Mod app.conf to set default path to Wireshark and Sysmon
guthubnik opened this issue · comments
Behaviour
WindowsSpyBlocker v.4.38.0 don't use the default install directory of Wireshark and Sysmon.
On a Win7x32 OS Wireshark is installed as default in "%ProgramFiles%\Wireshark"
and Sysmon as default in "%WinDir%\ Sysmon.exe",
but WindowsSpyBlocker look only in his own folder (as a 'portable app with all components on board'):
.\libs\wireshark\tshark.exe
.\libs\sysmon\sysmon.exe
and not also in the default install folders of the OS.
Steps to reproduce this issue
2 - Print list of network interfaces
3 - Capture (required Npcap)
4 - Extract log
'menu' for help [dev-wireshark]> 2
'menu' for help [dev-wireshark]> 3
'menu' for help [dev-wireshark]> 4
Expected behaviour
Tell me what should happen
- Print list of network interfaces
- Capture
- Extract log
Actual behaviour
Tell me what happens instead
First Problem The executable image is not found on the system (although it is installed with default settings) and WindowsSpyBlocker tries to download it:
Downloading https://dl.crazymax.dev/Wireshark-win64-3.0.2.zip... Error: Head "https://dl.crazymax.dev/Wireshark-win64-3.0.2.zip": x509: certificate has expired or is not yet valid:
Second Problem: WindowsSpyBlocker try to download Wireshark in wrong architecture (as x64 instead of x32) as showed in UR.
Rules used
(ex:
data/firewall/spy.txt
)
this is not relevant for this problem case
Configuration
Country (ex. United-States) : DE-DE
Operating system (ex. Windows 10 Pro 64 bits) : Windows 7 x32 (Ultimate, v.6.1, Build 7601: SP1)
Downloading https://dl.crazymax.dev/Wireshark-win64-3.0.2.zip... Error: Head "https://dl.crazymax.dev/Wireshark-win64-3.0.2.zip": x509: certificate has expired or is not yet valid:
This error should be fixed now but agree to allow using one from PATH.
Thank.
Is it now possible to add another path to tshark.exe and sysmon.exe, e.g. via app.conf? I don't like to make Junctions or Symbollinks to such images in .\libs\ folder (that is in root directory of WindowsSpyBlocker).