santa

Santa &nbsp; &nbsp;consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server.<br/>It is named Santa because it keeps track of binaries that are naughty or nice.

Santa 数据集包含一个监控执行操作的内核扩展，一个基于SQLite数据库内容进行执行决策的用户空间守护进程，一个GUI代理用于在发生阻止决策时通知用户，以及一个用于管理系统并与服务器同步数据库的命令行实用工具。之所以命名为Santa，是因为它负责追踪那些品行不端或品行端正的二进制文件。