fpr: Steam, Presenting, Wavebox, multipass, parallels, cargo, dnf, Kindle, DaveTheDiver
This commit is contained in:
Thomas Stromberg
parent
d59c1de257
commit
c9f0b2bee5
|
|
@ -69,21 +69,24 @@ WHERE
|
|||
'0,dockerd,0u,0g,dockerd',
|
||||
'0,flatpak-system-helper,0u,0g,flatpak-system-',
|
||||
'0,git-remote-http,0u,0g,git-remote-http',
|
||||
'0,go,0u,0g,go',
|
||||
'0,gtk4-update-icon-cache,0u,0g,gtk-update-icon',
|
||||
'0,http,0u,0g,https',
|
||||
'0,kmod,0u,0g,depmod',
|
||||
'0,launcher,0u,0g,launcher',
|
||||
'0,launcher,500u,500g,launcher',
|
||||
'0,ldconfig,0u,0g,ldconfig',
|
||||
'0,make,0u,0g,make',
|
||||
'0,nessusd,0u,0g,nessusd',
|
||||
'0,nix,0u,0g,nix',
|
||||
'0,nix,0u,0g,nix-daemon',
|
||||
'0,orbit,0u,0g,orbit',
|
||||
'0,osqueryd,0u,0g,osqueryd',
|
||||
'0,packagekitd,0u,0g,packagekitd',
|
||||
'0,pacman,0u,0g,pacman',
|
||||
'0,python3.10,0u,0g,dnf',
|
||||
'0,python3.10,0u,0g,dnf-automatic',
|
||||
'0,python3.10,0u,0g,yum',
|
||||
'500,evolution-source-registry,0u,0g,evolution-sourc',
|
||||
'0,python3.11,0u,0g,dnf',
|
||||
'0,python3.11,0u,0g,dnf-automatic',
|
||||
'0,python3.11,0u,0g,yum',
|
||||
|
|
@ -124,6 +127,7 @@ WHERE
|
|||
'500,cloud_sql_proxy,0u,0g,cloud_sql_proxy',
|
||||
'500,code,0u,0g,code',
|
||||
'500,code,500u,500g,code',
|
||||
'500,code,u,g,code',
|
||||
'500,containerd,u,g,containerd',
|
||||
'500,copilot-agent-linux,500u,500g,copilot-agent-l',
|
||||
'500,cosign,500u,500g,cosign',
|
||||
|
|
@ -140,9 +144,11 @@ WHERE
|
|||
'500,electron,0u,0g,electron',
|
||||
'500,evolution-addressbook-factory,0u,0g,evolution-addre',
|
||||
'500,evolution-calendar-factory,0u,0g,evolution-calen',
|
||||
'500,evolution-source-registry,0u,0g,evolution-sourc',
|
||||
'500,firefox,0u,0g,firefox',
|
||||
'500,firefox,0u,0g,.firefox-wrappe',
|
||||
'500,firefox,0u,0g,Socket Process',
|
||||
'500,firefox-bin,u,g,firefox-bin',
|
||||
'500,flameshot,0u,0g,flameshot',
|
||||
'500,flatpak-oci-authenticator,0u,0g,flatpak-oci-aut',
|
||||
'500,flux,500u,500g,flux',
|
||||
|
|
@ -160,12 +166,9 @@ WHERE
|
|||
'500,gnome-recipes,0u,0g,gnome-recipes',
|
||||
'500,gnome-shell,0u,0g,gnome-shell',
|
||||
'500,gnome-software,0u,0g,gnome-software',
|
||||
'0,go,0u,0g,go',
|
||||
'500,go,0u,0g,go',
|
||||
'500,code,u,g,code',
|
||||
'500,go,500u,500g,go',
|
||||
'500,goa-daemon,0u,0g,goa-daemon',
|
||||
'500,TJPP8_Vulkan,500u,500g,TJPP8_Vulkan',
|
||||
'500,___go_build_main_go,500u,500g,___go_build_mai',
|
||||
'500,go,u,g,go',
|
||||
'500,grafana,u,g,grafana',
|
||||
|
|
@ -229,7 +232,6 @@ WHERE
|
|||
'500,python3.10,0u,0g,aws',
|
||||
'500,python3.10,0u,0g,python',
|
||||
'500,python3.10,0u,0g,python3',
|
||||
'0,osqueryd,0u,0g,osqueryd',
|
||||
'500,python3.11,0u,0g,aws',
|
||||
'500,python3.11,0u,0g,gnome-abrt',
|
||||
'500,python3.11,0u,0g,protonvpn',
|
||||
|
|
@ -252,7 +254,6 @@ WHERE
|
|||
'500,spotify,500u,500g,spotify',
|
||||
'500,spotify,u,g,spotify',
|
||||
'500,steam,500u,100g,steam',
|
||||
'500,buildkite-agent,500u,500g,buildkite-agent',
|
||||
'500,steam,500u,500g,steam',
|
||||
'500,steamwebhelper,500u,100g,steamwebhelper',
|
||||
'500,steamwebhelper,500u,500g,steamwebhelper',
|
||||
|
|
@ -267,16 +268,15 @@ WHERE
|
|||
'500,thunderbird,0u,0g,thunderbird',
|
||||
'500,thunderbird,u,g,thunderbird',
|
||||
'500,tilt,500u,500g,tilt',
|
||||
'500,TJPP8_Vulkan,500u,500g,TJPP8_Vulkan',
|
||||
'500,todoist,0u,0g,todoist',
|
||||
'500,trivy,0u,0g,trivy',
|
||||
'500,trivy,500u,500g,trivy',
|
||||
'500,firefox-bin,u,g,firefox-bin',
|
||||
'500,WebKitNetworkProcess,0u,0g,WebKitNetworkPr',
|
||||
'500,wget,0u,0g,wget',
|
||||
'0,make,0u,0g,make',
|
||||
'500,wine64-preloader,500u,500g,DaveTheDiver.ex',
|
||||
'500,wine64-preloader,500u,500g,Root.exe',
|
||||
'500,wolfictl,500u,500g,wolfictl',
|
||||
'0,orbit,0u,0g,orbit',
|
||||
'500,WPILibInstaller,500u,500g,WPILibInstaller',
|
||||
'500,xmobar,0u,0g,xmobar',
|
||||
'500,yay,0u,0g,yay',
|
||||
|
|
|
|||
|
|
@ -115,17 +115,16 @@ WHERE
|
|||
AND s.authority = 'Software Signing'
|
||||
)
|
||||
AND NOT exception_key IN (
|
||||
'0,6,5228,prl_naptd,prl_naptd,Developer ID Application: Parallels International GmbH (4C6364ACXT),com.parallels.naptd',
|
||||
'0,6,80,prl_naptd,prl_naptd,Developer ID Application: Parallels International GmbH (4C6364ACXT),com.parallels.naptd',
|
||||
'500,17,123,Garmin Express,Garmin Express,Developer ID Application: Garmin International (72ES32VZUA),com.garmin.renu.client',
|
||||
'500,17,68,com.docker.backend,com.docker.backend,Developer ID Application: Docker Inc (9BNSXJN65R),com.docker',
|
||||
'500,17,8801,zoom.us,zoom.us,Developer ID Application: Zoom Video Communications, Inc. (BJ4HAAB9B3),us.zoom.xos',
|
||||
'500,17,9000,Meeting Center,Meeting Center,Developer ID Application: Cisco (DE8Y96K9QP),com.webex.meetingmanager',
|
||||
'500,6,22,Cyberduck,Cyberduck,Developer ID Application: David Kocher (G69SCX94XU),ch.sudo.cyberduck',
|
||||
'500,6,80,Wavebox Helper,Wavebox Helper,Developer ID Application: Bookry Ltd (4259LE8SU5),com.bookry.wavebox.helper',
|
||||
'500,6,22,goland,goland,Developer ID Application: JetBrains s.r.o. (2ZEFAR8TH3),com.jetbrains.goland',
|
||||
'500,6,22,Transmit,Transmit,Developer ID Application: Panic, Inc. (VE8FC488U5),com.panic.Transmit',
|
||||
'500,6,2869,Spotify,Spotify,Developer ID Application: Spotify (2FNC3A47ZF),com.spotify.client',
|
||||
'500,6,80,Brackets,Brackets,Developer ID Application: CORE.AI SCIENTIFIC TECHNOLOGIES PRIVATE LIMITED (8F632A866K),io.brackets.appshell',
|
||||
'500,6,32000,Spotify Helper,Spotify Helper,Developer ID Application: Spotify (2FNC3A47ZF),com.spotify.client.helper',
|
||||
'500,6,32400,PlexMobile,PlexMobile,Apple iPhone OS Application Signing,com.plexapp.plex',
|
||||
'500,6,32768,IPNExtension,IPNExtension,Apple Mac OS Application Signing,io.tailscale.ipn.macos.network-extension',
|
||||
|
|
@ -137,6 +136,7 @@ WHERE
|
|||
'500,6,5228,Clay,Clay,Developer ID Application: Clay Software, Inc. (C68GA48KN3),com.clay.mac',
|
||||
'500,6,8009,Spotify Helper,Spotify Helper,Developer ID Application: Spotify (2FNC3A47ZF),com.spotify.client.helper',
|
||||
'500,6,80,Arc Helper,Arc Helper,Developer ID Application: The Browser Company of New York Inc. (S6N382Y83G),company.thebrowser.browser.helper',
|
||||
'500,6,80,Brackets,Brackets,Developer ID Application: CORE.AI SCIENTIFIC TECHNOLOGIES PRIVATE LIMITED (8F632A866K),io.brackets.appshell',
|
||||
'500,6,80,CEPHtmlEngine Helper,CEPHtmlEngine Helper,Developer ID Application: Adobe Inc. (JQ525L2MZD),com.adobe.cep.CEPHtmlEngine Helper',
|
||||
'500,6,80,Code Helper (Plugin),Code Helper (Plugin),Developer ID Application: Microsoft Corporation (UBF8T346G9),com.github.Electron.helper',
|
||||
'500,6,80,Code - Insiders Helper (Plugin),Code - Insiders Helper (Plugin),Developer ID Application: Microsoft Corporation (UBF8T346G9),com.github.Electron.helper',
|
||||
|
|
@ -159,6 +159,7 @@ WHERE
|
|||
'500,6,80,Telegram,Telegram,Apple Mac OS Application Signing,ru.keepcoder.Telegram',
|
||||
'500,6,80,thunderbird,thunderbird,Developer ID Application: Mozilla Corporation (43AQ936H96),org.mozilla.thunderbird',
|
||||
'500,6,80,Twitter,Twitter,Apple Mac OS Application Signing,maccatalyst.com.atebits.Tweetie2',
|
||||
'500,6,80,Wavebox Helper,Wavebox Helper,Developer ID Application: Bookry Ltd (4259LE8SU5),com.bookry.wavebox.helper',
|
||||
'500,6,80,WhatsApp,WhatsApp,Developer ID Application: WhatsApp Inc. (57T9237FN3),WhatsApp',
|
||||
'500,6,993,Mimestream,Mimestream,Developer ID Application: Mimestream, LLC (P2759L65T8),com.mimestream.Mimestream',
|
||||
'500,6,993,thunderbird,thunderbird,Developer ID Application: Mozilla Corporation (43AQ936H96),org.mozilla.thunderbird'
|
||||
|
|
@ -194,19 +195,19 @@ WHERE
|
|||
OR pos.remote_port > 1024
|
||||
)
|
||||
AND id_exception_key IN (
|
||||
'Developer ID Application: Docker Inc (9BNSXJN65R),com.docker',
|
||||
'Developer ID Application: Bookry Ltd (4259LE8SU5),com.bookry.wavebox.helper',
|
||||
'Developer ID Application: Brave Software, Inc. (KL8N8XSYF4),com.brave.Browser.helper',
|
||||
'Developer ID Application: Microsoft Corporation (UBF8T346G9),net.java.openjdk.java',
|
||||
'Developer ID Application: Google LLC (EQHXZ8M8AV),com.google.Chrome.helper',
|
||||
'Developer ID Application: Docker Inc (9BNSXJN65R),com.docker',
|
||||
'Developer ID Application: Vladimir Prelovac (TFVG979488),com.apple.WebKit.Networking',
|
||||
'Developer ID Application: Valve Corporation (MXGJJ98X76),com.valvesoftware.steam',
|
||||
'Developer ID Application: Google LLC (EQHXZ8M8AV),com.google.Chrome.helper',
|
||||
'Developer ID Application: Microsoft Corporation (UBF8T346G9),com.microsoft.edgemac.helper',
|
||||
'Developer ID Application: Microsoft Corporation (UBF8T346G9),net.java.openjdk.java',
|
||||
'Developer ID Application: Mozilla Corporation (43AQ936H96),org.mozilla.firefox',
|
||||
'Developer ID Application: Mozilla Corporation (43AQ936H96),org.mozilla.firefoxdeveloperedition',
|
||||
'Developer ID Application: Opera Software AS (A2P9LX4JPN),com.operasoftware.Opera.helper',
|
||||
'Developer ID Application: Spotify (2FNC3A47ZF),com.spotify.client.helper',
|
||||
'Developer ID Application: The Browser Company of New York Inc. (S6N382Y83G),company.thebrowser.browser.helper'
|
||||
'Developer ID Application: The Browser Company of New York Inc. (S6N382Y83G),company.thebrowser.browser.helper',
|
||||
'Developer ID Application: Valve Corporation (MXGJJ98X76),com.valvesoftware.steam',
|
||||
'Developer ID Application: Vladimir Prelovac (TFVG979488),com.apple.WebKit.Networking'
|
||||
)
|
||||
)
|
||||
GROUP BY
|
||||
|
|
|
|||
|
|
@ -45,28 +45,29 @@ WHERE
|
|||
AND size > 0
|
||||
)
|
||||
AND NOT homedir IN (
|
||||
'~/Library/Application Support/1Password',
|
||||
'~/Library/Application Support/Adobe',
|
||||
'~/Library/Application Support/Beeper',
|
||||
'~/Library/Application Support/com.tinyapp.TablePlus',
|
||||
'~/Library/Application Support/Jabra Direct',
|
||||
'~/Library/Application Support/discord',
|
||||
'~/Library/Application Support/Keybase',
|
||||
'~/Library/Application Support/1Password',
|
||||
'~/Library/Application Support/com.intelliscapesolutions.caffeine',
|
||||
'~/Library/Application Support/com.psiexams.psi-bridge-secure-browser',
|
||||
'~/Library/Application Support/GitHub Desktop',
|
||||
'~/Library/Application Support/Loom',
|
||||
'~/Library/Application Support/ZaloApp',
|
||||
'~/Library/Application Support/ZaloPC',
|
||||
'~/Library/Application Support/com.bohemiancoding.sketch3',
|
||||
'~/Library/Application Support/DropboxElectron',
|
||||
'~/Library/Application Support/Docker Desktop',
|
||||
'~/Library/Application Support/Slack',
|
||||
'~/Library/Application Support/Code',
|
||||
'~/Library/Application Support/lghub',
|
||||
'~/Library/Application Support/com.operasoftware.Opera',
|
||||
'~/Library/Application Support/com.apple.spotlight',
|
||||
'~/Library/Application Support/Lens'
|
||||
'~/Library/Application Support/com.bohemiancoding.sketch3',
|
||||
'~/Library/Application Support/com.intelliscapesolutions.caffeine',
|
||||
'~/Library/Application Support/com.operasoftware.Opera',
|
||||
'~/Library/Application Support/com.psiexams.psi-bridge-secure-browser',
|
||||
'~/Library/Application Support/com.tinyapp.TablePlus',
|
||||
'~/Library/Application Support/discord',
|
||||
'~/Library/Application Support/Docker Desktop',
|
||||
'~/Library/Application Support/DropboxElectron',
|
||||
'~/Library/Application Support/GitHub Desktop',
|
||||
'~/Library/Application Support/Jabra Direct',
|
||||
'~/Library/Application Support/Keybase',
|
||||
'~/Library/Application Support/Lens',
|
||||
'~/Library/Application Support/lghub',
|
||||
'~/Library/Application Support/Loom',
|
||||
'~/Library/Application Support/Presenting',
|
||||
'~/Library/Application Support/Slack',
|
||||
'~/Library/Application Support/ZaloApp',
|
||||
'~/Library/Application Support/ZaloPC'
|
||||
)
|
||||
AND NOT homepath IN (
|
||||
'~/Library/Application Support/.Shadowland5.5',
|
||||
|
|
|
|||
|
|
@ -76,16 +76,17 @@ WHERE
|
|||
'/usr/share/code/code'
|
||||
) -- long-running launchers
|
||||
AND NOT p1.name IN (
|
||||
'bash',
|
||||
'dnf',
|
||||
'electron',
|
||||
'fish',
|
||||
'gnome-shell',
|
||||
'kubelet',
|
||||
'kube-proxy',
|
||||
'lightdm',
|
||||
'nvim',
|
||||
'electron',
|
||||
'sh',
|
||||
'gnome-shell',
|
||||
'fish',
|
||||
'bash',
|
||||
'slack',
|
||||
'kube-proxy',
|
||||
'kubelet'
|
||||
'slack'
|
||||
) -- These alerts were unfortunately useless - lots of spam on macOS
|
||||
AND NOT (
|
||||
p1.path LIKE '/app/%'
|
||||
|
|
|
|||
|
|
@ -138,6 +138,7 @@ WHERE
|
|||
'~/Library/Application Support/BraveSoftware',
|
||||
'/Library/Application Support/Canon_Inc_IC',
|
||||
'~/.docker/cli-plugins/docker-sbom',
|
||||
'/Library/Application Support/com.canonical.multipass',
|
||||
'~/.docker/cli-plugins',
|
||||
'~/Library/Application Support/minecraft',
|
||||
'~/Library/Application Support/com.elgato.StreamDeck',
|
||||
|
|
@ -270,6 +271,7 @@ WHERE
|
|||
AND dir NOT LIKE '/private/tmp/go-build%/exe'
|
||||
AND dir NOT LIKE '/private/tmp/KSInstallAction.%/Install Google Software Update.app/Contents/Helpers'
|
||||
AND dir NOT LIKE '/private/tmp/nix-build-%'
|
||||
AND dir NOT LIKE '/private/var/folders/%/T/cargo-install%'
|
||||
AND dir NOT LIKE '/private/tmp/PKInstallSandbox.%/Scripts/com.microsoft.OneDrive.%'
|
||||
AND dir NOT LIKE '/private/var/db/com.apple.xpc.roleaccountd.staging/%.xpc/Contents/MacOS'
|
||||
AND dir NOT LIKE '/private/var/folders/%/bin'
|
||||
|
|
@ -286,23 +288,21 @@ WHERE
|
|||
AND s.authority NOT IN (
|
||||
'Apple iPhone OS Application Signing',
|
||||
'Apple Mac OS Application Signing',
|
||||
'Developer ID Application: reMarkable AS (4FFUD2H2F6)',
|
||||
'Developer ID Application: Adobe Inc. (JQ525L2MZD)',
|
||||
'Developer ID Application: Cisco (DE8Y96K9QP)',
|
||||
'Developer ID Application: Brother Industries, LTD. (5HCL85FLGW)',
|
||||
'Developer ID Application: Canonical Group Limited (X4QN7LTP59)',
|
||||
'Developer ID Application: Cisco (DE8Y96K9QP)',
|
||||
'Developer ID Application: CodeWeavers Inc. (9C6B7X7Z8E)',
|
||||
'Developer ID Application: Sublime HQ Pty Ltd (Z6D26JE4Y4)',
|
||||
'Developer ID Application: Corsair Memory, Inc. (Y93VXCB8Q5)',
|
||||
'Developer ID Application: Docker Inc (9BNSXJN65R)',
|
||||
'Developer ID Application: Mojang AB (HR992ZEAE6)',
|
||||
'Developer ID Application: Dropbox, Inc. (G7HH3F8CAK)',
|
||||
'Developer ID Application: Figma, Inc. (T8RA8NE3B7)',
|
||||
'Developer ID Application: GEORGE NACHMAN (H7V7XYVQ7D)',
|
||||
'Developer ID Application: Snyk Limited (97QYW7LHSF)',
|
||||
'Developer ID Application: Google LLC (EQHXZ8M8AV)',
|
||||
'Developer ID Application: Hashicorp, Inc. (D38WU7D763)',
|
||||
'Developer ID Application: Logitech Inc. (QED4VVPZWA)',
|
||||
'Developer ID Application: Microsoft Corporation (UBF8T346G9)',
|
||||
'Developer ID Application: Mojang AB (HR992ZEAE6)',
|
||||
'Developer ID Application: Ned Deily (DJ3H93M7VJ)',
|
||||
-- ^-- Python
|
||||
'Developer ID Application: Node.js Foundation (HX7739G8FX)',
|
||||
|
|
@ -310,6 +310,9 @@ WHERE
|
|||
'Developer ID Application: Objective-See, LLC (VBG97UB4TA)',
|
||||
'Developer ID Application: Opal Camera Inc (97Z3HJWCRT)',
|
||||
'Developer ID Application: Oracle America, Inc. (VB5E2TV963)',
|
||||
'Developer ID Application: reMarkable AS (4FFUD2H2F6)',
|
||||
'Developer ID Application: Snyk Limited (97QYW7LHSF)',
|
||||
'Developer ID Application: Sublime HQ Pty Ltd (Z6D26JE4Y4)',
|
||||
'Developer ID Application: TablePlus Inc (3X57WP8E8V)',
|
||||
'Developer ID Application: Tenable, Inc. (4B8J598M7U)',
|
||||
'Developer ID Application: Valve Corporation (MXGJJ98X76)',
|
||||
|
|
|
|||
|
|
@ -128,13 +128,17 @@ WHERE
|
|||
) -- 7. Volumes containing a top-level symlink to something other than /Applications, such as yWnBJLaF (1302.app)
|
||||
OR (
|
||||
file.symlink = 1
|
||||
AND magic.data != 'symbolic link to /Applications'
|
||||
AND magic.data != 'symbolic link to /Applications/'
|
||||
AND magic.data != 'symbolic link to .'
|
||||
AND magic.data NOT IN (
|
||||
'/Library/Application Support/Apple/Safari/SafariForWebKitDevelopment',
|
||||
'symbolic link to .',
|
||||
'symbolic link to /Applications',
|
||||
'symbolic link to /Applications/',
|
||||
'symbolic link to ../Resources/public',
|
||||
'symbolic link to steam_osx'
|
||||
)
|
||||
-- emacs
|
||||
AND magic.data != 'symbolic link to bin-x86%'
|
||||
AND magic.data NOT LIKE 'symbolic link to bin-x86%'
|
||||
AND magic.data NOT LIKE 'symbolic link to /Users/%/My Drive'
|
||||
AND magic.data NOT LIKE 'symbolic link to /Library/Application Support/Apple/Safari/SafariForWebKitDevelopment'
|
||||
)
|
||||
)
|
||||
GROUP BY
|
||||
|
|
|
|||
|
|
@ -38,12 +38,12 @@ WHERE
|
|||
AND file.btime > (strftime('%s', 'now') -86400)
|
||||
AND domain NOT IN (
|
||||
'adobe.com',
|
||||
'asana.com',
|
||||
'akmedia.digidesign.com',
|
||||
'alfredapp.com',
|
||||
'android.com',
|
||||
'apple.com',
|
||||
'arc.net',
|
||||
'asana.com',
|
||||
'balena.io',
|
||||
'balsamiq.com',
|
||||
'brave.com',
|
||||
|
|
@ -94,8 +94,10 @@ WHERE
|
|||
'osuosl.org',
|
||||
'pqrs.org',
|
||||
'prusa3d.com',
|
||||
'amazon.com',
|
||||
'remarkable.com',
|
||||
'rewind.ai',
|
||||
's3.amazonaws.com',
|
||||
'securew2.com',
|
||||
'signal.org',
|
||||
'skype.com',
|
||||
|
|
@ -123,6 +125,7 @@ WHERE
|
|||
-- NOTE: Do not put all of storage.googleapis.com or similarly generic hosts here
|
||||
AND host NOT IN (
|
||||
'arc.net',
|
||||
'presenting.app',
|
||||
'adoptium.net',
|
||||
'balsamiq.com',
|
||||
'brave.com',
|
||||
|
|
@ -162,6 +165,7 @@ WHERE
|
|||
-- Yes, these are meant to be fairly broad.
|
||||
AND host NOT LIKE 'download%'
|
||||
AND host NOT LIKE 'cdn%'
|
||||
AND host NOT LIKE '%.cdn.%.com'
|
||||
AND host NOT LIKE '%.edu'
|
||||
AND host NOT LIKE 'github-production-release-asset-%.s3.amazonaws.com'
|
||||
AND host NOT LIKE '%.org'
|
||||
|
|
|
|||
|
|
@ -280,9 +280,14 @@ WHERE -- Focus on longer-running programs
|
|||
'/usr/sbin/systemstats',
|
||||
'/usr/sbin/WirelessRadioManagerd'
|
||||
)
|
||||
AND NOT path LIKE '/nix/store/%-nix-%/bin/nix'
|
||||
AND NOT path LIKE '/opt/homebrew/Cellar/htop/%/bin/htop'
|
||||
AND NOT path LIKE '/opt/homebrew/Cellar/btop/%/bin/btop'
|
||||
AND NOT path LIKE '/opt/homebrew/Cellar/socket_vmnet/%/bin/socket_vmnet'
|
||||
AND NOT path LIKE '/usr/local/Cellar/htop/%/bin/htop'
|
||||
AND NOT path LIKE '/usr/local/Cellar/btop/%/bin/btop'
|
||||
AND NOT path LIKE '/usr/local/kolide-k2/bin/launcher-updates/%/Kolide.app/Contents/MacOS/launcher'
|
||||
AND NOT path LIKE '/usr/local/kolide-k2/bin/osqueryd-updates/%/osqueryd'
|
||||
AND NOT path LIKE '/usr/local/Cellar/htop/%/bin/htop'
|
||||
GROUP BY
|
||||
path
|
||||
)
|
||||
|
|
@ -315,14 +320,6 @@ WHERE -- Focus on longer-running programs
|
|||
'Developer ID Application: X-Rite, Incorporated (2K7GT73B4R)',
|
||||
'Software Signing'
|
||||
)
|
||||
AND NOT (
|
||||
p0.path LIKE '/opt/homebrew/Cellar/socket_vmnet/%/bin/socket_vmnet'
|
||||
AND s.identifier = 'socket_vmnet'
|
||||
)
|
||||
AND NOT (
|
||||
p0.path LIKE '/nix/store/%-nix-%/bin/nix'
|
||||
AND s.identifier = 'nix'
|
||||
)
|
||||
AND NOT (
|
||||
p0.path = '/Library/Printers/DYMO/Utilities/pnpd'
|
||||
AND s.identifier = 'pnpd'
|
||||
|
|
|
|||
Loading…
Reference in New Issue