macos sniffers: back out osquery change until we understand it better, sort exceptions

This commit is contained in:
Thomas Stromberg 2023-02-20 11:58:43 -05:00
parent d6f903bb00
commit 75b7ec5552
Failed to extract signature

View File

@ -57,10 +57,8 @@ FROM
LEFT JOIN hash p2_hash ON p2.path = p2_hash.path
WHERE
et.event_tapped IN ('EventKeyDown', 'EventKeyUp')
AND s.authority != 'Software Signing'
-- Popular programs that sniff keyboard events, but do not appear to be malware.
AND s.authority != 'Software Signing' -- Popular programs that sniff keyboard events, but do not appear to be malware.
AND NOT exception_key IN (
'TextExpander,com.smileonmymac.textexpander,Developer ID Application: SmileOnMyMac, LLC (7PKJ6G4DXL)',
'BetterTouchTool,com.hegenberg.BetterTouchTool,Developer ID Application: folivora.AI GmbH (DAFVSXZ82P)',
'Contexts,com.contextsformac.Contexts,Developer ID Application: Usman Khalid (RZ7E748ZSC)',
'Hyperkey,com.knollsoft.Hyperkey,Developer ID Application: Ryan Hanson (XSYZ3E4B7D)',
@ -69,7 +67,7 @@ WHERE
'logioptionsplus_agent,com.logi.cp-dev-mgr,Developer ID Application: Logitech Inc. (QED4VVPZWA)',
'MonitorControl,me.guillaumeb.MonitorControl,Developer ID Application: Joni Van Roost (CYC8C8R4K9)',
'skhd,skhd,',
'osqueryd,io.osquery.agent,Developer ID Application: OSQUERY A Series of LF Projects, LLC (3522FA9PXF)'
'TextExpander,com.smileonmymac.textexpander,Developer ID Application: SmileOnMyMac, LLC (7PKJ6G4DXL)'
)
GROUP BY
p0.path