
<minimiseScanImpact>false</minimiseScanImpact>
</scanSettings>
<owner>DataControlManager</owner>
<notification>
<consumers>
<item itemName="DesktopConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering>
<item itemName="Internal">50</item>
<item itemName="DataControl">90</item>
<item itemName="UserQuery">90</item>
</filtering>
</settings>
</item>
<item itemName="FileLog">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filename dir="common_appdata">Sophos\Sophos Data Control\logs\DataControl.txt</filename>
<locale>2048</locale>
<compression>true</compression>
<rotation>
<enabled>true</enabled>
<!-- 1 month -->
<interval>196609</interval>
<oldlogs>4</oldlogs>
<overwrite>false</overwrite>
</rotation>
<filtering>
<item itemName="DataControl">70</item>
</filtering>
</settings>
</item>
<item itemName="SmtpConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filtering>
<item itemName="DataControl">101</item>
</filtering>
<messageFields>
<subject>Message from: %MACHINE%</subject>
<recipients/>
</messageFields>
<template>A data control policy was infringed on machine %MACHINE% by logged on user %USERNAME%.%NL%%NL%%BODY%</template>
<sendWhenIdle>true</sendWhenIdle>
</settings>
</item>
</consumers>
</notification>
</dataControl>
<deviceControl>
<instanceManager />
<OnAccess>False</OnAccess>
<scanSettings>
<minimiseScanImpact>false</minimiseScanImpact>
</scanSettings>
<owner>DCManager</owner>
<notification>
<consumers>
<item itemName="DesktopConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters />
</factory>
<settings>
<filtering>
<item itemName="DeviceControl">90</item>
</filtering>
</settings>
</item>
<item itemName="FileLog">
<factory>
<name>ConsumerFactory</name>
<parameters />
</factory>
<settings>
<filename dir="common_appdata">Sophos\Sophos Device Control\logs\DeviceControl.txt</filename>
<locale>2048</locale>
<compression>true</compression>
<rotation>
<enabled>true</enabled>
<!-- 1 month -->
<interval>196609</interval>
<oldlogs>4</oldlogs>
<overwrite>false</overwrite>
</rotation>
<filtering>
<item itemName="DeviceControl">60</item>
</filtering>
</settings>
</item>
<item itemName="SmtpConsumer">
<factory>
<name>ConsumerFactory</name>
<parameters />
</factory>
<settings>
<filtering>
<item itemName="DeviceControl">101</item>
</filtering>
<messageFields>
<subject>Message from: %MACHINE%</subject>
<recipients/>
</messageFields>
<!-- TODO: Text of message below TBD -->
<template>A device control event occurred on machine %MACHINE% when user %USERNAME% was logged on.%NL%%NL%%BODY%</template>
<sendWhenIdle>true</sendWhenIdle>
</settings>
</item>
</consumers>
</notification>
</deviceControl>
<tamperProtection>
<instanceManager/>
<OnAccess>False</OnAccess>
<scanSettings>
<minimiseScanImpact>false</minimiseScanImpact>
</scanSettings>
<owner>TamperProtectionManager</owner>
<notification>
<consumers>
<item itemName="FileLog">
<factory>
<name>ConsumerFactory</name>
<parameters/>
</factory>
<settings>
<filename dir="common_appdata">Sophos\Sophos Tamper Protection\logs\TamperProtection.txt</filename>
<locale>2048</locale>
<compression>true</compression>
<rotation>
<enabled>true</enabled>
<!-- 1 month -->
<interval>196609</interval>
<oldlogs>4</oldlogs>
<overwrite>false</overwrite>
</rotation>
<filtering>
<item itemName="TamperProtection">60</item>
</filtering>
</settings>
</item>
</consumers>
</notification>
</tamperProtection>
</scanTemplates>
<UserDefinedMessage>
<!-- Text of the user-defined message. Empty by default -->
<messageText></messageText>
<messageTextAppC></messageTextAppC>
</UserDefinedMessage>
<disabledDeviceListManager>
<alertOnlyDevices/>
<disabledDevices/>
</disabledDeviceListManager>
<deviceControlManager>
<wirelessConnections>
<application itemName="Bluetooth interfaces">
<name>Bluetooth interfaces</name>
<guids>
<item>{95C7A0A0-3094-11D7-A202-00508B9D7D5A}</item>
<item>{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}</item>
<item>{7240100F-6512-4548-8418-9EBB5C6A1A94}</item>
<item>{F12D3CF8-B11D-457E-8641-BE2AF2D6D204}</item>
<item>{E36BAC78-0FEA-4175-816B-CBC56B5AFB75}</item>
<item>{A173B237-6A34-4BB5-AA63-2561160FA200}</item>
</guids>
</application>
<application itemName="IrDA (Infrared) interfaces">
<name>IrDA (Infrared) interfaces</name>
<guids>
<item>{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}</item>
</guids>
</application>
<application itemName="WiFi interfaces">
<name>WiFi interfaces</name>
<guids>
<item>{4D36E972-E325-11CE-BFC1-08002BE10318}</item>
</guids>
</application>
<application itemName="Modem interfaces">
<name>Modem interfaces</name>
<guids>
<item>{4D36E96D-E325-11CE-BFC1-08002BE10318}</item> <!-- Standard Modem Class -->
<item>{C5400281-A674-11D3-83BC-0040339A353A}</item> <!-- Alcatel SpeedTouch USB Modem Class -->
</guids>
</application>
</wirelessConnections>
<storageDevices>
<application itemName="CD/DVD drives">
<name>CD/DVD drives</name>
<guids>
<item>{4D36E965-E325-11CE-BFC1-08002BE10318}</item>
</guids>
</application>
<application itemName="Floppy disk drives">
<name>Floppy disk drives</name>
<guids>
<item>{4D36E980-E325-11CE-BFC1-08002BE10318}</item>
</guids>
</application>
<application itemName="Removable drives">
<name>Removable drives</name>
<guids>
<item>{4D36E967-E325-11CE-BFC1-08002BE10318}</item>
</guids>
</application>
<application itemName="Hardware encrypted removable drives">
<name>Hardware encrypted removable drives</name>
<guids>
<item>{4D36E967-E325-11CE-BFC1-08002BE10318}</item>
<item>{4D36E965-E325-11CE-BFC1-08002BE10318}</item>
</guids>
</application>
</storageDevices>
<mediaDevices>
<application itemName="Media Transfer Protocol devices">
<name>Media Transfer Protocol devices</name>
<guids>
<item>{EEC5AD98-8080-425F-922A-DABF3DE3F69A}</item>
<item>{36FC9E60-C465-11CF-8056-444553540000}</item>
<item>{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}</item>
</guids>
</application>
</mediaDevices>
<whiteList>
<item>SCSI\CDROM&VEN_VXDV&PROD_DVD-RAM_DVDR_S95&REV_9.00\</item>
<item>SCSI\CDROM&VEN_VXDV&PROD_DVD-ROM_DVDR_S90&REV_9.00\</item>
</whiteList>
<compositeDeviceParentList>
<!--HardwareID: CMS CE Secure Vault (Admin and non admin)-->
<item>USB\Vid_1dfa&Pid_3337&Rev_0110</item>
<item>USB\Vid_1dfa&Pid_e337&Rev_0110&MI_01</item>
<!--HardwareID: CMS CE Secure Vault FIPS (Admin and non admin)-->
<item>USB\VID_1dfa&PID_3537&REV_0110</item>
<item>USB\Vid_1dfa&Pid_e537&Rev_0110&MI_01</item>
<!--HardwareID: Giesecke & Devrient Portable Security Token -->
<item>USB\VID_1059&PID_0021&REV_0110&MI_00</item>
<!--HardwareID: Giesecke & Devrient SafeBox FIPS (Admin and non admin)-->
<item>USB\VID_1059&PID_0024&REV_0110</item>
<item>USB\VID_1059&PID_0025&REV_0110&MI_01</item>
<!--HardwareID: Giesecke & Devrient SafeToGo-->
<item>USB\VID_1059&PID_0020&REV_0110&MI_00</item>
<!--HardwareID: Iron Key secure flash 1,4GB basic edition-->
<item>USB\Vid_1953&Pid_1001&Rev_011></item>
<!--C HardwareID: Iron Key secure flash 1,4GB basic edition-->
<item>USB\Vid_1953&Pid_1001&Rev_012></item>
<item>USB\Vid_1953&Pid_1001&Rev_013></item>
<item>USB\Vid_1953&Pid_1001&Rev_014></item>
<!--HardwareID: Iron key trusted access 2GB-->
<item>USB\Vid_1953&Pid_0203&Rev_020<</item>
<!--C HardwareID: Iron key trusted access 2GB-->
<item>USB\Vid_1953&Pid_0203&Rev_021<</item>
<item>USB\Vid_1953&Pid_0203&Rev_022<</item>
<item>USB\Vid_1953&Pid_0203&Rev_023<</item>
<!--HardwareID: Iron Key S200 Basic 1GB -->
<item>USB\Vid_1953&Pid_0201&Rev_0208</item>
<!--HardwareID: Iron Key S200 Basic 4GB -->
<item>USB\Vid_1953&Pid_0201&Rev_0202</item>
<!--HardwareID: Iron Key S200 and D200 Enterprise -->
<item>USB\Vid_1953&Pid_0203&Rev_020;</item>
<!--C HardwareID: Iron Key S200 and D200 Enterprise -->
<item>USB\Vid_1953&Pid_0203&Rev_021;</item>
<item>USB\Vid_1953&Pid_0203&Rev_022;</item>
<item>USB\Vid_1953&Pid_0203&Rev_023;</item>
<!--C HardwareID: IronKey S100 Enterprise 2GB -->
<item>USB\Vid_1953&Pid_1001&Rev_0139</item>
<!--HardwareID: Iron Key D200-S04-4FIPS -->
<item>USB\Vid_1953&Pid_0203&Rev_020=</item>
<!--C HardwareID: Iron Key S200 & D200 Basic -->
<item>USB\Vid_1953&Pid_0201&Rev_020;</item>
<item>USB\Vid_1953&Pid_0201&Rev_021;</item>
<item>USB\Vid_1953&Pid_0201&Rev_022;</item>
<item>USB\Vid_1953&Pid_0201&Rev_023;</item>
<!-- HardwareID: Iron Key D200 Basic -->
<item>USB\Vid_1953&Pid_0201&Rev_020=</item>
<!--HardwareID: Iron Key S200 Personal 2GB -->
<item>USB\Vid_1953&Pid_0202&Rev_0208</item>
<!--C HardwareID: Iron Key S200 Personal 2GB (non admin)-->
<item>USB\Vid_1953&Pid_0202&Rev_020=</item>
<!--C HardwareID: Iron Key S200 Personal -->
<item>USB\Vid_1953&Pid_0202&Rev_020;</item>
<item>USB\Vid_1953&Pid_0202&Rev_021;</item>
<item>USB\Vid_1953&Pid_0202&Rev_022;</item>
<item>USB\Vid_1953&Pid_0202&Rev_023;</item>
<!--HardwareID: Iron Key D250 Enterprise 4GB -->
<item>USB\Vid_0718&Pid_07b3&Rev_0402&MI_00</item>
<!--HardwareID: Iron Key D250 Enterprise 4GB, 8GB, 16GB, 32GB, 64GB (Admin and non admin) -->
<item>USB\Vid_0718&Pid_07b3&Rev_0405&MI_00</item>
<item>USB\Vid_0718&Pid_07b3&Rev_0405&MI_01</item>
<!--HardwareID: Iron Key D250 Enterprise 2GB (Admin and non admin) -->
<item>USB\VID_0718&PID_07B1&REV_0405&MI_00</item>
<item>USB\VID_0718&PID_07B1&REV_0405&MI_01</item>
<!--HardwareID: Iron Key D250 Enterprise 2GB (Admin and non admin) -->
<item>USB\VID_0718&PID_07B1&REV_0405&MI_00</item>
<item>USB\VID_0718&PID_07B1&REV_0405&MI_01</item>
<!--HardwareID: Iron Key D80 4gb, 8gb, 16gb (Admin and Non Admin) -->
<item>USB\VID_0718&PID_0686&REV_0110</item>
<!--HardwareID: Iron Key S1000 4gb, 8gb, 32gb, 64gb, 128gb (Admin and Non Admin) -->
<item>USB\VID_0718&PID_1014&REV_0305</item>
<!--HardwareID: Iron Key 500gb, 1tb (Admin and Non Admin) -->
<item>USB\VID_0718&PID_1012&REV_0100</item>
<!--HardwareID: Iron Key DataLocker H200 500GB (Admin and non admin)-->
<item>USB\VID_0718&PID_2220&REV_0100</item>
<!--HardwareID: Iron Key DataLocker Basic H350 500GB (Admin and non admin)-->
<item>USB\VID_0718&PID_1015&REV_0100</item>
<!--HardwareID: Iron Key D300 Managed 4GB (Admin and non admin)-->
<item>USB\VID_0951&PID_153B&REV_0100</item>
<!--HardwareID: Iron Key D300 4GB (Admin and non admin)-->
<item>USB\VID_0951&PID_1539&REV_0100</item>
<!--HardwareID: Iron Key Enterprise D250 2GB (Admin and non admin)-->
<item>USB\VID_0951&PID_07B3&REV_0405</item>
<item>USB\VID_0951&PID_07B3&REV_0405&MI_00</item>
<!--HardwareID: Iron Key Basic D250 4GB (Admin and non admin)-->
<item>USB\VID_0951&PID_07B1&REV_0405</item>
<item>USB\VID_0951&PID_07B1&REV_0405&MI_00</item>
<!--HardwareID: Iron Key Basic S1000 4GB (Admin and non admin)-->
<item>USB\VID_0951&PID_1013&REV_0305</item>
<!--HardwareID: Iron Key Enterprise S1000 4GB (Admin and non admin)-->
<item>USB\VID_0951&PID_1014&REV_0305</item>
<!--HardwareID: manual Iron Key D250 Enterprise 4GB (Admin and non admin) -->
<item>USB\VID_0951&PID_07B1&REV_0405</item>
<item>USB\VID_0951&PID_07B1&REV_0405&MI_01</item>
<item>USB\VID_0951&PID_07B1&REV_0405&MI_00</item>
<!--HardwareID: Verbatim Secure'n'Go Micro 8GB (Admin and non admin)-->
<item>USB\Vid_18a5&Pid_0306&Rev_0110</item>
<item>USB\Vid_18a5&Pid_e306&Rev_0110&MI_01</item>
<!--HardwareID: Integral Crypto AES 8GB + Integral Courier AES 2GB + Verbatim Secure'n'Go 4-16GB (Admin and non admin)-->
<item>USB\Vid_13fe&Pid_e327&Rev_0110</item>
<item>USB\Vid_13fe&Pid_e327&Rev_0110&MI_01</item>
<!--HardwareID: Integral Courier Dual FIPS 197 AES USB 3.0 8GB (Admin and non admin)-->
<item>USB\VID_26BD&PID_9917&REV_0110</item>
<!--HardwareID: SDMS SecureDriveS (Admin and non admin)-->
<item>USB\Vid_13fe&Pid_1e27&Rev_0110</item>
<item>USB\Vid_13fe&Pid_ee27&Rev_0110&MI_01</item>
<!--HardwareID: Integral HI-SPEED USB 2.0 Flash Drive 2GB (Admin and non admin)-->
<item>USB\Vid_13fe&Pid_3327&Rev_0110</item>
<item>USB\Vid_13fe&Pid_e327&Rev_0110&MI_01</item>
<!--HardwareID: Integral Crypto FIPS 140-2 2GB PC + MAC + Dual Edition (Admin and non admin)-->
<item>USB\Vid_13fe&Pid_3527&Rev_0110</item>
<item>USB\Vid_13fe&Pid_e527&Rev_0110&MI_01</item>
<!--HardwareID: Kingston DataTraveler BlackBox -->
<item>USB\Vid_0781&Pid_5542&Rev_0200</item>
<!--C HardwareID: Kingston DataTraveler Secure privacy edition -->
<item>USB\Vid_08ec&Pid_204A&Rev_0200</item>
<!--HardwareID: Kingston DataTraveler VAULT privacy edition,2GB, 8GB (Admin and non admin)-->
<item>USB\Vid_0951&Pid_160d&Rev_0110</item>
<item>USB\Vid_0951&Pid_0002&Rev_0110&MI_01</item>
<!--HardwareID: Kingston DataTraveler 4000 (Admin and non admin)-->
<item>USB\VID_0951&PID_1633&REV_0110</item>
<item>USB\VID_0951&PID_0009&REV_0110&MI_01</item>
<item>USB\Vid_0951&Pid_1507&Rev_0110</item>
<item>USB\Vid_0951&Pid_001a&Rev_0110</item>
<item>USB\Vid_0951&Pid_001a&Rev_0110&MI_00</item>
<item>USB\Vid_0951&Pid_001a&Rev_0110&MI_01</item>
<!--HardwareID: Kingston DataTraveler 4000 G2 and 4GB USB Device -->
<item>USB\VID_0951&PID_1508&REV_0100</item>
<!--HardwareID: Kingston DataTraveler 5000 (Admin and non admin)-->
<item>USB\VID_0951&PID_1622&REV_0400</item>
<item>USB\VID_0951&PID_1622&REV_0400&MI_00</item>
<!--HardwareID: Kingston DataTraveler 6000 (Admin and non admin)-->
<item>USB\VID_0951&PID_1683&REV_0400&MI_00</item>
<item>USB\VID_0951&PID_0009&REV_0110&MI_01</item>
<!--C HardwareID: Kingston DataTraveler Locker+ 16GB-->
<item>USB\VID_0951&PID_1629&REV_0110</item>
<!--HardwareID: Kingston DataTraveler Locker+ G2 8GB (Admin and non admin)-->
<item>USB\VID_0951&PID_1690&REV_0110</item>
<item>USB\VID_0951&PID_000d&REV_0110&MI_01</item>
<!-- HardwareID: Kingston DataTraveler Locker+ G3 16GB (Admin and non admin) -->
<item>USB\VID_0951&PID_169D&REV_0110</item>
<item>USB\VID_0951&PID_0018&REV_0110&MI_00</item>
<item>USB\VID_1951&PID_169D&REV_0110</item>
<!--HardwareID: Kingston DataTraveler 4000 Managed 4GB (Admin and non admin)-->
<item>USB\VID_0951&PID_152F&REV_0100</item>
<!--HardwareID: Kingston DataTraveler 2000 16GB (Admin and non admin)-->
<item>USB\VID_2009&PID_16AF&REV_1119</item>
<item>USB\VID_2009&PID_16AF&REV_1111</item>
<!--HardwareID: Kingston DataTraveler Vault Privacy 3.0 Managed 4GB (Admin and non admin)-->
<item>USB\VID_0951&PID_152E&REV_0110</item>
<!--HardwareID: Kingston Iron Key D250 Enterprise 2GB (Admin and non admin) -->
<item>USB\VID_0951&PID_07B3&REV_0405&MI_00</item>
<item>USB\VID_0951&PID_07B3&REV_0405&MI_01</item>
<!--HardwareID: SanDisk Cruzer Enterprise USB2.0 1,4GB 24MB/s (Admin and non admin)-->
<item>USB\Vid_08ec&Pid_0506&Rev_0200</item>
<item>USB\Vid_08ec&Pid_0014&Rev_0200&MI_01</item>
<!--HardwareID: SanDisk Cruzer Enterprise FIPS Edition 4GB (Admin and non admin)-->
<item>USB\Vid_0781&Pid_554c&Rev_0200</item>
<item>USB\Vid_0781&Pid_0014&Rev_0200&MI_01</item>
<!--HardwareID: SanDisk Cruzer Enterprise 1GB -->
<item>USB\Vid_0781&Pid_555a&Rev_0200</item>
<item>USB\Vid_0781&Pid_0014&Rev_0200&MI_01</item>
<!--HardwareID: SanDisk Cruzer Enterprise FIPS Edition 1GB -->
<item>USB\Vid_0781&Pid_5E18&Rev_0200</item>
<item>USB\Vid_0781&Pid_0014&Rev_0200&MI_01</item>
<!--HardwareID: SafeStick Business 512MB (Admin and non admin)-->
<item>USB\Vid_1dfa&Pid_1e27&Rev_0110</item>
<item>USB\Vid_1dfa&Pid_ee27&Rev_0110&MI_01</item>
<!--HardwareID: SafeStick V4 (Admin and non admin)-->
<item>USB\Vid_1dfa&Pid_3327&Rev_0110</item>
<item>USB\Vid_1dfa&Pid_e327&Rev_0110&MI_01</item>
<!--HardwareID: SafeStick 2GB V4.1.0.0 (Admin and non admin)-->
<item>USB\VID_1dfa&PID_3527&REV_0110</item>
<item>USB\Vid_1dfa&Pid_e527&Rev_0110&MI_01</item>
<!--HardwareID: JetFlash 210 1GB -->
<item>USB\VID_1307&PID_1169&REV_0100</item>
<!--HardwareID: Kanguru Defender Elite 2GB (Admin and non admin)-->
<item>USB\Vid_1e1d&Pid_5111&Rev_0110</item>
<item>USB\Vid_1e1d&Pid_e111&Rev_0110&MI_01</item>
<!--HardwareID: Kanguru Defender Basic and V2 2GB-->
<item>USB\Vid_1e1d&Pid_5101&Rev_0110</item>
<item>USB\Vid_1e1d&Pid_e101&Rev_0110&MI_01</item>
<!--HardwareID: Kanguru Defender V2 8GB (Admin and non admin) -->
<item>USB\Vid_1e1d&Pid_5102&Rev_0110</item>
<item>USB\Vid_1e1d&Pid_e102&Rev_0110&MI_00</item>
<!-- HardwareID: KanGuru Defender 2000 4GB (Admin and non admin) -->
<item>USB\VID_1E1D&PID_2000&REV_0110</item>
<!--HardwareID: Kanguru Defender Elite 30 8GB -->
<item>USB\VID_1E1D&PID_5104&REV_0110</item>
<!--HardwareID: Kanguru Defender Elite 300 4GB -->
<item>USB\VID_1E1D&PID_3111&REV_0100</item>
<!--HardwareID: Kanguru Defender 3000 4GB -->
<item>USB\VID_1E1D&PID_3100&REV_0100</item>
<!--HardwareID: Kanguru Defender HDD 128GB -->
<item>USB\VID_1E1D&PID_6000&REV_0001</item>
<!--C HardwareID: MXI Security Stealth M600 -->
<item>USB\Vid_124c&Pid_0007&Rev_0100</item>
<!-- HardwareID: McAfee Encrypted USB 2GB -->
<item>USB\VID_1A4B&PID_4003&REV_0100</item>
<!--C HardwareID: I-O DATA EasyDisk Enc3 USB Device (Admin and non admin)-->
<item>USB\Vid_04bb&Pid_0ca1&Rev_0110</item>
<item>USB\Vid_04bb&Pid_eca1&Rev_0110&MI_01</item>
<!--HardwareID: I-O DATA ED-V3 Series USB Device -->
<item>USB\Vid_04bb&Pid_0caa&Rev_0110</item>
<!--HardwareID: I-O DATA EasyDisk Secure3 USB Device -->
<item>USB\Vid_04bb&Pid_0ca0&Rev_0110</item>
<!--HardwareID: I-O DATA ED-SC3 Series USB Device -->
<item>USB\Vid_04bb&Pid_0cbd&Rev_0110</item>
<!--HardwareID: I-O DATA ED-CCV Series USB Device -->
<item>USB\Vid_04bb&Pid_0caf&Rev_0110</item>
<!--HardwareID: I-O DATA ED-SV3 Series USB Device -->
<item>USB\Vid_04bb&Pid_0cab&Rev_0110</item>
<!--HardwareID: I-O DATA ED-V3C Series USB Device -->
<item>USB\Vid_04bb&Pid_0ccf&Rev_0110</item>
<!--HardwareID: DataLocker Sentry FIPS 140-2 USB Device -->
<item>USB\VID_230A&PID_2100&REV_0110</item>
<!--HardwareID: DataLocker Sentry 3 FIPS 4GB (Admin and non admin)-->
<item>USB\VID_230A&PID_1512&REV_0100</item>
<!--HardwareID: DataLocker Sentry EMS 4GB (Admin and non admin)-->
<item>USB\VID_230A&PID_1513&REV_0100</item>
<!--HardwareID: DataLocker H300 500GB (Admin and non admin)-->
<item>USB\VID_230A&PID_1011&REV_0100</item>
<!--HardwareID: DataLocker DL3 500GB (Admin and non admin)-->
<item>USB\VID_230A&PID_1180&REV_0001</item>
<!--HardwareID: DataLocker DL3 FIPS Edition 500GB (Admin and non admin)-->
<item>USB\VID_230A&PID_1181&REV_0001</item>
<!--HardwareID: Imation Basic D250 USB Device -->
<item>USB\VID_0718&PID_07B1&REV_0404&MI_00</item>
<!--HardwareID: Kingston DataTraveler Vault Privacy 3.0 USB Device -->
<item>USB\VID_0951&PID_1505&REV_0110</item>
<!--HardwareID: Ctwo SafeXs 3.0 USB Device -->
<item>USB\VID_1DFA&PID_58C7&REV_0110</item>
<!--HardwareID: SafeToGo STG2-M USB Device (Admin and non-admin) -->
<item>USB\VID_1DFA&PID_58D7&REV_0110</item>
<item>USB\VID_1DFA&PID_E8D7&REV_0110&MI_00</item>
<!--HardwareID: LOK-IT Series USB Device -->
<item>USB\VID_2099&PID_0308&Rev_1000</item>
<!--HardwareID: iStorage Datashure 2.1 USB Device -->
<item>USB\VID_2009&PID_5032&REV_1000</item>
<!--HardwareID: Verbatim Secure Pro USB 32 GB (Admin and non-admin) -->
<item>USB\VID_0BDA&PID_0184&REV_8413</item>
<item>USB\VID_18A5&PID_024C&REV_0110</item>
<!--HardwareID: Apricorn SecureKey 3z (Admin and non-admin) -->
<item>USB\VID_0984&PID_1409&REV_0401</item>
<!--HardwareID: Datalocker H300 500gb Rev 111 -->
<item>USB\VID_230A&PID_1011&REV_0111</item>
<!--HardwareID: DataLocker Sentry ONE-M -->
<item>USB\VID_230A&PID_1550&REV_0100</item>
<!--HardwareID: Kanguru - Defender Elite 200 (Admin and non admin)-->
<item>USB\VID_1E1D&PID_1000&REV_0110</item>
<!--HardwareID: Kingston Iron Key D300S-->
<item>USB\VID_0951&PID_1560&Rev_0100</item>
<item>USB\VID_0984&PID_0311&REV_0401</item>
<!--HardwareID: Padlock S 3.0 -->
<item>USB\VID_0984&PID_0311&REV_0305</item>
<!--HardwareID: Padlock S 3.0 -->
<item>USB\VID_0984&PID_0311&REV_0502</item>
<!--HardwareID: Padlock S 3.0 -->
<item>USB\VID_0984&PID_0311&REV_0506</item>
<!--HardwareID: Padlock Pro -->
<item>USB\VID_0984&PID_0095&REV_0401</item>
<!--HardwareID: Padlock Pro -->
<item>USB\VID_0984&PID_0095&REV_0305</item>
<!--HardwareID: Padlock Pro -->
<item>USB\VID_0984&PID_0095&REV_0502</item>
<!--HardwareID: Padlock Pro -->
<item>USB\VID_0984&PID_0095&REV_0506</item>
<!--HardwareID: Padlock 3.0 -->
<item>USB\VID_0984&PID_0310&REV_0401</item>
<!--HardwareID: Padlock 3.0 -->
<item>USB\VID_0984&PID_0310&REV_0305</item>
<!--HardwareID: Padlock 3.0 -->
<item>USB\VID_0984&PID_0310&REV_0502</item>
<!--HardwareID: Padlock 3.0 -->
<item>USB\VID_0984&PID_0310&REV_0506</item>
<!--HardwareID: Padlock DT 3.0 -->
<item>USB\VID_0984&PID_0315&REV_0401</item>
<!--HardwareID: Padlock DT 3.0 -->
<item>USB\VID_0984&PID_0315&REV_0305</item>
<!--HardwareID: Padlock DT 3.0 -->
<item>USB\VID_0984&PID_0315&REV_0502</item>
<!--HardwareID: Padlock DT 3.0 -->
<item>USB\VID_0984&PID_0315&REV_0506</item>
<!--HardwareID: Padlock DT 3.0 -->
<item>USB\VID_0984&PID_0315&REV_0402</item>
<!--HardwareID: Apricorn FIPS Mod 140-2 (Fortress) -->
<item>USB\VID_0984&PID_1400&REV_0213</item>
<!--HardwareID: Apricorn FIPS Mod 140-2 (Fortress) -->
<item>USB\VID_0984&PID_1400&REV_0217</item>
<!--HardwareID: Apricorn FIPS Mod 140-2 (Fortress) -->
<item>USB\VID_0984&PID_1400&REV_0401</item>
<!--HardwareID: Apricorn FIPS Mod 140-2 (Fortress) -->
<item>USB\VID_0984&PID_1400&REV_0506</item>
<!--HardwareID: Aegis Secure Key -->
<item>USB\VID_0984&PID_0330&REV_1000</item>
<!--HardwareID: iStorage FIPS Mod 140-2 -->
<item>USB\VID_0984&PID_1403&REV_0213</item>
<!--HardwareID: iStorage FIPS Mod 140-2 -->
<item>USB\VID_0984&PID_1403&REV_0217</item>
<!--HardwareID: iStorage FIPS Mod 140-2 -->
<item>USB\VID_0984&PID_1403&REV_0401</item>
<!--HardwareID: iStorage FIPS Mod 140-2 -->
<item>USB\VID_0984&PID_1403&REV_0506</item>
<!--HardwareID: iStorage FIPS Mod 140-2 for DT -->
<item>USB\VID_0984&PID_1404&REV_0217</item>
<!--HardwareID: iStorage FIPS Mod 140-2 for DT -->
<item>USB\VID_0984&PID_1404&REV_0401</item>
<!--HardwareID: iStorage FIPS Mod 140-2 for DT -->
<item>USB\VID_0984&PID_1404&REV_0402</item>
<!--HardwareID: iStorage FIPS Mod 140-2 for DT -->
<item>USB\VID_0984&PID_1404&REV_0506</item>
<!--HardwareID: Aegis Padlock SSD -->
<item>USB\VID_0984&PID_1405&REV_0213</item>
<!--HardwareID: Aegis Padlock SSD -->
<item>USB\VID_0984&PID_1405&REV_0217</item>
<!--HardwareID: Aegis Padlock SSD -->
<item>USB\VID_0984&PID_1405&REV_0401</item>
<!--HardwareID: Aegis Padlock SSD -->
<item>USB\VID_0984&PID_1405&REV_0506</item>
<!--HardwareID: Aegis FIPS DT -->
<item>USB\VID_0984&PID_1406&REV_0217</item>
<!--HardwareID: Aegis FIPS DT -->
<item>USB\VID_0984&PID_1406&REV_0401</item>
<!--HardwareID: Aegis FIPS DT -->
<item>USB\VID_0984&PID_1406&REV_0402</item>
<!--HardwareID: Aegis FIPS DT -->
<item>USB\VID_0984&PID_1406&REV_0506</item>
<!--HardwareID: ASK3 -->
<item>USB\VID_0984&PID_1407&REV_0306</item>
<!--HardwareID: ASK3 -->
<item>USB\VID_0984&PID_1407&REV_0308</item>
<!--HardwareID: ASK3 -->
<item>USB\VID_0984&PID_1407&REV_0401</item>
<!--HardwareID: Apricorn Fortress L3 -->
<item>USB\VID_0984&PID_1408&REV_0502</item>
<!--HardwareID: Apricorn Fortress L3 -->
<item>USB\VID_0984&PID_1408&REV_0506</item>
<!--HardwareID: ASK3z -->
<item>USB\VID_0984&PID_1409&REV_0401</item>
<!--HardwareID: ASK3 NX -->
<item>USB\VID_0984&PID_1410&REV_0441</item>
<!--HardwareID: ASK3 NX -->
<item>USB\VID_0984&PID_1410&REV_0442</item>
<!--HardwareID: ASK3 Dominion -->
<item>USB\VID_0984&PID_0322&REV_0306</item>
<!--HardwareID: ASK3 Dominion -->
<item>USB\VID_0984&PID_0322&REV_0308</item>
<!--HardwareID: ASK3 Dominion -->
<item>USB\VID_0984&PID_0322&REV_0401</item>
</compositeDeviceParentList>
</deviceControlManager>
</configuration>