diff --git a/changelog/log.rst b/changelog/log.rst index c9268f5..97907fd 100644 --- a/changelog/log.rst +++ b/changelog/log.rst @@ -3,6 +3,18 @@ Changelog In this chapter you can find all the changes for THOR 10.7 +THOR 10.7.27 +~~~~~~~~~~~~ + +.. list-table:: + :header-rows: 1 + :widths: 15, 85 + + * - Type + - Description + * - Bugfix + - Scheduled tasks now list all commands instead of only the first one + THOR 10.7.26 ~~~~~~~~~~~~ diff --git a/usage/configuration.rst b/usage/configuration.rst index 45fdd1b..ac2ef00 100644 --- a/usage/configuration.rst +++ b/usage/configuration.rst @@ -107,9 +107,8 @@ the stability of your system you are trying to scan. Maximum File Size ----------------- -The default maximum file size for deeper investigations (hash -calculation and YARA scanning) is 30 MB. The maximum file size for the -``--intense`` scan mode is 100 MB. +The default maximum file size for content checks (hash calculation and YARA scanning) +is 30 MB. The maximum file size for the ``--intense`` scan mode is 200 MB. You can adjust the values in ``./config/thor.yml``. This file does not get overwritten by an update or upgrade. diff --git a/usage/debugging.rst b/usage/debugging.rst index ccdb5fa..ceb42a4 100644 --- a/usage/debugging.rst +++ b/usage/debugging.rst @@ -91,7 +91,7 @@ in the config file ``./config/thor.yml``. .. code-block:: doscon - C:\nextron\thor>thor64.exe --max_file_size 206233600 # setting max file size to 100 MB + C:\nextron\thor>thor64.exe --max_file_size 206233600 # setting max file size to 200 MB .. literalinclude:: ../examples/thor.yaml :caption: Default thor.yaml diff --git a/usage/special-scan-modes.rst b/usage/special-scan-modes.rst index 00d08b0..9cb5a49 100644 --- a/usage/special-scan-modes.rst +++ b/usage/special-scan-modes.rst @@ -19,9 +19,14 @@ disabled and intense mode is activated by default. The ``--lab`` parameter automatically activates the following other options: -* intense (scan every file intensively regardless of its extension or magic header) +* Enable intense mode, which causes several changes: + + * scan every file intensively regardless of its extension or magic header + * Use ``--max_file_size_intense`` (200MB by default) instead of ``--max_file_size`` + * Set ``--max-reasons`` to unlimited + * Reduce ``--minimum-sigma-level`` to medium + * Set ``--nosoft`` (do not automatically activate soft mode on systems with single core CPUs or low memory) * norescontrol (do not limit system resources or interrupt scan on low memory) -* nosoft (do not automatically activate soft mode on systems with single core CPUs or low memory) * nodoublecheck (do not check for other THOR instances on the same system and do not interrupt scan if another instance has been found) * multi-threading (it automatically sets the number of threads to use to the number of CPU cores found on the workstation)