C:\Program Files (x86)\ossec-agent\ossec.log

gistfile1.txt

2023/08/05 11:02:50 wazuh-agent: INFO: Starting new log after rotation.
2023/08/05 11:02:51 wazuh-agent: INFO: Agent is now online. Process unlocked, continuing...
2023/08/05 11:02:51 wazuh-agent: ERROR: Could not get message for (Application)
2023/08/05 11:02:51 wazuh-agent: ERROR: Could not get message for (Application)
2023/08/05 11:02:51 wazuh-agent: INFO: Agent is now online. Process unlocked, continuing...
2023/08/05 11:02:51 rootcheck: INFO: Starting rootcheck scan.
2023/08/05 11:02:51 wazuh-agent: INFO: Agent is now online. Process unlocked, continuing...
2023/08/05 11:02:51 wazuh-agent: ERROR: Could not get message for (Application)
2023/08/05 11:02:51 wazuh-agent: ERROR: Could not get message for (Application)
2023/08/05 11:02:51 wazuh-agent: ERROR: Could not get message for (Application)
2023/08/05 11:02:52 sca: INFO: Evaluation finished for policy 'C:\Program Files (x86)\ossec-agent\ruleset\sca\cis_win11_enterprise.yml'
2023/08/05 11:02:52 sca: INFO: Security Configuration Assessment scan finished. Duration: 11 seconds.
2023/08/05 11:02:52 sca: WARNING: Interval overtaken.
2023/08/05 11:02:52 sca: INFO: Starting Security Configuration Assessment scan.
2023/08/05 11:02:52 sca: INFO: Starting evaluation of policy: 'C:\Program Files (x86)\ossec-agent\ruleset\sca\cis_win11_enterprise.yml'
2023/08/05 11:02:56 rootcheck: INFO: Ending rootcheck scan.
2023/08/05 11:03:01 sca: INFO: Evaluation finished for policy 'C:\Program Files (x86)\ossec-agent\ruleset\sca\cis_win11_enterprise.yml'
2023/08/05 11:03:01 sca: INFO: Security Configuration Assessment scan finished. Duration: 9 seconds.
2023/08/05 11:03:12 wazuh-agent: INFO: (6009): File integrity monitoring scan ended.
2023/08/05 11:03:19 wazuh-agent: ERROR: Could not get message for (Application)
2023/08/05 11:03:26 wazuh-agent: ERROR: Could not get message for (Application)
2023/08/05 11:03:32 wazuh-agent: ERROR: Could not get message for (Application)
2023/08/05 11:04:02 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2023/08/05 11:05:05 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2023/08/05 11:05:13 wazuh-agent: ERROR: Could not get message for (Application)
2023/08/05 11:10:50 wazuh-agent: ERROR: Connection socket: An existing connection was forcibly closed by the remote host. (10054)
2023/08/05 11:10:50 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2023/08/05 11:10:50 wazuh-agent: INFO: Closing connection to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:10:51 wazuh-agent: INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:01 wazuh-agent: INFO: Closing connection to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:01 wazuh-agent: INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:11 wazuh-agent: INFO: Closing connection to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:11 wazuh-agent: INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:21 wazuh-agent: INFO: Closing connection to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:21 wazuh-agent: INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:31 wazuh-agent: INFO: Closing connection to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:31 wazuh-agent: INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:31 wazuh-agent: INFO: Requesting a key from server: wazuh.skywalker.net.au
2023/08/05 11:11:31 wazuh-agent: INFO: No authentication password provided
2023/08/05 11:11:31 wazuh-agent: INFO: Using agent name as: Skywalker-Tower
2023/08/05 11:11:31 wazuh-agent: INFO: Waiting for server reply
2023/08/05 11:11:31 wazuh-agent: ERROR: Duplicate agent name: Skywalker-Tower (from manager)
2023/08/05 11:11:31 wazuh-agent: ERROR: Unable to add agent (from manager)
2023/08/05 11:11:41 wazuh-agent: WARNING: (4101): Waiting for server reply (not started). Tried: 'wazuh.skywalker.net.au'.
2023/08/05 11:11:41 wazuh-agent: WARNING: Unable to connect to any server.
2023/08/05 11:11:41 wazuh-agent: INFO: Closing connection to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:41 wazuh-agent: INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:51 wazuh-agent: INFO: Closing connection to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:51 wazuh-agent: INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:51 wazuh-agent: INFO: (4102): Connected to the server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:11:51 wazuh-agent: INFO: Server responded. Releasing lock.
2023/08/05 11:55:50 wazuh-agent: ERROR: (1137): Lost connection with manager. Setting lock.
2023/08/05 11:55:50 wazuh-agent: INFO: Closing connection to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:55:50 wazuh-agent: INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:55:52 wazuh-agent: ERROR: (1216): Unable to connect to '[159.196.3.177]:1514/tcp': 'No connection could be made because the target machine actively refused it.'.
2023/08/05 11:56:02 wazuh-agent: INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:56:02 wazuh-agent: INFO: (4102): Connected to the server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 11:56:02 wazuh-agent: INFO: Server responded. Releasing lock.
2023/08/05 12:02:10 wazuh-agent: INFO: Received exit signal. Starting exit process.
2023/08/05 12:02:10 wazuh-agent: INFO: Set pending exit signal.
2023/08/05 12:02:10 wazuh-modulesd:syscollector: INFO: Stop received for Syscollector.
2023/08/05 12:02:10 wazuh-modulesd:syscollector: INFO: Module finished.
2023/08/05 12:02:10 wazuh-agent: INFO: Exit completed successfully.
2023/08/05 12:02:10 wazuh-agent: INFO: (1314): Shutdown received. Deleting responses.
2023/08/05 12:02:10 wazuh-agent: CRITICAL: (2302): Invalid definition for windows.debug: '2 '.
2023/08/05 12:02:10 wazuh-agent: INFO: Received exit signal. Starting exit process.
2023/08/05 12:02:10 wazuh-agent: INFO: Set pending exit signal.
2023/08/05 12:02:10 wazuh-agent: INFO: Exit completed successfully.
2023/08/05 12:03:14 wazuh-agent: CRITICAL: (2302): Invalid definition for windows.debug: '2 '.
2023/08/05 12:03:14 wazuh-agent: INFO: Received exit signal. Starting exit process.
2023/08/05 12:03:14 wazuh-agent: INFO: Set pending exit signal.
2023/08/05 12:03:14 wazuh-agent: INFO: Exit completed successfully.
2023/08/05 12:07:09 wazuh-agent: CRITICAL: (2302): Invalid definition for windows.debug: '2 '.
2023/08/05 12:07:09 wazuh-agent: INFO: Received exit signal. Starting exit process.
2023/08/05 12:07:09 wazuh-agent: INFO: Set pending exit signal.
2023/08/05 12:07:09 wazuh-agent: INFO: Exit completed successfully.
2023/08/05 12:07:35 wazuh-agent: CRITICAL: (2302): Invalid definition for windows.debug: '2 '.
2023/08/05 12:07:35 wazuh-agent: INFO: Received exit signal. Starting exit process.
2023/08/05 12:07:35 wazuh-agent: INFO: Set pending exit signal.
2023/08/05 12:07:35 wazuh-agent: INFO: Exit completed successfully.
2023/08/05 12:09:17 wazuh-agent[44100] debug_op.c:70 at _log(): DEBUG: Logging module auto-initialized
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Program Files (x86)\ossec-agent\wazuh-agent.exe
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Program Files (x86)\ossec-agent\wazuh-agent.exe' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\SYSTEM32\ntdll.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\SYSTEM32\ntdll.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\KERNEL32.DLL
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\KERNEL32.DLL' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\KERNELBASE.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\KERNELBASE.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\ADVAPI32.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\ADVAPI32.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\msvcrt.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\msvcrt.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\sechost.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\sechost.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\RPCRT4.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\RPCRT4.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\CRYPT32.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\CRYPT32.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\ucrtbase.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\ucrtbase.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\PSAPI.DLL
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\PSAPI.DLL' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\SHLWAPI.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\SHLWAPI.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\USER32.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\USER32.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\win32u.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\win32u.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Program Files (x86)\ossec-agent\libwinpthread-1.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Program Files (x86)\ossec-agent\libwinpthread-1.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\GDI32.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\GDI32.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\gdi32full.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\gdi32full.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\msvcp_win.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\msvcp_win.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\WINTRUST.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\WINTRUST.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\WS2_32.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\System32\WS2_32.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\SYSTEM32\wevtapi.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\SYSTEM32\wevtapi.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:533 at verify_hash_and_pe_signature(): DEBUG: Hash verification succeeded for 'C:\Windows\SYSTEM32\WSOCK32.DLL'
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\SYSTEM32\WSOCK32.DLL' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Program Files (x86)\ossec-agent\libwazuhext.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Program Files (x86)\ossec-agent\libwazuhext.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\SYSTEM32\MSASN1.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:53 at loaded_modules_verification(): DEBUG: The file 'C:\Windows\SYSTEM32\MSASN1.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Program Files (x86)\ossec-agent\libgcc_s_dw2-1.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Program Files (x86)\ossec-agent\libgcc_s_dw2-1.dll' is signed and its signature is valid.
2023/08/05 12:09:17 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Program Files (x86)\ossec-agent\libstdc++-6.dll
2023/08/05 12:09:17 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Program Files (x86)\ossec-agent\libstdc++-6.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Program Files (x86)\ossec-agent\sysinfo.dll
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Program Files (x86)\ossec-agent\sysinfo.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-agent[44100] win_utils.c:104 at local_start(): DEBUG: Reading agent configuration.
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:533 at verify_hash_and_pe_signature(): DEBUG: Hash verification succeeded for 'C:\Windows\system32\OnDemandConnRouteHelper.dll'
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Windows\system32\OnDemandConnRouteHelper.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:99 at dll_notification(): DEBUG: Unloaded: 'C:\Windows\system32\OnDemandConnRouteHelper.dll'
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:219 at os_read_agent_profile(): DEBUG: Calling os_read_agent_profile().
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:238 at os_read_agent_profile(): DEBUG: os_read_agent_profile() = [windows, windows10]
2023/08/05 12:09:32 wazuh-agent[44100] config.c:424 at ReadConfig(): DEBUG: agent_config element does not have any attributes.
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:219 at os_read_agent_profile(): DEBUG: Calling os_read_agent_profile().
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:238 at os_read_agent_profile(): DEBUG: os_read_agent_profile() = [windows, windows10]
2023/08/05 12:09:32 wazuh-agent[44100] config.c:424 at ReadConfig(): DEBUG: agent_config element does not have any attributes.
2023/08/05 12:09:32 wazuh-agent[44100] win_utils.c:129 at local_start(): INFO: Using notify time: 10 and max time to reconnect: 60
2023/08/05 12:09:32 wazuh-agent[44100] win_utils.c:136 at local_start(): DEBUG: Reading logcollector configuration.
2023/08/05 12:09:32 wazuh-agent[44100] config.c:81 at LogCollectorConfig(): DEBUG: The maximum number of files to monitor cannot exceed 200 in Windows, so it will be limited.
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:219 at os_read_agent_profile(): DEBUG: Calling os_read_agent_profile().
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:238 at os_read_agent_profile(): DEBUG: os_read_agent_profile() = [windows, windows10]
2023/08/05 12:09:32 wazuh-agent[44100] config.c:424 at ReadConfig(): DEBUG: agent_config element does not have any attributes.
2023/08/05 12:09:32 wazuh-agent[44100] win_utils.c:155 at local_start(): INFO: (1410): Reading authentication keys file.
2023/08/05 12:09:32 wazuh-agent[44100] execd.c:539 at WinExecdStart(): INFO: Started (pid: 44100).
2023/08/05 12:09:32 wazuh-agent[44100] buffer.c:75 at buffer_init(): DEBUG: Agent buffer created.
2023/08/05 12:09:32 wazuh-agent[44100] win_utils.c:227 at local_start(): DEBUG: Creating thread mutex.
2023/08/05 12:09:32 wazuh-agent[44100] state.c:50 at state_main(): DEBUG: State file updating thread started.
2023/08/05 12:09:32 wazuh-agent[44100] state.c:78 at write_state(): DEBUG: Updating state file.
2023/08/05 12:09:32 wazuh-agent[44100] msgs.c:83 at OS_StartCounter(): DEBUG: OS_StartCounter: keysize: 1
2023/08/05 12:09:32 wazuh-agent[44100] msgs.c:125 at OS_StartCounter(): DEBUG: Assigning counter for agent Skywalker-Tower: '59:1166'.
2023/08/05 12:09:32 wazuh-agent[44100] msgs.c:120 at OS_StartCounter(): DEBUG: Assigning sender counter: 13:1694
2023/08/05 12:09:32 wazuh-agent[44100] rotate_log.c:44 at w_rotate_log_thread(): DEBUG: Log rotating thread started.
2023/08/05 12:09:32 wazuh-agent[44100] config.c:33 at Read_Syscheck_Config(): DEBUG: (6287): Reading configuration file: 'ossec.conf'
2023/08/05 12:09:32 wazuh-agent[44100] msgs.c:140 at OS_StartCounter(): DEBUG: Stored counter.
2023/08/05 12:09:32 wazuh-agent[44100] start_agent.c:234 at w_agentd_keys_init(): INFO: Using AES as encryption method.
2023/08/05 12:09:32 wazuh-agent[44100] start_agent.c:86 at connect_server(): INFO: Trying to connect to server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 12:09:32 wazuh-agent[44100] syscheck-config.c:2421 at process_option_regex(): DEBUG: Found ignore regex node .log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$
2023/08/05 12:09:32 wazuh-agent[44100] syscheck-config.c:2428 at process_option_regex(): DEBUG: Found ignore regex node .log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$ OK?
2023/08/05 12:09:32 wazuh-agent[44100] syscheck-config.c:2429 at process_option_regex(): DEBUG: Found ignore regex size 0
2023/08/05 12:09:32 wazuh-agent[44100] config.c:41 at Read_Syscheck_Config(): DEBUG: (6208): Reading Client Configuration [ossec.conf]
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:219 at os_read_agent_profile(): DEBUG: Calling os_read_agent_profile().
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:238 at os_read_agent_profile(): DEBUG: os_read_agent_profile() = [windows, windows10]
2023/08/05 12:09:32 wazuh-agent[44100] config.c:424 at ReadConfig(): DEBUG: agent_config element does not have any attributes.
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:219 at os_read_agent_profile(): DEBUG: Calling os_read_agent_profile().
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:238 at os_read_agent_profile(): DEBUG: os_read_agent_profile() = [windows, windows10]
2023/08/05 12:09:32 wazuh-agent[44100] start_agent.c:352 at agent_handshake_to_server(): INFO: (4102): Connected to the server ([wazuh.skywalker.net.au]:1514/tcp).
2023/08/05 12:09:32 wazuh-agent[44100] config.c:424 at ReadConfig(): DEBUG: agent_config element does not have any attributes.
2023/08/05 12:09:32 rootcheck[44100] rootcheck.c:224 at rootcheck_init(): INFO: Started (pid: 44100).
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\comfile', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\comfile'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\exefile', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] notify.c:135 at run_notify(): DEBUG: Sending agent notification.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\exefile'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\piffile', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\piffile'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\Directory', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\Directory'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Policies [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Policies'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Policies', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Policies'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Security', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Security'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components [x64]', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:172 at Start_win32_Syscheck(): INFO: (6002): Monitoring registry entry: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components', with options 'size | permissions | owner | group | mtime | hash_md5 | hash_sha1 | hash_sha256'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:176 at Start_win32_Syscheck(): DEBUG: (6356): Maximum file size limit to generate diff information configured to '51200 KB' for 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\programdata\microsoft\windows\start menu\programs\startup', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | realtime'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\windows', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | scheduled'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\windows\sysnative', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | scheduled'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\windows\sysnative\drivers\etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | scheduled'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\windows\sysnative\wbem', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | scheduled'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\windows\sysnative\windowspowershell\v1.0', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | scheduled'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\windows\system32', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | scheduled'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\windows\system32\drivers\etc', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | scheduled'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\windows\system32\wbem', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | scheduled'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:186 at Start_win32_Syscheck(): INFO: (6003): Monitoring path: 'c:\windows\system32\windowspowershell\v1.0', with options 'size | permissions | owner | group | mtime | inode | hash_md5 | hash_sha1 | hash_sha256 | attributes | scheduled'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:204 at Start_win32_Syscheck(): DEBUG: (6357): Maximum disk quota size limit configured to '1048576 KB'.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:213 at Start_win32_Syscheck(): INFO: (6206): Ignore 'file' entry 'c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:218 at Start_win32_Syscheck(): INFO: (6207): Ignore 'file' sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:32 wazuh-agent[44100] wmodules-osquery-monitor.c:78 at wm_osquery_monitor_read(): DEBUG: Logpath read: C:\Program Files\osquery\log\osqueryd.results.log
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\Security\Policy\Secrets'
2023/08/05 12:09:32 wazuh-agent[44100] wmodules-osquery-monitor.c:84 at wm_osquery_monitor_read(): DEBUG: configPath read: C:\Program Files\osquery\osquery.conf
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\AppCs'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\DHCP'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn'
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:219 at os_read_agent_profile(): DEBUG: Calling os_read_agent_profile().
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut'
2023/08/05 12:09:32 wazuh-agent[44100] agent_op.c:238 at os_read_agent_profile(): DEBUG: os_read_agent_profile() = [windows, windows10]
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap'
2023/08/05 12:09:32 wazuh-agent[44100] config.c:424 at ReadConfig(): DEBUG: agent_config element does not have any attributes.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PolicyAgent\Parameters\Cache'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx'
2023/08/05 12:09:32 wazuh-modulesd:agent-upgrade[44100] wm_agent_upgrade_agent.c:96 at wm_agent_upgrade_start_agent_module(): INFO: (8153): Module Agent Upgrade started.
2023/08/05 12:09:32 sca[44100] wm_sca.c:151 at wm_sca_main(): INFO: Module started.
2023/08/05 12:09:32 wazuh-modulesd:osquery[44100] wm_osquery_monitor.c:605 at wm_osquery_monitor_main(): INFO: Module disabled. Exiting...
2023/08/05 12:09:32 wazuh-agent[44100] logcollector.c:222 at LogCollectorStart(): INFO: Windows version is 6.0 or newer. (Microsoft Windows 11 Pro [Ver: 10.0.22621.2070] - Wazuh v4.4.5).
2023/08/05 12:09:32 wazuh-modulesd:ciscat[44100] wm_ciscat.c:1502 at wm_ciscat_check(): INFO: Module disabled. Exiting...
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:223 at Start_win32_Syscheck(): INFO: (6206): Ignore 'registry' entry 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ADOVMPPackage\Final'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:228 at Start_win32_Syscheck(): INFO: (6207): Ignore 'registry' sregex '\Enum$'
2023/08/05 12:09:32 wazuh-agent[44100] syscheck.c:259 at Start_win32_Syscheck(): INFO: Started (pid: 44100).
2023/08/05 12:09:32 wazuh-agent[44100] notify.c:204 at run_notify(): DEBUG: Sending keep alive: #!-Microsoft Windows 11 Pro [Ver: 10.0.22621.2070] - Wazuh v4.4.5 / ab73af41699f13fdd81903b5f23d8d00
4a8724b20dee0124ff9656783c490c4e merged.mg
#"_agent_ip":2403:580A:6EAB:0000:0000:0000:0000:1F7C

2023/08/05 12:09:32 sca[44100] wm_sca.c:190 at wm_sca_main(): INFO: Loaded policy 'C:\Program Files (x86)\ossec-agent\ruleset\sca\cis_win11_enterprise.yml'
2023/08/05 12:09:32 sca[44100] wm_sca.c:328 at wm_sca_start(): INFO: Starting Security Configuration Assessment scan.
2023/08/05 12:09:32 wazuh-agent[44100] logcollector.c:237 at LogCollectorStart(): DEBUG: Entering LogCollectorStart().
2023/08/05 12:09:32 wazuh-agent[44100] logcollector.c:279 at LogCollectorStart(): INFO: (1951): Analyzing event log: 'Application'.
2023/08/05 12:09:32 wazuh-agent[44100] logcollector.c:279 at LogCollectorStart(): INFO: (1951): Analyzing event log: 'Security'.
2023/08/05 12:09:32 wazuh-agent[44100] logcollector.c:279 at LogCollectorStart(): INFO: (1951): Analyzing event log: 'System'.
2023/08/05 12:09:32 wazuh-agent[44100] logcollector.c:1228 at set_read(): DEBUG: Socket target for 'active-response\active-responses.log' -> agent
2023/08/05 12:09:32 wazuh-agent[44100] logcollector.c:379 at LogCollectorStart(): INFO: (1950): Analyzing file: 'active-response\active-responses.log'.
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Program Files (x86)\ossec-agent\dbsync.dll
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Program Files (x86)\ossec-agent\dbsync.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Program Files (x86)\ossec-agent\rsync.dll
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Program Files (x86)\ossec-agent\rsync.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-agent[44100] run_check.c:502 at set_priority_windows_thread(): DEBUG: (6320): Setting process priority to: '10'
2023/08/05 12:09:32 wazuh-agent[44100] run_check.c:256 at start_daemon(): INFO: (6000): Starting daemon...
2023/08/05 12:09:32 wazuh-agent[44100] run_check.c:259 at start_daemon(): INFO: (6010): File integrity monitoring scan frequency: 43200 seconds
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:139 at fim_scan(): INFO: (6008): File integrity monitoring scan started.
2023/08/05 12:09:32 wazuh-agent[44100] run_check.c:127 at send_syscheck_msg(): DEBUG: (6321): Sending FIM event: {"type":"scan_start","data":{"timestamp":1691201372}}
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:146 at fim_scan(): DEBUG: (6348): Size of 'queue/diff' folder: 0.00000 KB.
2023/08/05 12:09:32 wazuh-agent[44100] syscheck_op.c:853 at process_ace_info(): DEBUG: No information could be extracted from the account linked to the SID. Error: 1332.
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Program Files (x86)\ossec-agent\syscollector.dll
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Program Files (x86)\ossec-agent\syscollector.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:163 at wm_sys_main(): DEBUG: Starting Syscollector.
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:117 at wm_sys_log_config(): DEBUG: {"syscollector":{"disabled":"no","scan-on-start":"yes","interval":3600,"network":"yes","os":"yes","hardware":"yes","packages":"yes","ports":"yes","ports_all":"no","processes":"yes","hotfixes":"yes","sync_max_eps":10}}
2023/08/05 12:09:32 sca[44100] wm_sca.c:443 at wm_sca_read_files(): DEBUG: Calculating hash for policy file 'C:\Program Files (x86)\ossec-agent\ruleset\sca\cis_win11_enterprise.yml'
2023/08/05 12:09:32 wazuh-agent[44100] receiver.c:97 at receive_msg(): DEBUG: Received message: '#!-agent ack '
2023/08/05 12:09:32 sca[44100] wm_sca.c:1000 at wm_sca_do_scan(): DEBUG: Beginning evaluation of check Requirements check 'Check that the Windows platform is Windows 11'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1001 at wm_sca_do_scan(): DEBUG: Rule aggregation strategy for this check is 'all'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1002 at wm_sca_do_scan(): DEBUG: Initial rule-aggregator value por this type of rule is '1'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1003 at wm_sca_do_scan(): DEBUG: Beginning rules evaluation.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1028 at wm_sca_do_scan(): DEBUG: Considering rule: 'r:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion -> ProductName -> r:^Windows 10'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1037 at wm_sca_do_scan(): DEBUG: Rule after variable expansion: 'r:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion -> ProductName -> r:^Windows 10'
2023/08/05 12:09:32 sca[44100] wm_sca.c:2165 at wm_sca_test_key(): DEBUG: Checking 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' in the 64BIT subsystem.
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:99 at wm_sys_log(): INFO: Module started.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'SystemRoot' != 'ProductName': Skipping value.
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:99 at wm_sys_log(): INFO: Starting evaluation.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'BaseBuildRevisionNumber' != 'ProductName': Skipping value.
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Starting hardware scan
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'BuildBranch' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'BuildGUID' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'BuildLab' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'BuildLabEx' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'CompositionEditionID' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'CurrentBuild' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'CurrentBuildNumber' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'CurrentMajorVersionNumber' != 'ProductName': Skipping value.
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Ending hardware scan
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'CurrentMinorVersionNumber' != 'ProductName': Skipping value.
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Starting os scan
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'CurrentType' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'CurrentVersion' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'DisplayVersion' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'EditionID' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'EditionSubManufacturer' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'EditionSubstring' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'EditionSubVersion' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'InstallationType' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2311 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'InstallDate' != 'ProductName': Skipping value.
2023/08/05 12:09:32 sca[44100] wm_sca.c:2315 at wm_sca_winreg_querykey(): DEBUG: Considering value 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -> 'ProductName' == 'ProductName': Value found.
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Ending os scan
2023/08/05 12:09:32 sca[44100] wm_sca.c:2369 at wm_sca_winreg_querykey(): DEBUG: Checking value data 'Windows 10 Pro' with rule 'r:^Windows 10'
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Starting network scan
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (r:^Windows 10)(Windows 10 Pro) -> 1
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (r:^Windows 10)(Windows 10 Pro) -> 1
2023/08/05 12:09:32 sca[44100] wm_sca.c:1232 at wm_sca_do_scan(): DEBUG: Result for rule 'r:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion -> ProductName -> r:^Windows 10': 1
2023/08/05 12:09:32 sca[44100] wm_sca.c:1255 at wm_sca_do_scan(): DEBUG: Result for check Requirements check 'Check that the Windows platform is Windows 11' -> 1
2023/08/05 12:09:32 sca[44100] wm_sca.c:488 at wm_sca_read_files(): INFO: Starting evaluation of policy: 'C:\Program Files (x86)\ossec-agent\ruleset\sca\cis_win11_enterprise.yml'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1000 at wm_sca_do_scan(): DEBUG: Beginning evaluation of check id: 26000 'Ensure 'Enforce password history' is set to '24 or more password(s)'.'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1001 at wm_sca_do_scan(): DEBUG: Rule aggregation strategy for this check is 'all'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1002 at wm_sca_do_scan(): DEBUG: Initial rule-aggregator value por this type of rule is '1'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1003 at wm_sca_do_scan(): DEBUG: Beginning rules evaluation.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1028 at wm_sca_do_scan(): DEBUG: Considering rule: 'c:net.exe accounts -> n:Length of password history maintained:\s+(\d+) compare >= 24'
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\system32\napinsp.dll
2023/08/05 12:09:32 sca[44100] wm_sca.c:1037 at wm_sca_do_scan(): DEBUG: Rule after variable expansion: 'c:net.exe accounts -> n:Length of password history maintained:\s+(\d+) compare >= 24'
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Windows\system32\napinsp.dll' is signed and its signature is valid.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1142 at wm_sca_do_scan(): DEBUG: Running command: 'net.exe accounts'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1637 at wm_sca_read_command(): DEBUG: Executing command 'net.exe accounts', and testing output with pattern 'n:Length of password history maintained:\s+(\d+) compare >= 24'
2023/08/05 12:09:32 rootcheck[44100] run_rk_check.c:105 at run_rk_check(): INFO: Starting rootcheck scan.
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:533 at verify_hash_and_pe_signature(): DEBUG: Hash verification succeeded for 'C:\Windows\system32\pnrpnsp.dll'
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Windows\system32\pnrpnsp.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Ending network scan
2023/08/05 12:09:32 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Starting packages scan
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\SYSTEM32\ntmarta.dll
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Windows\SYSTEM32\ntmarta.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1195 at fim_check_ignore(): DEBUG: (6204): Ignoring 'file' 'c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini' due to 'c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\addins' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\appcompat' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\apppatch' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\appreadiness' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\assembly' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\bcastdvr' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\bfsvc.exe' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\bitlockerdiscoveryvolumecontents' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\boot' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\bootstat.dat' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\branding' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\browsercore' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\cbstemp' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\containers' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\csc' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\cursors' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\debug' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\diagnostics' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\diagtrack' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\digitallocker' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\downloaded program files' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\dtcinstall.log' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\elambkup' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\en-gb' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\en-us' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\explorer.exe' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\firmware' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\fonts' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\gamebarpresencewriter' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\globalization' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:536 at verify_hash_and_pe_signature(): DEBUG: PE signature verification succeeded for C:\Windows\System32\winrnr.dll
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\help' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Windows\System32\winrnr.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\helppane.exe' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\hh.exe' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\identitycrl' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\ime' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\immersivecontrolpanel' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\inboxapps' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\inf' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\inputmethod' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\installer' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\invcol.tmp' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\l2schemas' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\languageoverlaycache' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\livekernelreports' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\logs' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\lsasetup.log' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\media' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\mib.bin' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\microsoft.net' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\migration' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\modemlogs' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\notepad.exe' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\ocr' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\offline web pages' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\panther' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:533 at verify_hash_and_pe_signature(): DEBUG: Hash verification succeeded for 'C:\Windows\system32\wshbth.dll'
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Windows\system32\wshbth.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\performance' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\pfro.log' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\pla' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\policydefinitions' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\prefetch' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\printdialog' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\provisioning' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] cryptography.c:533 at verify_hash_and_pe_signature(): DEBUG: Hash verification succeeded for 'C:\Windows\system32\nlansp_c.dll'
2023/08/05 12:09:32 wazuh-agent[44100] dll_load_notify.c:93 at dll_notification(): DEBUG: The file 'C:\Windows\system32\nlansp_c.dll' is signed and its signature is valid.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\registration' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\remotepackages' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\rescache' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\resources' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\rtlexupd.dll' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\schcache' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\schemas' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\security' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\serviceprofiles' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\servicestate' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\servicing' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\setup' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\setupact.log' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\setuperr.log' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\shellcomponents' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\shellexperiences' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\skb' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\softwaredistribution' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\speech' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\speech_onecore' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\splwow64.exe' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysmon64.exe' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysmondrv.sys' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] logcollector.c:430 at LogCollectorStart(): INFO: Started (pid: 44100).
2023/08/05 12:09:32 wazuh-agent[44100] logcollector.c:431 at LogCollectorStart(): DEBUG: (1961): Files being monitored: 4/200.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\systemapps' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\systemresources' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\systemtemp' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\syswow64' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\tapi' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\tasks' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\temp' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\tracing' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\twain_32' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\twain_32.dll' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\uus' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\vss' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\waas' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\web' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\windowsshell.manifest' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\windowsupdate.log' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:32 rootcheck[44100] check_rc_policy.c:38 at check_rc_winmalware(): DEBUG: Starting on check_rc_winmalware
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\winhlp32.exe' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Ginwui Backdoor {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\winsxs' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\zsyhide.dll'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\wmsyspr9.prx' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\write.exe' due to restriction 'regedit.exe$|system.ini$|win.ini$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\zsyhide.dll'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\wumodels' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\{43b0ec9b-765a-4ae6-aec4-1b6e37f09cf0}' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\{81a90b85-0d95-4278-b662-eaad1455247b}' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\zsydll.dll'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\zsydll.dll'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zsydll'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Wargbot Backdoor {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\wgareg.exe'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\wgareg.exe'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wgareg'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Sober Worm {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\nonzipsr.noz'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\nonzipsr.noz'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\clonzips.ssc'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\clonzips.ssc'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\clsobern.isc'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\clsobern.isc'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\sb2run.dii'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\sb2run.dii'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\winsend32.dal'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\winsend32.dal'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\winroot64.dal'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\winroot64.dal'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\zippedsr.piz'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\zippedsr.piz'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\winexerun.dal'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\winexerun.dal'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\winmprot.dal'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1643 at wm_sca_read_command(): DEBUG: Command 'net.exe accounts' returned code 0
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\winmprot.dal'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\dgssxy.yoi'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\dgssxy.yoi'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(Maximum password age (days):                          42) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\cvqaikxt.apk'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(Maximum password age (days):                          42) -> 0
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\cvqaikxt.apk'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(Minimum password length:                              0) -> 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\aeinv.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(Minimum password length:                              0) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\sysmms32.lla'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\agentwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\agentwmiuninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\sysmms32.lla'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\appbackgroundtask.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(Length of password history maintained:                None) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\appbackgroundtask.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(Length of password history maintained:                None) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Odin-Anon.Ger'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\appbackgroundtask_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\attestationwmiprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(Lockout threshold:                                    10) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Odin-Anon.Ger'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(Lockout threshold:                                    10) -> 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\attestationwmiprovider_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Hotword Trojan {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\auditrsop.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\_'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(Lockout duration (minutes):                           10) -> 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\authfwcfg.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(Lockout duration (minutes):                           10) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\autorecover' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\_'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\bcd.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(Lockout observation window (minutes):                 10) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\bthmtpenum.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(Lockout observation window (minutes):                 10) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\explore.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\cimdmtf.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\cimwin32.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\explore.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\cimwin32.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(Computer role:                                        WORKSTATION) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(Computer role:                                        WORKSTATION) -> 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ciwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\ svchost.exe'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\classlog.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\cli.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(The command completed successfully.) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\ svchost.exe'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(The command completed successfully.) -> 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\cliegaliases.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ddp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\mmsystem.dlx'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(EMPTY_LINE) -> 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dimsjob.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(EMPTY_LINE) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dimsroam.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Length of password history maintained:\s+(\d+)'. Partial comparison: '>= 24'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\mmsystem.dlx'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Length of password history maintained:\s+(\d+)'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dmwmibridgeprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Length of password history maintained:\s+(\d+) compare >= 24)(EMPTY_LINE) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dmwmibridgeprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Length of password history maintained:\s+(\d+) compare >= 24)(EMPTY_LINE) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\WINDLL-ObjectsWin*.DLX'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dmwmibridgeprov1.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1699 at wm_sca_read_command(): DEBUG: Result for (n:Length of password history maintained:\s+(\d+) compare >= 24)(net.exe accounts) -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1232 at wm_sca_do_scan(): DEBUG: Result for rule 'c:net.exe accounts -> n:Length of password history maintained:\s+(\d+) compare >= 24': 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dmwmibridgeprov1.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\WINDLL-ObjectsWin*.DLX'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1239 at wm_sca_do_scan(): DEBUG: Breaking from rule aggregator 'all' with found = 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dmwmibridgeprov1_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1255 at wm_sca_do_scan(): DEBUG: Result for check id: 26000 'Ensure 'Enforce password history' is set to '24 or more password(s)'.' -> 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\CFXP.DRV'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dmwmibridgeprov_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1000 at wm_sca_do_scan(): DEBUG: Beginning evaluation of check id: 26001 'Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'.'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dnsclientcim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1001 at wm_sca_do_scan(): DEBUG: Rule aggregation strategy for this check is 'all'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1002 at wm_sca_do_scan(): DEBUG: Initial rule-aggregator value por this type of rule is '1'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dnsclientcim.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\CFXP.DRV'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1003 at wm_sca_do_scan(): DEBUG: Beginning rules evaluation.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dnsclientpsprovider.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1028 at wm_sca_do_scan(): DEBUG: Considering rule: 'c:net.exe accounts -> n:Maximum password age \(days\):\s+(\d+) compare <= 365'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dnsclientpsprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1037 at wm_sca_do_scan(): DEBUG: Rule after variable expansion: 'c:net.exe accounts -> n:Maximum password age \(days\):\s+(\d+) compare <= 365'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\CHJO.DRV'.
2023/08/05 12:09:32 sca[44100] wm_sca.c:1142 at wm_sca_do_scan(): DEBUG: Running command: 'net.exe accounts'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dnsclientpsprovider_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 sca[44100] wm_sca.c:1637 at wm_sca_read_command(): DEBUG: Executing command 'net.exe accounts', and testing output with pattern 'n:Maximum password age \(days\):\s+(\d+) compare <= 365'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\drvinst.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\CHJO.DRV'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dsccore.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\MMSYSTEM.DLX'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dsccoreconfprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dscproxy.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\MMSYSTEM.DLX'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dscpspluginwkr.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dsctimer.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\OLECLI.DL'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dsprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\dsprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\OLECLI.DL'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\eaimeapi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Beagle worm {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\embeddedlockdownwmi.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\winxp.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\embeddedlockdownwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\embeddedlockdownwmi_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\winxp.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\en' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\en-gb' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\en-us' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\winxp.exeopen'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\esscli.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\eventtracingmanagement.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\winxp.exeopen'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\eventtracingmanagement.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\fastprox.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\winxp.exeopenopen'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\fdphost.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\fdrespub.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\fdssdp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\winxp.exeopenopen'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\fdwnet.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\fdwsd.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\winxp.exeopenopenopen'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\filetrace.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\firewallapi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\winxp.exeopenopenopen'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\folderredirectionwmiprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\fundisc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\winxp.exeopenopenopenopen'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\fwcfg.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\hbaapi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\winxp.exeopenopenopenopen'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\hgsclientwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\hgsclientwmi_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Gpcoder Trojan {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\ntos.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\hnetcfg.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\imapiv2-base.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\ntos.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\imapiv2-filesystemsupport.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\imapiv2-legacyshim.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\wsnpoem'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\interop.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ipmidtrc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\wsnpoem'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ipmiprr.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ipmiprv.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\wsnpoem\audio.dll'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ipmiprv.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\wsnpoem\audio.dll'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ipmiptrc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ipsecsvc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\wsnpoem\video.dll'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\iscsidsc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\wsnpoem\video.dll'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\iscsihba.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\iscsiprf.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\iscsirem.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Looked.BK Worm {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\iscsiwmiv2.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\uninstall\rundl132.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\iscsiwmiv2_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\kerberos.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Logo1_.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\krnlprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\krnlprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\RichDll.dll'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\l2sechc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\lltdio.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\lltdsvc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\logs' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\lsasrv.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Possible Malware - Svchost running outside system32 {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mblctr.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:488 at rkcl_get_entry(): DEBUG: Checking process: 'r:svchost.exe && !%WINDIR%\System32\svchost.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mdmappprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:326 at pt_matches(): DEBUG: Pattern: svchost.exe matches svchost.exe.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:490 at rkcl_get_entry(): DEBUG: Found process.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mdmappprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:520 at rkcl_get_entry(): DEBUG: Condition ALL.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\SysWOW64'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mdmappprov_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:393 at rkcl_get_entry(): DEBUG: Found file.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mdmsettingsprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:520 at rkcl_get_entry(): DEBUG: Condition ALL.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Possible Malware - Inetinfo running outside system32\inetsrv {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mdmsettingsprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:488 at rkcl_get_entry(): DEBUG: Checking process: 'r:inetinfo.exe && !%WINDIR%\System32\inetsrv\inetinfo.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mdmsettingsprov_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:520 at rkcl_get_entry(): DEBUG: Condition ALL.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\microsoft-windows-offlinefiles.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\SysWOW64'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\microsoft-windows-remote-filesystem.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:393 at rkcl_get_entry(): DEBUG: Found file.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\microsoft.appv.appvclientwmi.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:520 at rkcl_get_entry(): DEBUG: Condition ALL.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\microsoft.appv.appvclientwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Possible Malware - Rbot/Sdbot detected {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\rdriv.sys'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\microsoft.uev.agentwmi.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\microsoft.uev.managedagentwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\rdriv.sys'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\microsoft.uev.managedagentwmiuninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\lsass.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mispace.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mispace_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Possible Malware File {PCI_DSS: 11.4}'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mmc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\utorrent.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mmfutil.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\mof' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\utorrent.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mofcomp.exe' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mofd.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\utorrent.exe'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mofinstall.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mountmgr.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Files32.vxd'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mpeval.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mpsdrv.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mpssvc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Files32.vxd'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\msdtcwmi.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\msdtcwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\msfeeds.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Anti-virus site on the hosts file'.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\msfeedsbs.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:32 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\msi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\msiprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\msiscsi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\msnetimplatform.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mstsc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mstscax.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\msv1_0.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\mswmdm.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ncprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ncprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ncsi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ndisimplatcim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ndistrace.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netadaptercim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netadaptercim.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netadaptercimtrace.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netadaptercimtraceuninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netadaptercim_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netdacim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netdacim.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netdacim_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\neteventpacketcapture.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\neteventpacketcapture.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\neteventpacketcapture_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netnat.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netnat.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netnccim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netnccim.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netnccim_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netpeerdistcim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netpeerdistcim.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netpeerdistcim_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netprofm.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netswitchteam.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netswitchteamcim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\nettcpip.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\nettcpip.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\nettcpip_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netttcim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netttcim.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\netttcim_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\networkitemfactory.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\newdev.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\nlasvc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\nlmcim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\nlmcim.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\nlmcim_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\nlsvc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\npivwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\nshipsec.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ntevt.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ntevt.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ntfs.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\offlinefilesconfigurationwmiprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\offlinefilesconfigurationwmiprovider_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\offlinefileswmiprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\offlinefileswmiprovider_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:32 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\p2p-mesh.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\p2p-pnrp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\pcsvdevice.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\pcsvdevice_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\performance' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\pnpxassoc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\policman.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\policman.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\polproc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\polprocl.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\polprou.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\polstore.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\portabledeviceapi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\portabledeviceclassextension.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\portabledeviceconnectapi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\portabledevicetypes.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\portabledevicewiacompat.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\powermeterprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\powerpolicyprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ppcrsopcompschema.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ppcrsopuserschema.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\printfilterpipelinesvc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\printmanagementprovider.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\printmanagementprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\printmanagementprovider_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\profileassociationprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\ps_mmagent.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\qmgr.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\qoswmi.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\qoswmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\qoswmitrc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\qoswmitrc_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\qoswmi_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\racwmiprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\racwmiprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\rawxml.xsl' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\rdpendp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\rdpinit.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\rdpshell.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\refs.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\refsv1.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\regevent.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\remove.microsoft.appv.appvclientwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\repdrvfs.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\repository' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:avp.ch|avp.ru|nai.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\rsop.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\rspndr.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:32 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\samsrv.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\scersop.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\schannel.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\schedprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\schedprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\scm.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\scrcons.exe' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\scrcons.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\sdbus.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\secrcw32.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\sensorsclassextension.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\servdeps.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\servicemodel.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\servicemodel.mof.uninstall' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\servicemodel35.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\servicemodel35.mof.uninstall' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\services.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\setupapi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\smbwitnesswmiv2provider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\smbwmiv2.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\smtpcons.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\smtpcons.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\sppwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\sr.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\sstpsvc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\stdprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:32 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:32 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:32 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\storagewmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\storagewmi_passthru.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\storagewmi_passthru_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\storagewmi_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\stortrace.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\subscrpt.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\system.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\tcpip.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\texttable.xsl' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\textvaluelist.xsl' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1643 at wm_sca_read_command(): DEBUG: Command 'net.exe accounts' returned code 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\tmf' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Maximum password age \(days\):\s+(\d+)'. Partial comparison: '<= 365'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\tsallow.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Maximum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\tscfgwmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Maximum password age \(days\):\s+(\d+) compare <= 365)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\tsmf.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Maximum password age \(days\):\s+(\d+) compare <= 365)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Maximum password age \(days\):\s+(\d+)'. Partial comparison: '<= 365'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\tspkg.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Maximum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\umb.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Maximum password age \(days\):\s+(\d+) compare <= 365)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Maximum password age \(days\):\s+(\d+) compare <= 365)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\umbus.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Maximum password age \(days\):\s+(\d+)'. Partial comparison: '<= 365'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\umpass.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1844 at wm_sca_regex_numeric_comparison(): DEBUG: Captured value: '42'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\umpnpmgr.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1863 at wm_sca_regex_numeric_comparison(): DEBUG: Converted value: '42'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1714 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Partial comparison '<= 365'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\unsecapp.exe' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1746 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value given for comparison: '365'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\userprofileconfigurationwmiprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1764 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value converted: '365'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1773 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Operation is '42 <= 365'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\userprofilewmiprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1866 at wm_sca_regex_numeric_comparison(): DEBUG: Comparison result '42 <= 365' -> 1
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\userstatewmiprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Maximum password age \(days\):\s+(\d+) compare <= 365)(Maximum password age (days):                          42) -> 1
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\vds.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Maximum password age \(days\):\s+(\d+) compare <= 365)(Maximum password age (days):                          42) -> 1
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1699 at wm_sca_read_command(): DEBUG: Result for (n:Maximum password age \(days\):\s+(\d+) compare <= 365)(net.exe accounts) -> 1
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\vdswmi.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1145 at wm_sca_do_scan(): DEBUG: Command output matched.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\viewprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1232 at wm_sca_do_scan(): DEBUG: Result for rule 'c:net.exe accounts -> n:Maximum password age \(days\):\s+(\d+) compare <= 365': 1
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1028 at wm_sca_do_scan(): DEBUG: Considering rule: 'c:net.exe accounts -> n:Maximum password age \(days\):\s+(\d+) compare > 0'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\vpnclientpsprovider.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1037 at wm_sca_do_scan(): DEBUG: Rule after variable expansion: 'c:net.exe accounts -> n:Maximum password age \(days\):\s+(\d+) compare > 0'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\vpnclientpsprovider.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1142 at wm_sca_do_scan(): DEBUG: Running command: 'net.exe accounts'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1637 at wm_sca_read_command(): DEBUG: Executing command 'net.exe accounts', and testing output with pattern 'n:Maximum password age \(days\):\s+(\d+) compare > 0'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\vpnclientpsprovider_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\vss.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\vsswmi.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemcntl.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemcons.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemcons.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemcore.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemdisp.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemdisp.tlb' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemess.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemprox.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemsvc.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wbemtest.exe' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wcncsvc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wdacetwprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wdacwmiprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wdacwmiprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wdacwmiprov_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wdf01000.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wdf01000uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wdigest.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wfapigp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wfascim.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wfascim.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wfascim_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wfp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wfs.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\whqlprov.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\win32_deviceguard.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\win32_encryptablevolume.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\win32_encryptablevolume.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\win32_encryptablevolumeuninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\win32_printer.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\win32_tpm.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\win32_tpm.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wininit.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\winipsec.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\winlogon.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\winmgmt.exe' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\winmgmtr.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\winsat.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\winsatuninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wlan.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wlanhc.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmi.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiadap.exe' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiapres.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiaprpl.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiapsrv.exe' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:awaps.net|ca.com|mcafee.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmicookr.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmidcprv.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipcima.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipcima.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipdfs.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipdfs.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipdskq.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipdskq.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiperfclass.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiperfclass.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiperfinst.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiperfinst.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipicmp.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipicmp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipiprt.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipiprt.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipjobj.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipjobj.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiprov.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiprvsd.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiprvse.exe' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipsess.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmipsess.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmisvc.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmitimep.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmitimep.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmiutils.dll' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmi_tracing.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wmpnetwk.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wpdbusenum.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wpdcomp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wpdfs.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wpdmtp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wpdshext.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wpdshserviceobj.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wpdsp.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wpd_ci.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wscenter.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wsmagent.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wsmagentuninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wsmauto.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wsp_fs.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wsp_fs_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wsp_health.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wsp_health_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wsp_sr.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wsp_sr_uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wudfx.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wudfx02000.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wudfx02000uninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\wudfxuninstall.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\wbem\xml' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\xsl-mappings.xml' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\wbem\xwizards.mof' due to restriction 'wmic.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\certificate.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\diagnostics.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\dotnettypes.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\windowspowershell\v1.0\en' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\windowspowershell\v1.0\en-us' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\event.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\windowspowershell\v1.0\examples' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\filesystem.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\getevent.types.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\help.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\helpv3.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\windowspowershell\v1.0\modules' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\powershell.exe.config' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\powershellcore.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\powershelltrace.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\powershell_ise.exe' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\powershell_ise.exe.config' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\psevents.dll' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\pspluginwkr.dll' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\pwrshmsg.dll' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\registry.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\windowspowershell\v1.0\schemas' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\sysnative\windowspowershell\v1.0\sessionconfig' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\types.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\typesv3.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\sysnative\windowspowershell\v1.0\wsman.format.ps1xml' due to restriction 'powershell.exe$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\0409' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1028' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1029' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1031' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1033' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1036' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1040' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1041' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1042' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1045' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1046' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1049' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\1055' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\12520437.cpx' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\12520850.cpx' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\2052' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\3082' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\@apphelptoast.png' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\@audiotoasticon.png' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:microsoft.com|f-secure.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\@enrollmenttoasticon.png' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\@vpntoasticon.png' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\@wirelessdisplaytoast.png' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aadauthhelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aadtb.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aadwamextension.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aarsvc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\abovelockapphost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\accessibilitycpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\accountaccessor.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\accountsrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\acgenral.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aclayers.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\acledit.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aclui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\acppage.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\acspecfc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\actioncenter.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\actioncentercpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\activationclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\activationmanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\activeds.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\activeds.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\activesyncprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\actxprxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\acwinrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\acwow64.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\acxtrnal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\adal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\adaptivecards.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\addressparser.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\admtmpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\adprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\adrclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\adsldp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\adsldpc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\adsmsext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\adsnt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\adtschema.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\advancedinstallers' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1643 at wm_sca_read_command(): DEBUG: Command 'net.exe accounts' returned code 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\advapi32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Maximum password age \(days\):\s+(\d+)'. Partial comparison: '> 0'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Maximum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\advapi32res.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Maximum password age \(days\):\s+(\d+) compare > 0)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\advpack.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Maximum password age \(days\):\s+(\d+) compare > 0)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aeevts.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Maximum password age \(days\):\s+(\d+)'. Partial comparison: '> 0'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Maximum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aepic.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Maximum password age \(days\):\s+(\d+) compare > 0)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Maximum password age \(days\):\s+(\d+) compare > 0)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\agentactivationruntime.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Maximum password age \(days\):\s+(\d+)'. Partial comparison: '> 0'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\agentactivationruntimestarter.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1844 at wm_sca_regex_numeric_comparison(): DEBUG: Captured value: '42'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1863 at wm_sca_regex_numeric_comparison(): DEBUG: Converted value: '42'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\agentactivationruntimewindows.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1714 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Partial comparison '> 0'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\amcompat.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1746 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value given for comparison: '0'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1764 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value converted: '0'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\amsi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1782 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Operation is '42 > 0'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\amstream.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1866 at wm_sca_regex_numeric_comparison(): DEBUG: Comparison result '42 > 0' -> 1
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Maximum password age \(days\):\s+(\d+) compare > 0)(Maximum password age (days):                          42) -> 1
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\analogcommonproxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Maximum password age \(days\):\s+(\d+) compare > 0)(Maximum password age (days):                          42) -> 1
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\apds.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1699 at wm_sca_read_command(): DEBUG: Result for (n:Maximum password age \(days\):\s+(\d+) compare > 0)(net.exe accounts) -> 1
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aphostclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1145 at wm_sca_do_scan(): DEBUG: Command output matched.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1232 at wm_sca_do_scan(): DEBUG: Result for rule 'c:net.exe accounts -> n:Maximum password age \(days\):\s+(\d+) compare > 0': 1
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\apisethost.appexecutionalias.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1255 at wm_sca_do_scan(): DEBUG: Result for check id: 26001 'Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'.' -> 1
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appcontracts.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1000 at wm_sca_do_scan(): DEBUG: Beginning evaluation of check id: 26002 'Ensure 'Minimum password age' is set to '1 or more day(s)'.'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1001 at wm_sca_do_scan(): DEBUG: Rule aggregation strategy for this check is 'all'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appextension.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1002 at wm_sca_do_scan(): DEBUG: Initial rule-aggregator value por this type of rule is '1'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\apphelp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1003 at wm_sca_do_scan(): DEBUG: Beginning rules evaluation.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1028 at wm_sca_do_scan(): DEBUG: Considering rule: 'c:net.exe accounts -> n:Minimum password age \(days\):\s+(\d+) compare >= 1'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\apphlpdm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1037 at wm_sca_do_scan(): DEBUG: Rule after variable expansion: 'c:net.exe accounts -> n:Minimum password age \(days\):\s+(\d+) compare >= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appidapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1142 at wm_sca_do_scan(): DEBUG: Running command: 'net.exe accounts'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1637 at wm_sca_read_command(): DEBUG: Executing command 'net.exe accounts', and testing output with pattern 'n:Minimum password age \(days\):\s+(\d+) compare >= 1'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appidpolicyengineapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appidtel.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appinstallerprompt.desktop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\applocker' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\applockercsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appmanagementconfiguration.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appmgmts.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appointmentactivation.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appointmentapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\apprepapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appresolver.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appvclientps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appvdllsurrogate.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appventsubsystems32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appvsentinel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appvterminator.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appwiz.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appxalluserstore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appxapplicabilityengine.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appxdeploymentclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appxpackaging.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appxprovisioning.xml' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\appxsip.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ar-sa' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\archiveint.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\arp.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\asferror.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\aspnet_counters.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\assignedaccessruntime.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\asycfilt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\at.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\atbroker.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\atl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\atlthunk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\atmlib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\attrib.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\audiodev.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\audioeng.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\audiokse.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\audioses.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\auditnativesnapin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Ending packages scan
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\auditpol.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Starting hotfixes scan
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\auditpolcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\auditpolicygpinterop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\auditpolmsg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\authbroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\authbrokerui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\authext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\authfwcfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\authfwgp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\authfwsnapin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\authfwwizfwk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\authui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\authz.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\autochk.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\autoplay.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\avicap32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\avifil32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\avrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\azman.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\azroles.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\azroleui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\azsqlext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\backgroundmediapolicy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\backgroundtaskhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\backgroundtransferhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bamsettingsclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\basecsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:sophos.com|symantec.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\batmeter.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bcastdvr.proxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bcastdvrbroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bcastdvrclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bcastdvrcommon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bcd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bcp47langs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bcp47mrm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bcrypt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bcryptprimitives.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bdaplgin.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\bg-bg' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bidispl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bingmaps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bingonlineservices.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\biocredprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bitlockercsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bitsadmin.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bitsperf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bitsproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\biwinrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bluetoothapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\boot.sdi' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bootvid.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bopomofo.uce' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\brokerfiledialog.dat' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\brokerfiledialog.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\browcli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\browseui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\btagservice.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\bthprops' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bthprops.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bthradiomedia.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bthtelemetry.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bthudtask.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\btpanui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bwcontexthandler.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\bytecodegenerator.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ca-es' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cabapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cabinet.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cabview.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cacls.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\calc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\callbuttons.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\callbuttons.proxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\callhistoryclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cameracaptureui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\camerasettingsuihost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\camext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\capabilityaccessmanagerclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\capauthz.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\capiprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\capisp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\castingshellext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\catroot' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\catsrv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\catsrvps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\catsrvut.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cca.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cdosys.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cdp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cdprt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cemapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cero.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certca.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certcli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certcredprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certenc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certenroll.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certenrollctrl.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certenrollui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certlm.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certmgr.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certpkicmdlet.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certpoleng.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certreq.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\certutil.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cewmdm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cfgbkend.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cfgmgr32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cfmifs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cfmifsproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chakra.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chakradiag.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chakrathunk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\charmap.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chartv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chatapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chcp.com' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\checknetisolation.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chkdsk.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chkntfs.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\choice.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chs_singlechar_pinyin.dat' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\chxreadingstringime.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cic.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cipher.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ciwmi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\clbcatq.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cldapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cleanmgr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\clfsw32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cliconfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cliconfg.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cliconfg.rll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\clip.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\clipboardserver.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\clipc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cloudexperiencehostcommon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cloudexperiencehostuser.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cloudnotifications.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\clrhost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\clusapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmcfg32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmd.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmdext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmdial32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmdkey.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmdl32.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmgrcspps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmifw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmintegrator.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmlua.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmmon32.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmpbk32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmstp.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmstplua.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cmutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cngcredui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cngprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cnvfat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cob-au.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\colbact.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\colorcnv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\colorcpl.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:my-etrust.com|viruslist.ru"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\colorui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\com' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\combase.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comcat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comctl32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comdlg32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comexp.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\coml2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comp.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\compact.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\compmgmt.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\compobj.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\composableshellproxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comppkgsup.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\compstui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\computerdefaults.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comrepl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1643 at wm_sca_read_command(): DEBUG: Command 'net.exe accounts' returned code 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comsnap.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comsvcs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\comuid.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\concrt140.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1844 at wm_sca_regex_numeric_comparison(): DEBUG: Captured value: '0'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 sca[44100] wm_sca.c:1863 at wm_sca_regex_numeric_comparison(): DEBUG: Converted value: '0'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1714 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Partial comparison '>= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1746 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value given for comparison: '1'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1764 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value converted: '1'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\config' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1776 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Operation is '0 >= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\configuration' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 sca[44100] wm_sca.c:1866 at wm_sca_regex_numeric_comparison(): DEBUG: Comparison result '0 >= 1' -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\configureexpandedstorage.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\connect.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Maximum password age (days):                          42) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Maximum password age (days):                          42) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\connectedaccountstate.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\console.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Minimum password length:                              0) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\consolelogon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Minimum password length:                              0) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\contactactivation.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\contactapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Length of password history maintained:                None) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\container.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Length of password history maintained:                None) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\contentdeliverymanager.utilities.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\control.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Lockout threshold:                                    10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Lockout threshold:                                    10) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\convert.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\coreglobconfig.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Lockout duration (minutes):                           10) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\coremas.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Lockout duration (minutes):                           10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Ending hotfixes scan
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\coremessaging.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Starting ports scan
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\coremmres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Lockout observation window (minutes):                 10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\coreprivacysettingsstore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Lockout observation window (minutes):                 10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\coreshellapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\coreuicomponents.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Computer role:                                        WORKSTATION) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\correngine.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(Computer role:                                        WORKSTATION) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cpfilters.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credentialuibroker.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(The command completed successfully.) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(The command completed successfully.) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credprov2fahelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credprovcommoncore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(EMPTY_LINE) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credprovdatamodel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(EMPTY_LINE) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credprovhelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password age \(days\):\s+(\d+)'. Partial comparison: '>= 1'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password age \(days\):\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credprovhost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(EMPTY_LINE) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credprovs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(EMPTY_LINE) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1699 at wm_sca_read_command(): DEBUG: Result for (n:Minimum password age \(days\):\s+(\d+) compare >= 1)(net.exe accounts) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credprovslegacy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1232 at wm_sca_do_scan(): DEBUG: Result for rule 'c:net.exe accounts -> n:Minimum password age \(days\):\s+(\d+) compare >= 1': 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credssp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1239 at wm_sca_do_scan(): DEBUG: Breaking from rule aggregator 'all' with found = 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1255 at wm_sca_do_scan(): DEBUG: Result for check id: 26002 'Ensure 'Minimum password age' is set to '1 or more day(s)'.' -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\credwiz.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1000 at wm_sca_do_scan(): DEBUG: Beginning evaluation of check id: 26003 'Ensure 'Minimum password length' is set to '14 or more character(s)'.'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1001 at wm_sca_do_scan(): DEBUG: Rule aggregation strategy for this check is 'all'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\crtdll.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1002 at wm_sca_do_scan(): DEBUG: Initial rule-aggregator value por this type of rule is '1'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\crypt32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1003 at wm_sca_do_scan(): DEBUG: Beginning rules evaluation.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1028 at wm_sca_do_scan(): DEBUG: Considering rule: 'c:net.exe accounts -> n:Minimum password length:\s+(\d+) compare >= 14'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptbase.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 sca[44100] wm_sca.c:1037 at wm_sca_do_scan(): DEBUG: Rule after variable expansion: 'c:net.exe accounts -> n:Minimum password length:\s+(\d+) compare >= 14'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptdlg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1142 at wm_sca_do_scan(): DEBUG: Running command: 'net.exe accounts'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 sca[44100] wm_sca.c:1637 at wm_sca_read_command(): DEBUG: Executing command 'net.exe accounts', and testing output with pattern 'n:Minimum password length:\s+(\d+) compare >= 14'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptdll.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptnet.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptngc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptowinrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\crypttpmeksvc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptuiwizard.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cryptxml.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\cs-cz' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cscapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cscdll.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cscobj.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cscript.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\csrr.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ctac.json' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ctfmon.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ctl3d32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cttune.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\cttunesvr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\curl.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\c_g18030.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\c_gsm7.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\c_is2022.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\c_iscii.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d2d1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d2d1debug3.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d10.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d10core.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d10level9.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d10warp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d10_1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d10_1core.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d11.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d11on12.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d11_3sdklayers.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d12.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d12core.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d12sdklayers.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d8.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d8thk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d9.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3d9on12.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3dcompiler_47.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3dconfig.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3dim.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3dim700.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3dramp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3dscache.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\d3dxof.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\da-dk' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dabapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\daotpcredentialprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dataclen.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dataexchange.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\davclnt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\davhlpr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\davsyncprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\daxexec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dbgcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dbgeng.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dbghelp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dbgmodel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:networkassociates.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dbnetlib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dbnmpntw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dccw.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dciman32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dcomcnfg.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dcomp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ddaclsys.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ddisplay.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ddodiag.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ddoiproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ddores.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ddraw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ddrawex.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\de-de' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\defaultaccounttile.png' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\defaultdevicemanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\defaultprinterprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\delegatorprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\desk.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\desktopshellappstatecontract.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devdispitemprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devenum.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\deviceaccess.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\deviceassociation.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicecenter.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicecredential.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicedisplaystatusmanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\deviceflows.datamodel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicengccredprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicepairing.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicepairingfolder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicepairingproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicepairingwizard.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicereactivation.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devicesetupstatusprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\deviceuxres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devmgmt.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devobj.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\devrtl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dfrgui.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dfscli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dfshim.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dfsshlex.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dhcpcmonitor.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dhcpcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dhcpcore6.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dhcpcsvc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dhcpcsvc6.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dhcpsapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\diagnosticdataquery.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\diagnosticdatasettings.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\diagnosticinvoker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\diagsvcs' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dialclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dialer.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dialogblockerproc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dictationmanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\difxapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dimsjob.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dimsroam.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dinput.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dinput8.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\direct2ddesktop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\directmanipulation.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\directml.debug.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\directml.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\directxdatabasehelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\diskmgmt.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\diskpart.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\diskperf.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\diskusage.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\dism' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dism.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dismapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dispbroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dispex.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\display.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Ending ports scan
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\displaymanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\djctq.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Starting processes scan
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dllhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dllhst3g.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dlnashext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmalertlistener.proxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmapisetextimpldesktop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmappsres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmband.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmcfgutils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmcmnutils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmcommandlineutils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmcompos.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmdlgs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmdskmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmdskres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmdskres2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmenrollengine.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmime.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmintf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmiso8601utils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmloader.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmocx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmoleaututils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmprocessxmlfiltered.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmpushproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmrcdecoder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmscript.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmstyle.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmsynth.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmusic.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmvdsitf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmview.ocx' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dmxmlhelputils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dnsapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dnscmmc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\docprop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dolbydecmft.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\doskey.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dot3api.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dot3cfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dot3dlg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dot3gpclnt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dot3gpui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dot3hc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dot3msm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dot3ui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\downlevel' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:kaspersky|grisoft.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpapimig.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpapiprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpiscaling.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dplaysvr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dplayx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpmodemx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpnaddr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpnathlp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpnet.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpnhpast.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpnhupnp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpnlobby.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpnsvr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpwsockx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dpx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dragdropexperiencecommon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dragdropexperiencedataexchangedelegated.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\driverquery.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\drivers' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\driverstore' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\drprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\drt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\drtprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\drttransport.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\drvsetup.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\drvstore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsauth.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1643 at wm_sca_read_command(): DEBUG: Command 'net.exe accounts' returned code 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsccoreconfprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsdmo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(Force user logoff how long after time expires?:       Never) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dskquota.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dskquoui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsound.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(Minimum password age (days):                          0) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsparse.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsprop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(Maximum password age (days):                          42) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsquery.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(Maximum password age (days):                          42) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsreg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1844 at wm_sca_regex_numeric_comparison(): DEBUG: Captured value: '0'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsrole.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1863 at wm_sca_regex_numeric_comparison(): DEBUG: Converted value: '0'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dssec.dat' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1714 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Partial comparison '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1746 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value given for comparison: '14'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dssec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1764 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Value converted: '14'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dssenh.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1776 at wm_sca_apply_numeric_partial_comparison(): DEBUG: Operation is '0 >= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1866 at wm_sca_regex_numeric_comparison(): DEBUG: Comparison result '0 >= 14' -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(Minimum password length:                              0) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dsuiext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(Minimum password length:                              0) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dswave.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dtdump.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(Length of password history maintained:                None) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dtsh.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(Length of password history maintained:                None) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dui70.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\duser.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dusmapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(Lockout threshold:                                    10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(Lockout threshold:                                    10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dvdplay.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dwmapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(Lockout duration (minutes):                           10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dwrite.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(Lockout duration (minutes):                           10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dwwin.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxcap.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(Lockout observation window (minutes):                 10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxcapturereplay.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(Lockout observation window (minutes):                 10) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxcpl.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(Computer role:                                        WORKSTATION) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(Computer role:                                        WORKSTATION) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxdiag.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxdiagn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(The command completed successfully.) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxgi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(The command completed successfully.) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxgidebug.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxilconv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(EMPTY_LINE) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxmasf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(EMPTY_LINE) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1812 at wm_sca_regex_numeric_comparison(): DEBUG: REGEX: 'Minimum password length:\s+(\d+)'. Partial comparison: '>= 14'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxptasksync.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1827 at wm_sca_regex_numeric_comparison(): DEBUG: No match found for regex 'Minimum password length:\s+(\d+)'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxtmsft.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1909 at wm_sca_pattern_matches(): DEBUG: Testing minterm (n:Minimum password length:\s+(\d+) compare >= 14)(EMPTY_LINE) -> 0
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1912 at wm_sca_pattern_matches(): DEBUG: Pattern test result: (n:Minimum password length:\s+(\d+) compare >= 14)(EMPTY_LINE) -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxtoolsmonitor.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 sca[44100] wm_sca.c:1699 at wm_sca_read_command(): DEBUG: Result for (n:Minimum password length:\s+(\d+) compare >= 14)(net.exe accounts) -> 0
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxtoolsofflineanalysis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1232 at wm_sca_do_scan(): DEBUG: Result for rule 'c:net.exe accounts -> n:Minimum password length:\s+(\d+) compare >= 14': 0
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 sca[44100] wm_sca.c:1239 at wm_sca_do_scan(): DEBUG: Breaking from rule aggregator 'all' with found = 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxtoolsreportgenerator.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 sca[44100] wm_sca.c:1255 at wm_sca_do_scan(): DEBUG: Result for check id: 26003 'Ensure 'Minimum password length' is set to '14 or more character(s)'.' -> 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxtoolsreporting.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 sca[44100] wm_sca.c:1000 at wm_sca_do_scan(): DEBUG: Beginning evaluation of check id: 26004 'Ensure 'Password must meet complexity requirements' is set to 'Enabled'.'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxtrans.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1001 at wm_sca_do_scan(): DEBUG: Rule aggregation strategy for this check is 'all'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\dxva2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1002 at wm_sca_do_scan(): DEBUG: Initial rule-aggregator value por this type of rule is '1'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eapp3hst.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1003 at wm_sca_do_scan(): DEBUG: Beginning rules evaluation.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eappcfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 sca[44100] wm_sca.c:1028 at wm_sca_do_scan(): DEBUG: Considering rule: 'c:powershell Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser -> r:ComplexityEnabled\s+: True'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 sca[44100] wm_sca.c:1037 at wm_sca_do_scan(): DEBUG: Rule after variable expansion: 'c:powershell Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser -> r:ComplexityEnabled\s+: True'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eappgnui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 sca[44100] wm_sca.c:1142 at wm_sca_do_scan(): DEBUG: Running command: 'powershell Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eapphost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 sca[44100] wm_sca.c:1637 at wm_sca_read_command(): DEBUG: Executing command 'powershell Get-ADDefaultDomainPasswordPolicy -Current LoggedOnUser', and testing output with pattern 'r:ComplexityEnabled\s+: True'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eappprxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eapprovp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eapputil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eapsimextdesktop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eapteapconfig.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eapteapext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\easeofaccessdialog.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\easwrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\edgehtml.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\edgeiso.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\edgemanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\editbuffertesthook.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\editionupgradehelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\editionupgrademanagerobj.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\edpauditapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\edpnotify.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\edputil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\efsadu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\efsext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\efsui.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\efsutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\efswrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ehstorapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ehstorauthn.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ehstorpwdmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\el-gr' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\els.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\elscore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\elshyph.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\elslad.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\elstrans.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\emailapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\embeddedmodesvcapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\en' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\en-gb' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\en-us' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\encapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\enrollmentapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\enterpriseappmgmtclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\enterpriseresourcemanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eqossnap.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\errordetails.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\errordetailscore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\es-es' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:symantecliveupdate.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\es-mx' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\es.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\esdsip.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\esent.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\esentprf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\esentutl.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\esevss.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\esrb.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\et-ee' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\etwcoreuicomponentsresources.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\etweseproviderresources.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\etwrundown.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\eu-es' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eudcedit.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eventcls.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eventcreate.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eventviewer_eventdetails.xsl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eventvwr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\eventvwr.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\evr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\execmodelclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\execmodelproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\expand.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\explorer.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\explorerframe.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\expsrv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\exsmime.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\extrac32.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\extrasxmlparser.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\f12' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\f3ahvoas.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\familysafetyext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\faultrep.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fcon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdbth.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdbthproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fddevquery.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fde.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdeploy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdpnp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdprint.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdssdp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdwcn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdwnet.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fdwsd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\feclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ffbroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\fi-fi' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fidocredprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\filemgmt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\find.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\findnetprinters.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\findstr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\finger.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fingerprintcredential.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\firewallapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\firewallcontrolpanel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fixmapi.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\flightsettings.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fltlib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fltmc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fmifs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fms.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fondue.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fontext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fontglyphanimator.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fontsub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fontview.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\forfiles.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\format.com' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fpb.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fphc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\fr-ca' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\fr-fr' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\framedyn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\framedynos.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\frameserverclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\frameservermonitorclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\frprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fsmgmt.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fsquirt.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fsutil.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fsutilext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ftp.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fundisc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fveapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fveapibase.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fvecerts.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fwbase.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fwcfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fwpolicyiomgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fwpuclnt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fxsapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fxscom.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fxscomex.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fxsext32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fxsresm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\fxstmp' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\fxsxp32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\g711codc.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gamebarpresencewriter.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gamebarpresencewriter.proxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gamechatoverlayext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:clamav.net|bitdefender.com"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gamechattranscription.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gameinput.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gamemode.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gamepanel.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\System32\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gamepanelexternalhook.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gameux.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gamingtcui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gb2312.uce' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gcdef.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gdi32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gdi32full.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gdiplus.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\geocommon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\geolocation.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\getmac.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\getuname.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\gl-es' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\glmf32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\globinputhost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\glu32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\gms.log' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gmsaclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gnsdk_fp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gpapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gpedit.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gpedit.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gpprefcl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gpprnext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gpresult.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gpscript.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gpscript.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gptext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\gpupdate.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\graphicscapture.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\grb.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\grouppolicy' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\grouppolicyusers' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\grpconv.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hbaapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hcproviders.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hdcphandler.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hdwwiz.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hdwwiz.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\he-il' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\heatcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\help.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\helppaneproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hgcpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hh.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hhctrl.ocx' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hhsetup.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Drivers\etc\HOSTS'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hid.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:136 at rk_check_file(): DEBUG: Checking file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hidphone.tsp' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:140 at rk_check_file(): DEBUG: Starting new file: C:\Windows\Sysnative\Drivers\etc\HOSTS
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hidserv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Copyright (c) 1993-2009 Microsoft Corp."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hlink.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hmkd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hnetcfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hnetcfgclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This is a sample HOSTS file used by Microsoft TCP/IP for Windows."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hnetmon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\holoshellruntime.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hostname.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# This file contains the mappings of IP addresses to host names. Each"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\hr-hr' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hrtfapo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# entry should be kept on an individual line. The IP address should"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hrtfdspcpu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\html.iec' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# be placed in the first column followed by the corresponding host name."
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\httpapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\htui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# The IP address and the host name should be separated by at least one"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\hu-hu' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\hvsimanagementapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# space."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ia2comproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iac25_32.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ias.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iasacct.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Additionally, comments (such as these) may be inserted on individual"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iasads.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# lines or following the machine name denoted by a '#' symbol."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iasdatastore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iashlpr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iasmigplugin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iasnap.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# For example:"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iaspolcy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iasrad.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iasrecst.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#      102.54.94.97     rhino.acme.com          # source server"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iassam.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#       38.25.63.10     x.acme.com              # x client host"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iassdo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iassvcs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == ""
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\icacls.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iccvid.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# localhost name resolution is handled within DNS itself."
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\icm32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\icmp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	127.0.0.1       localhost"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\icmui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "#	::1             localhost"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iconcodecservice.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\icsigd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# Added by Docker Desktop"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\icsunattend.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 host.docker.internal"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\icsxml' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\icu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "192.168.21.100 gateway.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\icuin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# To allow the same kube context to work on the host and the container:"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\icuuc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\id-id' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "127.0.0.1 kubernetes.docker.internal"
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\idctrls.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 rootcheck[44100] common.c:159 at rk_check_file(): DEBUG: Buf == "# End of section"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ideograf.uce' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:160 at rk_check_file(): DEBUG: Pattern == "r:antivirus.com|sans.org"
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\idstore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common.c:161 at rk_check_file(): DEBUG: pt_result == 0 and full_negate == 0
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ieadvpack.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ieapfltr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] check_rc_policy.c:47 at check_rc_winapps(): DEBUG: Starting on check_rc_winapps
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iedkcs32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Chat/IM/VoIP - Skype {PCI_DSS: 10.6.1}'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ieframe.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\Skype\Phone'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iemigplugin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iepeers.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Documents and Settings\All Users\Documents\My Skype Pictures'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ieproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ieproxydesktop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Documents and Settings\Skype'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iernonce.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iertutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Documents and Settings\All Users\Start Menu\Programs\Skype'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iesetup.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iesysprep.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ieui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ieuinit.inf' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\SOFTWARE\Skype'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ieunatt.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\Software\Policies\Skype'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iexpress.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:488 at rkcl_get_entry(): DEBUG: Checking process: 'r:Skype.exe'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ifmon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ifsutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ifsutilx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Chat/IM - Yahoo {PCI_DSS: 10.6.1}'.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\imaadp32.acm' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\imagehlp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\imageres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\SOFTWARE\Yahoo'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\imagesp1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\imapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Chat/IM - ICQ {PCI_DSS: 10.6.1}'.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CURRENT_USER\Software\Mirabilis\ICQ'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\imapi2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\imapi2fs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Chat/IM - AOL {PCI_DSS: 10.6.1}'.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\SOFTWARE\America Online\AOL Instant Messenger'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ime' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ime_textinputhelpers.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CLASSES_ROOT\aim\shell\open\command'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\imgutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\imm32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CLASSES_ROOT\AIM.Protocol'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\indexeddblegacy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-aim'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inetcomm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inetcpl.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\AIM95'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inetmib1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inetres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:488 at rkcl_get_entry(): DEBUG: Checking process: 'r:aim.exe'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\inetsrv' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\infdefaultinstall.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inked.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Chat/IM - MSN {PCI_DSS: 10.6.1}'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inkobjcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSNMessenger'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\input.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inputhost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSNMessenger'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inputinjectionbroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\inputmethod' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\MSN Messenger'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inputswitch.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inputswitchtoasthandler.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\Messenger'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\inseng.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:488 at rkcl_get_entry(): DEBUG: Checking process: 'r:msnmsgr.exe'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\installservice.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\installservicetasks.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\installshield' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Chat/IM - ICQ {PCI_DSS: 10.6.1}'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\instnm.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\SOFTWARE\Mirabilis\ICQ'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\intel_gfx_api-x86.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'P2P - UTorrent {PCI_DSS: 10.6.1}'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\intl.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:488 at rkcl_get_entry(): DEBUG: Checking process: 'r:utorrent.exe'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iologmsg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ipconfig.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ipeloggingdictationhelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'P2P - LimeWire {PCI_DSS: 11.4}'.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\SOFTWARE\Limewire'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iphlpapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ipmi' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\software\microsoft\windows\currentversion\run'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ipnathlpclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iprop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iprtprio.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\limewire'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iprtrmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ipsecsnp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\limeshop'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ipsmsnap.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'P2P/Adware - Kazaa {PCI_DSS: 11.4}'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir32_32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\kazaa'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir32_32original.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir41_32.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Documents and Settings\All Users\Start Menu\Programs\kazaa'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir41_32original.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir41_qc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir41_qcoriginal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Documents and Settings\All Users\DESKTOP\Kazaa Media Desktop.lnk'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir41_qcx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir41_qcxoriginal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Documents and Settings\All Users\DESKTOP\Kazaa Promotions.lnk'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir50_32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir50_32original.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir50_qc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\Cd_clint.dll'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir50_qcoriginal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir50_qcx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\Cd_clint.dll'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ir50_qcxoriginal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iri.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\SOFTWARE\KAZAA'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\irprops.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CURRENT_USER\SOFTWARE\KAZAA'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iscsicli.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iscsicpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\KAZAA'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iscsicpl.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Adware - RxToolBar {PCI_DSS: 11.4}'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iscsidsc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CURRENT_USER\Software\Infotechnics'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iscsied.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iscsium.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CURRENT_USER\Software\Infotechnics\RX Toolbar'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iscsiwmi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CURRENT_USER\Software\RX Toolbar'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iscsiwmiv2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\isoburn.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CLASSES_ROOT\BarInfoUrl.TBInfo'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\it-it' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RX Toolbar'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\itircl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\itss.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\RXToolBar'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ivfsrc.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\iyuv_32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'P2P - BitTorrent {PCI_DSS: 10.6.1}'.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\BitTorrent'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ja-jp' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\javascriptcollectionagent.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CLASSES_ROOT\.torrent'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\jhi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-bittorrent'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\joinproviderol.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\joinutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CLASSES_ROOT\bittorrent'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\joy.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\jpmapcontrol.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\jscript.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Remote Access - GoToMyPC {PCI_DSS: 10.6.1}'.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\Citrix\GoToMyPC'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\jscript9.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\jscript9diag.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\Citrix\GoToMyPC\g2svc.exe'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\jscript9legacy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\Citrix\GoToMyPC\g2comm.exe'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\jsproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kanji_1.uce' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\expertcity\GoToMyPC'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kanji_2.uce' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\software\microsoft\windows\currentversion\run'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbd101.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbd101a.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\software\citrix\gotomypc'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbd101b.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbd101c.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gotomypc'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbd103.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:488 at rkcl_get_entry(): DEBUG: Checking process: 'r:g2svc.exe'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbd106.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbd106n.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbda1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:488 at rkcl_get_entry(): DEBUG: Checking process: 'r:g2pre.exe'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbda2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbda3.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Spyware - Twain Tec Spyware {PCI_DSS: 11.4}'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdadlm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdarme.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\SOFTWARE\twaintech'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdarmph.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdarmty.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\twaintec.dll'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdarmw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdax2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Spyware - SpyBuddy {PCI_DSS: 11.4}'.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\ExploreAnywhere\SpyBuddy\sb32mon.exe'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdaze.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdazel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\ExploreAnywhere\SpyBuddy'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdazst.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbash.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Program Files\ExploreAnywhere'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbe.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbene.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\System32\sysicept.dll'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbgph.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbgph1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:391 at rkcl_get_entry(): DEBUG: Checking file: 'C:\Windows\Sysnative\sysicept.dll'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbhc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdblr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_LOCAL_MACHINE\Software\ExploreAnywhere Software\SpyBuddy'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:324 at rkcl_get_entry(): DEBUG: Checking entry: 'Spyware - InternetOptimizer {PCI_DSS: 11.4}'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbug.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKLM\SOFTWARE\Avenue Media'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdbulg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdca.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CLASSES_ROOT\\safesurfinghelper.iebho.1'.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdcan.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdcher.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:412 at rkcl_get_entry(): DEBUG: Checking registry: 'HKEY_CLASSES_ROOT\\safesurfinghelper.iebho'.
2023/08/05 12:09:33 rootcheck[44100] common_rcl.c:506 at rkcl_get_entry(): DEBUG: Condition ANY.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdcherp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] run_rk_check.c:232 at run_rk_check(): DEBUG: Going into check_rc_dev
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdcr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] run_rk_check.c:238 at run_rk_check(): DEBUG: Going into check_rc_sys
2023/08/05 12:09:33 rootcheck[44100] check_rc_sys.c:397 at check_rc_sys(): DEBUG: Starting on check_rc_sys
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdcz.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdcz1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdcz2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdda.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbddiv1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbddiv2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbddv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbddzo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdes.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdest.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdfa.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdfar.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdfc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdfi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdfi1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdfo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdfr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdfthrk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgae.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgeo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgeoer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgeome.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgeooa.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgeoqw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgkl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgr1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgrlnd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdgthc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhau.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhaw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhe.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhe220.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhe319.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdheb.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhebl3.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhela2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhela3.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhept.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdhu1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdibm02.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdibo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdic.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinasa.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinbe1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinbe2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinben.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdindev.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinen.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinguj.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinhin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinkan.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinmal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinmar.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinori.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinpun.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdintam.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdintel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdinuk2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdir.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdit.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdit142.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdiulat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdjav.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdjpn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdkaz.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdkhmr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdkni.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdkor.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdkurd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdkyr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdla.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlao.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlisub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlisus.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlk41a.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-modulesd:syscollector[44100] wm_syscollector.c:105 at wm_sys_log(): DEBUG: Ending processes scan
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlt1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-modulesd:syscollector[44100] wm_syscollector.c:99 at wm_sys_log(): INFO: Evaluation finished.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlt2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-modulesd:syscollector[44100] wm_syscollector.c:102 at wm_sys_log(): DEBUG: Starting syscollector sync
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlv1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdlvst.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdmac.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdmacst.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdmaori.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdmlt47.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdmlt48.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdmon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdmonmo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdmonst.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdmyan.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdne.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdnec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdnec95.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdnecat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdnecnt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdnepr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdnko.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdno.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdno1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdnso.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdntl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdogham.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdolch.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdoldit.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdosa.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdosm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdpash.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdphags.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdpl1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdpo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdro.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdropr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdrost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] fs_op.c:122 at skipFS(): DEBUG: Attempted to check FS status for 'C:\WINDOWS', but we don't know how on this OS.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdru.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdru1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdrum.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsl1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsmsfi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsmsno.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsn1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsora.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsorex.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsors1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsorst.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsw09.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsyr1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdsyr2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtaile.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtajik.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdth0.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdth1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdth2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdth3.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtifi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtifi2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtiprc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtiprd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtt102.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtuf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtuq.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdturme.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdtzm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] fs_op.c:122 at skipFS(): DEBUG: Attempted to check FS status for 'C:\Program Files', but we don't know how on this OS.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdughr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] run_rk_check.c:244 at run_rk_check(): DEBUG: Going into check_rc_pids
2023/08/05 12:09:33 rootcheck[44100] run_rk_check.c:250 at run_rk_check(): DEBUG: Going into check_rc_ports
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdughr1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] run_rk_check.c:254 at run_rk_check(): DEBUG: Going into check_open_ports
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbduk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] run_rk_check.c:260 at run_rk_check(): DEBUG: Going into check_rc_if
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdukx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 rootcheck[44100] run_rk_check.c:264 at run_rk_check(): DEBUG: Completed with all checks.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdur.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdur1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdurdu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdus.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdusa.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdusl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdusr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdusx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbduzb.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdvntc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdwol.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdyak.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdyba.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdycc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kbdycl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kerbclientshared.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kerberos.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kernel.appcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kernel32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kernelbase.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\keyboardfiltercore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\keyboardfiltershim.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\keycredmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\keyiso.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\keymgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\keywords' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kmddsp.tsp' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ko-kr' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\korean.uce' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ksproxy.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kstvtune.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ksuser.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\kswdmcap.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ksxbar.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ktmutil.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ktmw32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\l2gpstore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\l2nacp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\l2sechc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\l3codeca.acm' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\l3codecp.acm' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\label.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\languageoverlayutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\laprxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\launchtm.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\launchwinapp.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lcphrase.tbl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lcptr.tbl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\libmfxhw32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\libvpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\license.rtf' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\licensemanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\licensemanagerapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\licenses' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\licensingdiagspp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\licensingwinrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\licmgr10.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\linkinfo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\loadperf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\locale.nls' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\localsec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\locationapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\locationframeworkinternalps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\locationframeworkps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lockappbroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lockscreendata.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lodctr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\logagent.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\logfiles' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\loghours.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\logman.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\logoncli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lpk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lsmproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\lt-lt' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\luiapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lusrmgr.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\lv-lv' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\lxss' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lxutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\lz32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\l_intl.nls' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\magnification.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\magnify.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\mailcontactscalendarsync' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\main.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\makecab.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mapconfiguration.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mapcontrolcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mapcontrolstringsres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mapgeocoder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mapi32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mapistub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\maprouter.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mapsbtsvc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mavinject.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mbaeapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mbaeapipublic.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mbsmsapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mbussdapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mcbuilder.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mccsengineshared.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mciavi32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mcicda.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mciqtz32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mciseq.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mciwave.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mcrecvsrc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mdminst.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mdmlocalmanagement.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mdmregistration.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\messagingdatamodel2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\mewmiprov.log' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mf3216.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfaacenc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfasfsrcsnk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfaudiocnv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140chs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140cht.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140deu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140enu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140esn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140fra.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140ita.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140jpn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140kor.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140rus.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc140u.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc40u.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc42.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfc42u.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfcaptureengine.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfcm140.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfcm140u.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfcsubs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfds.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfdvdec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mferror.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfh263enc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfh264enc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfksproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfmediaengine.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfmjpegdec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfmkvsrcsnk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfmp4srcsnk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfmpeg2srcsnk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfnetcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfnetsrc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfperfhelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfplat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfplay.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfpmp.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfreadwrite.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfsensorgroup.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfsrcsnk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfsvr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mftranscode.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfvdsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfvfw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfwmaaec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mfxplugin32_hw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mgmtapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mibincodec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoft.bluetooth.proxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoft.internal.frameworkudk.system.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoft.management.infrastructure.native.unmanaged.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoft.uev.appagent.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoft.uev.office2010customactions.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoft.uev.office2013customactions.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoft.windows.storage.core.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoft.windows.storage.storagebuscache.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoftaccounttokenprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\microsoftaccountwamextension.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\midimap.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\migisol.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\migration' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\miguiresource.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\migwiz' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mimefilt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mimofcodec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\minstoreevents.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\miracastreceiver.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\miracastreceiverext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mirrordrvcompat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mispace.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mitigationconfiguration.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\miutils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mixedrealityruntime.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mixedrealityruntime.json' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mlang.dat' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mlang.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmc.exe.config' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmcbase.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmcndmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmcshext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmdevapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmgaclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmgaproxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmgaserver.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mmsys.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mobilenetworking.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mobsync.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mode.com' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\modemui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\more.com' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\moricons.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\moshostclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mosstorage.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mountvol.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mp3dmod.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mp43decd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mp4sdecd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mpeg2data.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mpg2splt.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mpg4decd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mpr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mprapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mprddm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mprdim.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mprext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mprmsg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mrinfo.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mrmcorer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mrmdeploy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mrmindexer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mrt100.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mrt_map.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ms3dthumbnailprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msaatext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msac3enc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msacm32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msacm32.drv' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msadp32.acm' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msafd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msajapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msalacdecoder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msalacencoder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msamrnbdecoder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msamrnbencoder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msamrnbsink.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msamrnbsource.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msasn1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msauddecmft.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msaudite.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msauserext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mscandui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mscat32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msclmd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mscms.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mscoree.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mscorier.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mscories.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mscpx32r.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mscpxl32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msctf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msctfime.ime' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msctfmonitor.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msctfp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msctfui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msctfuimanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdadiag.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdart.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdatsrc.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdelta.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdmo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\msdrm' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdrm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdt.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\msdtc' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdtcprx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdtcspoffln.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdtcuiu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdtcvsp1res.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdvbnp.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdxm.ocx' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msdxm.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msexch40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msexcl40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msfeeds.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msfeedsbs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msfeedssync.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msflacdecoder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msflacencoder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msftedit.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msg711.acm' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msgsm32.acm' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msheif.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mshta.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mshtml.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mshtml.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mshtmldac.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mshtmled.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mshtmler.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msidcrl40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msident.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msidle.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msidntld.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msieftp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msiexec.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msihnd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msiltcfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msimg32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msimsg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msimtf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msinfo32.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msisip.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msiso.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msiwer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msjet40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msjetoledb40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msjint40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msjter40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msjtes40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mskeyprotcli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mskeyprotect.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msls31.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msltus40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msmpeg2adec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msmpeg2enc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msmpeg2vdec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msnp.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msobjs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msodbcdiag17.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msodbcsql17.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msoert2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msopusdecoder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msorc32r.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msorcl32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mspatcha.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mspatchc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mspbde40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msphotography.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msports.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msra.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msralegacy.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msrating.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msrawimage.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msrd2x40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msrd3x40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msrdc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msrdpwebaccess.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msrepl40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msrle32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msscntrs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msscript.ocx' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mssign32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mssip32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mssitlb.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msspellcheckingfacility.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mssph.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mssprxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mssrch.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mssvp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mstask.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mstext40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mstsc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mstscax.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msutb.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msv1_0.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvbvm60.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcirt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp110_win.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp120_clr0400.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp140.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp140_1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp140_2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp140_atomic_wait.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp140_clr0400.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp140_codecvt_ids.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp60.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcp_win.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcr100_clr0400.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcr120_clr0400.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcrt20.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvcrt40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvfw32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvidc32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvidctl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvideodsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvp9dec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvproc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msvpxenc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mswb7.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mswdat10.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mswebp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mswmdm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mswsock.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mswstr10.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msxbde40.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msxml3.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msxml3r.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msxml6.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msxml6r.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\msyuv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mtf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mtstocom.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mtxclu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mtxdm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mtxex.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mtxlegih.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mtxoci.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\mui' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\muifontsetup.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\muiunattend.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mycomput.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\mydocs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\napcrypt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\napinsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\naturallanguage6.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\nb-no' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ncaapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ncdprop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nci.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ncobjapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ncpa.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ncrypt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ncryptprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ncryptsslp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ndadmin.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nddeapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ndf' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ndfapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ndfetw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ndfeventview.xml' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ndfhcdiscovery.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ndishc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ndproxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\negoexts.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\net.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\net1.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netapi32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netbios.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netbtugc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netcenter.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netcfgnotifyobjecthost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netcfgx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netcorehc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netdiagfx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netdriverinstall.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netevent.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netfxperf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\neth.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netid.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netiohlp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netiougc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netjoin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netlogon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netmsg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netplwiz.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netplwiz.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netprofm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netprovfw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netprovisionsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netsetupapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netsetupengine.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netsetupshim.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netsh.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netshell.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netstat.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nettrace.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\netutils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\networkcollectionagent.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\networkexplorer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\networkhelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\networkitemfactory.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\networklist' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\newdev.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\newdev.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ngccredprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ngckeyenum.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ngcksp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ngclocal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ngcutils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ninput.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\nl-nl' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlaapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlansp_c.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlhtml.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlmgp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlmproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlmsprep.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlsbres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlsdata0000.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlsdata0009.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nlsdl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nmadirect.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\noise.dat' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\normaliz.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\notepad.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\npmproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\npsm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\npsmdesktopprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nrtapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nshhttp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nshipsec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nshwfp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nsi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nslookup.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntasn1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntdll.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntdsapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntlanman.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntlanui2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntlmshared.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntmarta.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntprint.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntprint.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntshrui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ntvdm64.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\nui' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\nv' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nvapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nvcuda.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nvcuvid.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nvencodeapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nvfbc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nvifr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\nvofapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\objsel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\occache.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ocsetapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbc32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbcad32.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbcbcp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbcconf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbcconf.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbcconf.rsp' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbccp32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbccr32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbccu32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbcint.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbcji32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbcjt32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odbctrac.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oddbse32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odexl32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odfox32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odpdx32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\odtext32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oemlicense.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\offfilt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\offlinelsa.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\offlinesam.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\offreg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oflc-nz.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ole2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ole2disp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ole2nls.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ole32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oleacc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oleacchooks.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oleaccrc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oleaut32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\olecli32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oledlg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oleprn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\olepro32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\olesvr32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\olethk32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\omadmapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ondemandbrokerclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ondemandconnroutehelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\onecorecommonproxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\onecoreuapcommonproxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\onesettingsclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\onex.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\onexui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\onnxruntime.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\oobe' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\opcservices.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\opencl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\openfiles.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\opengl32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\openwith.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\oposhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ortcengine.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\osbaseln.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\osuninst.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\p2p.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\p2pgraph.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\p2pnetsh.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\p9np.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\packagedcwalauncher.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\packager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\panmap.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\passwordonwakesettingflyout.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pathping.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pautoenr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\payloadrestrictions.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\paymentmediatorserviceproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pcacli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pcaui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pcaui.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pcbp.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pcl.sep' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pcpksp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pcshellcommonproxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pcwum.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pdh.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pdhui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\peerdist.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\peerdistsh.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pegi-pt.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pegi.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\peopleapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perceptiondevice.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\perceptionsimulation' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perceptionsimulation.proxystubs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perfdisk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perfhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perfmon.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perfmon.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perfnet.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perfos.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perfproc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perfts.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\perf_gputiming.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pfclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\phonecallhistoryapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\phoneom.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\phoneplatformabstraction.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\phoneutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\phoneutilres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\photometadatahandler.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\photoscreensaver.scr' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\photowiz.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pickerhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pickerplatform.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pid.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pidgenx.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pifmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pimindexmaintenanceclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pimstore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ping.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pkgmgr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pku2u.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\pl-pl' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pla.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\playlistfolder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\playsndsrv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\playtodevice.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\playtomanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\playtomenu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\playtoreceiver.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\playtostatusprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pngfilt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pnrpnsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\policymanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\polstore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\poqexec.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\portabledeviceapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\portabledeviceclassextension.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\portabledeviceconnectapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\portabledevicestatus.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\portabledevicesyncprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\portabledevicetypes.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\portabledevicewiacompat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\posyncservices.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pots.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\powercfg.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\powercfg.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\powercpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\powrprof.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\presentationhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\presentationhostproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\prevhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\prflbmsg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\print.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\print.printsupport.source.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\print.workflow.source.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\printconfig.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\printing_admin_scripts' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\printplatformconfig.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\printrenderapihost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\printui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\printui.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\printworkflowservice.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\printwsdahost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\prncache.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\prnfldr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\prnntfy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\prntvpt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\profapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\profext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\propsys.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\proquota.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\provcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\provisioningcommandscsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\provlaunch.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\provmigrate.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\provplatformdesktop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\provthrd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\proximitycommon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\proximitycommonpal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\proximityrtapipal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\prvdmofcomp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\prxyqry.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\psapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pscript.sep' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pshed.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\psisdecd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\psisrndr.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\psmodulediscoveryprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\psr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pstorec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\pt-br' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\pt-pt' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\puiapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\puiobj.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pwrshplugin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\pwrshsip.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\qasf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\qcap.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\qdv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\qdvd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\qedit.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\qedwipes.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\quartz.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\query.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\qwave.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\racengn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\racpldlg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\radardt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\radarrs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\radcui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ras' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasadhlp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasapi32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasautou.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\raschap.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\raschapext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasctrnm.h' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasctrs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasdiag.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasdial.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasdlg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\raserver.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasgcw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasman.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasmontr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasphone.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasplap.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rasppp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rastapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rastls.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rastlsext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\rastoast' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdpbase.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdpendp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdpsa.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdpsaproxy.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdpsaps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdpsauachelper.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdpserverbase.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdpsharercom.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdpviewerax.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdrleakdiag.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rdvvmtransport.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\reagent.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\reagentc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\recover.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\recovery' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\reg.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\regapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\regctrl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\regedit.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\regedt32.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\regini.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\register-cimprovider.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\regsvr32.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\reguwpapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\reinfo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rekeywiz.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\relog.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\remoteaudioendpoint.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\remotepg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\remotesp.tsp' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\removedevicecontexthandler.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\removedeviceelevated.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rendezvoussession.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\replace.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\resampledmo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\resmon.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\resourcepolicyclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\restartmanager.mof' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\restartmanageruninstall.mof' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\restore' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\resutils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rgb9rast.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\riched20.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\riched32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rmactivate.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rmactivate_isv.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rmactivate_ssp.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rmactivate_ssp_isv.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rmclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rmclient.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rnr20.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ro-ro' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\robocopy.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rometadata.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\route.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rpchttp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rpcns4.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rpcnsh.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rpcping.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rpcrt4.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rpcrtremote.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rrinstaller.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rsaenh.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rscricon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rshx32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rsop.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rstrtmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtffilt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rthdasio.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtkmsgs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtmcodecs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtmediaframe.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtmmvrortc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtmpal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtmpltfm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtutils.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rtworkq.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\ru-ru' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\runas.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\rundll32.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\runlegacycplelevated.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\runonce.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\samcli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\samlib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sas.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sbe.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sbeio.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sberes.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scansetting.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scarddlg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scecli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scesrv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\schannel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\schedcli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\schtasks.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scksp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scripto.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scrnsave.scr' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scrobj.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scrptadm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\scrrun.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sdbinst.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sdchange.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sdiageng.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sdiagnhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sdiagprv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sdohlp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\search.protocolhandler.mapi2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\searchfilterhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\searchfolder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\searchindexer.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\searchindexercore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\searchprotocolhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\secedit.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sechost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\secproc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\secproc_isv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\secproc_ssp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\secproc_ssp_isv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\secur32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\security.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\securityandmaintenance.png' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\securityandmaintenance_alert.png' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1207 at fim_check_ignore(): DEBUG: (6205): Ignoring 'file' 'c:\windows\system32\securityandmaintenance_error.png' due to sregex '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\securitycenterbrokerps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\semgrps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sendmail.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sensapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sensorsapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sensorscpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sensorsnativeapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sensorsnativeapi.v2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sensorsutilsv2.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\serialui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\services.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\servicingcommon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\serwvdrv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sessenv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sethc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\settingsyncdownloadhelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\setup' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\setup16.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\setupapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\setupcl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\setupcln.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\setupugc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\setx.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sfc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sfc.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sfc_os.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shacct.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shacctprofile.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sharehost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shdocvw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shell32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shellcommoncommonproxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shellstyle.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shfolder.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shgina.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shiftjis.uce' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shimeng.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shimgvw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shlwapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shpafact.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shrpubw.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shsetup.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shsvcs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shunimpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shutdown.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shutdownext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\shwebsvc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\signdrv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\simauth.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\simcfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\simpdata.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\sk-sk' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\sl-si' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\slc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\slcext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\slmgr' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\slmgr.vbs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\slwga.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\smartcardcredentialprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\smartscreen.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\smartscreenps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\smbhelperclass.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\smi' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\smphost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sndvol.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sndvolsso.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\snmpapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\socialapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\softkbd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\softpub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sort.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sortserver2003compat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sortwindows61.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sortwindows62.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sortwindows63.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sortwindows6compat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spatialaudiolicensesrv.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spatialinteraction.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spbcd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\speech' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\speech_onecore' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spfileq.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spinf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spnet.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spopk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\spp' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sppc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sppcext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sppcomapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\sppui' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sppwmi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spwinsat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spwizeng.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\spwmp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sqlserverspatial150.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sqlsrv32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sqlsrv32.rll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sqlunirl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sqlwid.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sqlwoa.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sqmapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\sr-latn-rs' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srchadmin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srdelayed.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srmclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srmlib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srms-apr-v.dat' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srms-apr.dat' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srmscan.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srmshell.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srmstormod.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srmtrace.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srm_ps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srpapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srpuxnativesnapin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\sru' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srumapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srumsvc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\srvcli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sscore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ssdm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ssdpapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sspicli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ssshim.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sstpcfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\startupscan.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\staterepository.core.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\stclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\stdole2.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\stdole32.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sti.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\stobject.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\storage.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\storagecontexthandler.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\storagewmi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\storagewmi_passthru.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\stordiag.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\storprop.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\structuredquery.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\subrange.uce' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\subst.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sud.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\sv-se' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\svchost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sxproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sxs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sxshared.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sxsstore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sxstrace.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\synccenter.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\synccontroller.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\synchost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\synchostps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\syncinfrastructure.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\syncinfrastructureps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\syncproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\syncreg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\syncres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\syncsettings.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] receiver.c:97 at receive_msg(): DEBUG: Received message: '#!-syscollector_hwinfo dbsync checksum_fail {"begin":"/5SHRJB3/CNPE1000AU064F/","end":"/5SHRJB3/CNPE1000AU064F/","id":1691201373}'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\syncutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sysdm.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sysmon.ocx' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\sysprep' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sysprint.sep' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\sysprtj.sep' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\syssetup.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systemcpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systemeventsbrokerclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systeminfo.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systempropertiesadvanced.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systempropertiescomputername.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systempropertiesdataexecutionprevention.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systempropertieshardware.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systempropertiesperformance.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systempropertiesprotection.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systempropertiesremote.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systemsettings.datamodel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systemsupportinfo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systemuwplauncher.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\systray.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\t2embed.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\takeown.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tapi3.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tapi32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tapimigplugin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tapiperf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tapisrv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tapisysprep.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tapiui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tapiunattend.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tar.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\taskapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\taskcomp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\taskkill.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tasklist.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\taskmgr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\tasks' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\taskschd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\taskschd.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\taskschdps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tbauth.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tbs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tcmsetup.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tcpbidi.xml' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tcpipcfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tcpmib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tcpmonui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tcpsvcs.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tdc.ocx' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tdh.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tdhres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\teemanagement.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\telephon.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tempsignedlicenseexchangetask.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tenantrestrictionsplugin.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\termmgr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tetheringclient.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\textinputframework.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\textinputmethodformatter.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\textshaping.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\th-th' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\themecpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\themeui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\threadpoolwinrt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\thumbcache.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\thumbnailextractionhost.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tiledatarepository.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\timedate.cpl' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\timedatemuicallback.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\timeout.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tlscsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tokenbinding.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tokenbroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tokenbrokercookies.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tokenbrokerui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tpm.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tpmcertresources.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tpmcompc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tpmcoreprovisioning.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tpminit.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tpmtool.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tquery.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\tr-tr' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tracerpt.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tracert.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\traffic.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tree.com' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\trustedsignalcredprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tsbyuv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tsgqec.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tsmf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tspkg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tstheme.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tsworkspace.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ttdinject.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ttdloader.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ttdplm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ttdrecord.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ttdrecordcpu.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ttlsauth.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ttlscfg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ttlsext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tttracer.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tvratings.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\twext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\twinapi.appcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\twinapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\twinui.appcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\twinui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\txflog.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\txfw32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\typelib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\typeperf.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tzautoupdate.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tzres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\tzutil.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ucmhc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ucrtbase.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ucrtbase_clr0400.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\udhisapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uevcustomactiontypes.tlb' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uexfat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ufat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uiamanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uianimation.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uiautomationcore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uicom.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uimanagerbrokerps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uireng.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uiribbon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\uk-ua' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ulib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\umdmxfrm.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\umpdc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\unenrollhook.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\unimdm.tsp' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\unimdmat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uniplat.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\unistore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\unlodctr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\unregmp2.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\untfs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\upnp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\upnpcont.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\upnphost.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\urefs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\urefsv1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ureg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\url.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\urlmon.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\usbceip.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\usbperf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\usbui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\user.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\user32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\useraccountbroker.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\useraccountcontrolsettings.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\useraccountcontrolsettings.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\useractivitybroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\usercpl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userdataaccessres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userdataaccountapis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userdatalanguageutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userdataplatformhelperutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userdatatimeutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userdatatypehelperutil.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userdeviceregistration.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userdeviceregistration.ngc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userenv.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userinit.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userinitext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\userlanguageprofilecallback.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\usermgrcli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\usermgrproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\usk.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\usoapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\usp10.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\ustprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\utcapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\utildll.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\utilman.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uudf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uxinit.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uxlib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uxlibres.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\uxtheme.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\van.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vault.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vaultcli.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vbajet32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vbicodec.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vbisurf.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vbscript.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vcamp140.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vcardparser.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vccorlib140.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vcomp140.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vcruntime140.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vcruntime140_clr0400.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vdmdbg.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vds_ps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\verclsid.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\verifier.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\verifiergui.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\version.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vfwwdm32.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\vi-vn' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vidcap.ax' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vidreszr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\virtdisk.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\virtualsurroundapo.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vmstaging.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\voiceactivationmanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\voiprt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vpnikeapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vscmgrps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vscover170.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vsd3dwarpdebug.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vsgraphicscapture.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vsgraphicsdesktopengine.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vsgraphicsexperiment.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vsgraphicsproxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vsgraphicsremoteengine.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vsjitdebugger.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vsperf170.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vssapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vsstrace.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vss_ps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vulkan-1-999-0-0-0.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vulkan-1.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vulkaninfo-1-999-0-0-0.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\vulkaninfo.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\w32tm.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\w32topl.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wabsyncprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\waitfor.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\walletbackgroundserviceproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\walletproxy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wavemsp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wbemcomn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wcmapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:345 at fim_checker(): DEBUG: (6347): Directory 'c:\windows\system32\wcn' is already on the max recursion_level (0), it will not be scanned.
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wcnapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wcnwiz.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wdc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wdi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wdigest.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wdmaud.drv' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wdscore.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\web.rs' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\webauthn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\webcamui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\webcheck.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\webclnt.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\webio.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\webplatstorageserver.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\webservices.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\websocket.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wecapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wecutil.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\werdiagcontroller.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\werenc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\weretw.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\werfault.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\werfaultsecure.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wermgr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\werui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wevtapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wevtfwd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wevtutil.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wextract.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wf.msc' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wfapigp.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wfdprov.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wfhc.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\where.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\whhelper.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\whoami.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wiaacmgr.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wiaaut.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wiadefui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wiadss.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wiascanprofiles.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wiashext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wiatrace.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wifidisplay.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wimbootcompress.ini' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wimgapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\win32u.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\winbio.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\winbioext.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\winbrand.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wincorlib.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wincredprovider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\wincredui.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windowmanagementapi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.accountscontrol.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.ai.machinelearning.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.ai.machinelearning.preview.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.background.systemeventsbroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.background.timebroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.conversationalagent.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.core.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.datatransfer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.lockscreen.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.store.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.store.preview.dosettings.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.store.testingframework.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.applicationmodel.wallet.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.data.pdf.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.alljoyn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.background.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.background.ps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.bluetooth.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.custom.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.custom.ps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.enumeration.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.haptics.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.humaninterfacedevice.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.lights.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.lowlevel.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.midi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.perception.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.picker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.pointofservice.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.portable.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.printers.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.printers.extensions.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.radios.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.scanners.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.sensors.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.serialcommunication.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.smartcards.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.smartcards.phone.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.usb.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.wifi.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.devices.wifidirect.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.energy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.fileexplorer.common.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.gaming.input.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.gaming.preview.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.gaming.ui.gamebar.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.gaming.xboxlive.storage.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.globalization.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.globalization.fontgroups.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.globalization.phonenumberformatting.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.graphics.display.brightnessoverride.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.graphics.display.displayenhancementoverride.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.graphics.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.graphics.printing.3d.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.graphics.printing.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.graphics.printing.workflow.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.graphics.printing.workflow.native.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.devices.bluetooth.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.devices.sensors.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.graphics.display.displaycolormanagement.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.graphics.display.displayenhancementmanagement.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.management.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.securitymitigationsbroker.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.shellcommon.accountscontrolexperience.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.shellcommon.appresolvermodal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.shellcommon.printexperience.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.shellcommon.tokenbrokermodal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.ui.dialogs.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.ui.logon.proxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.internal.ui.shell.windowtabmanager.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.management.workplace.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.management.workplace.workplacesettings.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.audio.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.backgroundmediaplayback.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.backgroundplayback.exe' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.devices.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.editing.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.faceanalysis.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.import.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.mediacontrol.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.mixedrealitycapture.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.ocr.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.playback.backgroundmediaplayer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.playback.mediaplayer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.playback.proxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.protection.playready.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.speech.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.streaming.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.media.streaming.ps.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.mirage.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.mirage.internal.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.backgroundtransfer.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.connectivity.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.hostname.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.networkoperators.esim.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.networkoperators.hotspotauthentication.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.proximity.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.servicediscovery.dnssd.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.sockets.pushenabledapplication.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.vpn.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.networking.xboxlive.proxystub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.payments.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.perception.stub.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.security.authentication.identity.provider.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.security.authentication.onlineid.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.security.authentication.web.core.dll' due to restriction 'winrm.vbs$'
2023/08/05 12:09:33 wazuh-agent[44100] create_db.c:1227 at fim_check_restrict(): DEBUG: (6203): Ignoring entry 'c:\windows\system32\windows.security.credentials.ui.credentialpicker.dll' due to