[et_pb_section fb_built=”1″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_row _builder_version=”4.7.7″ _module_preset=”default”][et_pb_column type=”4_4″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_text _builder_version=”4.7.7″ _module_preset=”default”]<\/p>\n
We are glad to announce significant performance improvements in the latest versions of THOR.<\/p>\n
We’ve refactored several processing units to bulk scan elements that have previously been checked each at a time. These changes affect the modules “Eventlog”, “Registry”, “RegistryHive” and “Logscan”.\u00a0<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_column type=”2_5″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_text _builder_version=”4.7.7″ _module_preset=”default”]<\/p>\n
The performance improvements are impressive, especially on systems with big Windows event logs or log files on disk, but also on systems that contain a lot of registry hives like domain controllers or multi-user systems.\u00a0<\/p>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/12\/Screenshot-2020-12-18-at-12.13.19.png” title_text=”Screenshot 2020-12-18 at 12.13.19″ _builder_version=”4.7.7″ _module_preset=”default”][\/et_pb_image][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/12\/Screenshot-2020-12-18-at-12.13.31.png” title_text=”Screenshot 2020-12-18 at 12.13.31″ _builder_version=”4.7.7″ _module_preset=”default”][\/et_pb_image][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/12\/Screenshot-2020-12-18-at-12.13.49.png” title_text=”Screenshot 2020-12-18 at 12.13.49″ _builder_version=”4.7.7″ _module_preset=”default”][\/et_pb_image][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/12\/Screenshot-2020-12-18-at-12.13.58.png” title_text=”Screenshot 2020-12-18 at 12.13.58″ _builder_version=”4.7.7″ _module_preset=”default”][\/et_pb_image][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/12\/Screenshot-2020-12-18-at-12.14.10.png” title_text=”Screenshot 2020-12-18 at 12.14.10″ _builder_version=”4.7.7″ _module_preset=”default”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.7.7″ _module_preset=”default”][et_pb_column type=”4_4″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_text _builder_version=”4.7.7″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″]<\/p>\n
As these changes result in significant speed benefits, we’ve decided to exclude some elements from the “max-file-size” limit.<\/p>\n
In the past, log files or registry hives bigger than “max-file-size” (default 12MB) have been skipped in normal scan modes. Only in intense (–intense) and lab scanning mode (–fsonly \/ –lab in TechPreview) these files have been included and analyzed with the respective modules.<\/p>\n
THOR v10.5.9 and THOR v10.6.2 TechPreview now include these elements in their deeper analysis during file system scans. This could lead to longer scan times in some cases. We believe that overall scans turn out to be suprisingly faster and would be interested in feedback on the scan durations in your environments.\u00a0<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"
We are glad to announce significant performance improvements in the latest versions of THOR. We’ve refactored several processing units to bulk scan elements that have previously been checked each at a time. These changes affect the modules “Eventlog”, “Registry”, “RegistryHive” and “Logscan”.\u00a0The performance improvements are impressive, especially on systems with big Windows event logs or log files on disk, but also on systems that contain a lot of registry hives like domain controllers or multi-user systems.\u00a0As these changes result in significant speed benefits, we’ve decided to exclude some elements from the “max-file-size” limit. In the past, log files or registry hives bigger than “max-file-size” (default 12MB) have been skipped in normal scan modes. Only in intense (–intense) and lab scanning mode (–fsonly \/ –lab in TechPreview) these files have been included and analyzed with the respective modules. THOR v10.5.9 and THOR v10.6.2 TechPreview now include these elements in their deeper analysis during file system scans. This could lead to longer scan times in some cases. We believe that overall scans turn out to be suprisingly faster and would be interested in feedback on the scan durations in your environments.\u00a0<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[46,32],"tags":[90,170,592,593,89,520,463,117,59,584,5,48],"class_list":["post-9082","post","type-post","status-publish","format-standard","hentry","category-newsletter","category-thor","tag-analysis","tag-file","tag-hive","tag-improvement","tag-log","tag-performance","tag-registry","tag-scan","tag-sigma","tag-techpreview","tag-thor","tag-yara"],"yoast_head":"\n