Fuebar
-
Posts
11 -
Joined
-
Last visited
Posts posted by Fuebar
-
-
[sublime Text 3 Session*] LangSecRef=3024 DetectFile=%APPDATA%\Sublime Text 3\ Default=False FileKey1=%APPDATA%\Sublime Text 3\Local|Session.sublime_session
-
Let's see, for now I've got:
LangSecRef=Games
Should be
Section=Games
for each of these entries:
- Bugsplat
- Chivalry: Medieval Warfare
- Don't Starve
- Faster Than Light
- Hi-Rez Studios
- Torchlight 2
- Tribes: Ascend
Cheers.
EDIT: Oh, and a new entry, for calibre's search cache.
[Calibre Cache*] LangSecRef=3021 DetectFile=%LocalAppData%\calibre-cache\jsbrowser Default=False FileKey1=%LocalAppData%\calibre-cache\jsbrowser\data*|*.*|RECURSE
And by the way, perhaps you should remove the MD5 checksum on the first post if you aren't updating it regularly, it could make a few paranoid people suspicious.
Unless of course it is correct, and my hasher is not. Or I'm a victim of a MitM by someone intent on skewing my cleaning definitions... truly evil. 
- Bugsplat
-
[Windows 8 Search History*] DetectOS=6.2| LangSecRef=3025 Detect=HKCU\Software\Microsoft\Windows Default=False RegKey1=HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\SearchHistory
Modified to turn the
Section=3025
of that entry to
LangSecRef=3025
-
Sorry for the double post, but I thought it necessary to separate thoughts.
Have you considered a git repo for winapp2.ini? I'm thinking a file that new/modified entries can be pushed to, and a new version can be pulled easily. Of course, the site could remain with a download link as well. It would make it much easier to get new changes without waiting for the next release... and easier than posting CODE segments in the forums as well. Any thoughts?
-
The [skype More*] and [skype ChatSync*] entries have duplicate rules, so I think Skype More should be turned into
[skype More*] LangSecRef=3022 Detect=HKCU\Software\Skype Default=False FileKey1=%AppData%\Skype|*.lck;*.lock|RECURSE
To keep the option of removing chatsync separate of the lock files.
Edit: I wrote a program to look for dupe keys, here's what I recommend.
[Auslogics Disk Defrag Portable*] LangSecRef=3024 Detect=HKCU\Software\Auslogics\Disk Defrag Portable Default=False FileKey1=%AppData%\Auslogics\Disk Defrag\Reports|*.* FileKey2=%AppData%\Auslogics\Disk Defrag\Logs|*.*
[Auslogics Disk Defrag*] LangSecRef=3024 Detect=HKCU\Software\Auslogics\Disk Defrag Default=False FileKey1=%AppData%\Auslogics\Disk Defrag\Reports|*.* FileKey2=%AppData%\Auslogics\Disk Defrag\Logs|*.*
Should just be merged into
[Auslogics Disk Defrag*] LangSecRef=3024 Detect1=HKCU\Software\Auslogics\Disk Defrag Detect2=HKCU\Software\Auslogics\Disk Defrag Portable Default=False FileKey1=%AppData%\Auslogics\Disk Defrag\Reports|*.* FileKey2=%AppData%\Auslogics\Disk Defrag\Logs|*.*
---
[CNN*] Section=Windows 8 Apps DetectFile=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_cs8eyncph15zy Default=False FileKey1=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\INetCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\INetCookies|*.*|RECURSE FileKey3=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\INetHistory|*.*|RECURSE FileKey4=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\Temp|*.* FileKey5=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\PRICache|*.* FileKey6=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\Microsoft\CLR_v4.0\UsageLogs|*.*|RECURSE FileKey7=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\AC\Microsoft\CLR_v4.0_32\UsageLogs|*.*|RECURSE FileKey8=%LocalAppData%\Packages\588E6FFA.CNNAppforWindows_*\TempState|*.*|RECURSE
The above is updated to remove a FileKey9 that was a duplicate of FileKey6.
---
[Norton Installer Logs*] LangSecRef=3024 DetectFile=%CommonAppData%\NortonInstaller\Logs Default=False FileKey1=%CommonAppData%\NortonInstaller\Logs|*.*|RECURSE
[Norton Internet Security 2012/13 (logs)*] LangSecRef=3024 DetectFile=%CommonAppData%\NortonInstaller\Logs Default=False FileKey1=%CommonAppData%\NortonInstaller\Logs|*.*|RECURSE
Norton Internet Security 2012/13 (logs) is redundant and can be removed.
---
[XnView MP*] LangSecRef=3024 Detect=HKCU\Software\XnView\XnViewMP Default=False FileKey1=%AppData%\XnViewMP|*.db;category.bak FileKey2=%AppData%\XnView\cache|*.db FileKey3=%ProgramFiles%\XnViewMP|category.bak;*.db
[XnView*] LangSecRef=3023 Detect=HKCU\Software\XnView Default=False FileKey1=%AppData%\XnView|XnView.db;category.bak FileKey2=%AppData%\XnView\cache|*.db FileKey3=%ProgramFiles%\XnView\cache|*.db FileKey4=%ProgramFiles%\XnView|category.bak
XnView MP should become
[XnView MP*] LangSecRef=3024 Detect=HKCU\Software\XnView\XnViewMP Default=False FileKey1=%AppData%\XnViewMP|*.db;category.bak FileKey3=%ProgramFiles%\XnViewMP|category.bak;*.db
since the XnView\cache.db file(s) are not as specific to XnView MP, and the detect keys will show both the XnView and XnView MP entries if XnView MP is present.
Sorry about the long post, but I hope this helps.
-
Entry for FreeFixer, a Windows diagnostic utility. Logs sensitive information that doesn't disappear on uninstallation, as far as I recall.
[FreeFixer*] LangSecRef=3024 DetectFile=%LocalAppData%\FreeFixer\ Default=False FileKey1=%LocalAppData%\FreeFixer\icons|*.ico|RECURSE FileKey2=%LocalAppData%\FreeFixer\logs|*.*|RECURSE FileKey3=%LocalAppData%\FreeFixer|itemtracking.txt
-
Halite BitTorrent Client[/url] log files and configuration backups.
[Halite Logs and Backups*] LangSecRef=3021 DetectFile1=%LocalAppData%\Halite\ Default=False FileKey1=%LocalAppData%\Halite|HaliteLog.txt FileKey2=%LocalAppData%\Halite|Halite.xml.*|RECURSE
-
Some new entries:
[Motorola Device Manager Logs*] LangSecRef=3024 DetectFile=%AppData%\Motorola\MotoHelper\installer.log Default=False FileKey1=%AppData%\Motorola\MotoHelper|installer.log
NetBeans IDE installer logs and other runtime logs.
[NetBeans IDE Logs*] LangSecRef=3021 DetectFile1=%UserProfile%\.nbi\log\ DetectFile2=%AppData%\NetBeans\ Default=False FileKey1=%UserProfile%\.nbi\log|*.log|RECURSE FileKey2=%AppData%\NetBeans\*\var\log|*.*|RECURSE
WireShark recent files (they hold path information to the last browsed directory, and cache filters, [as far as I can tell] which could be considered insecure to some).
[WireShark Recent Files*] LangSecRef=3024 DetectFile=%AppData%\Wireshark\ Warning=This will remove custom view settings (like window sizes and hidden toolbars, formatting and last-used profiles). Default=False FileKey1=%AppData%\Wireshark|recent FileKey2=%AppData%\Wireshark|recent_common
And not sure if it really matters, but... capitalisation consistency in the Torchlight entry's file paths.
Section=Games DetectFile=%AppData%\Runic Games\Torchlight Default=False FileKey1=%AppData%\Runic Games\Torchlight|*.log
(Original had 'FileKey1=%AppData%\runic games\torchlight|*.log')
Cheers.
-
Tixati (torrent client) diagnostic log cleaner:
[Tixati Logs*] LangSecRef=3021 DetectFile=%APPDATA%\tixati\upnp_diagnostic_log.txt Default=False FileKey1=%APPDATA%\tixati|upnp_diagnostic_log.txt
-
This is my first attempt ever at writing a cleaner rule, but I was digging around my AppData folder and found a cache folder Google Talk uses to store avatar images, as well as a plaintext file associating each email with each avatar. This could be somewhat sensitive data in some cases. Unfortunately, the default avatar cache files Google generates/downloads(?) automatically that aren't sensitive are listed with random file names just as contact avatar cache files are, so there's no way to differentiate them with this simple ruleset, to my knowledge. CCleaner includes a Google Talk cleaning entry, but it doesn't seem to get rid of the avatar cache. I haven't tested this for any drawbacks it may have, but I thought I might as well share it. Sorry if it's been discussed already.
[Google Talk Avatar Cache*] LangSecRef=3022 Detect=HKCU\Software\Google\Google Talk Default=False FileKey1=%LocalAppData%\Google\Google Talk\avatars|*.*
Unless of course it is correct, and my hasher is not. Or I'm a victim of a MitM by someone intent on skewing my cleaning definitions... truly evil. 
Winapp2.ini additions
in CCleaner
Posted
For Python's IDLE editor/IDE.