• log ignore improvements
  • add support for domains and hashes
  • drop support for process names since those can be impersonated
• add new experimental feature "Every exe (not just conns)"
  • this feature will likely be forever "experimental" since it is slightly outside of the goals/scope of picosnitch, and difficult to improve upon with existing kernel and bpf features, but was trivial to add in its current form without interfering with other functionality
  • it functions sort of like real time monitoring in traditional anti-malware software and may be useful for people who want greater intrusion detection coverage