SergeyCVS
Мож ты мне что по поводу НТ4 и Virus scan 4.5.1 подскажешь? Ты тут вроде как самый спец по макафовским продуктам...
Мож ты мне что по поводу НТ4 и Virus scan 4.5.1 подскажешь? Ты тут вроде как самый спец по макафовским продуктам...
» Корпоративные продукты McAfee / Networks Associates (NAI)
Liberty_2000
у меня нет опыта по работе с AUArhitect+VirusScan Multiplatform v4.5.1 + NT4. если было бы что подсказать, то обязательно подсказал бы. в логах самого VirusScan Multiplatform v4.5.1 есть какиньть ерроры?
у меня нет опыта по работе с AUArhitect+VirusScan Multiplatform v4.5.1 + NT4. если было бы что подсказать, то обязательно подсказал бы. в логах самого VirusScan Multiplatform v4.5.1 есть какиньть ерроры?
SergeyCVS
Цитата:
Конечно смотрел и поиск делал.
SergeyCVS ты не знаешь, как ePO определяет, есть такой агент у него в директори или нет?
Цитата:
ты в Lost&Found смотрел?
Конечно смотрел и поиск делал.
SergeyCVS ты не знаешь, как ePO определяет, есть такой агент у него в директори или нет?
MCAFEE VIRUSSCAN 8I ENTERPRISE + PATCH 11A+ ANTISPYWARE MODULE + ENGINE 4400(ПОСЛЕДНИЙ ОФИЦИАЛЬНЫЙ) + НОВЕЙШАЯ НА СЕГОДНЯ АНТИВИРУСНАЯ БАЗА - ПРОПУСКАЕТ ВИРУСЫ
+ фаервол Windows XP
Как я проводил тестирование:
На свежеустановленную систему была установлена вышеупомянутая поставка.
Заходим на сайт
www.cracks.am
Нажимаем на любую букву алфавита на экране. Например M.
Выбираем из списка любой понравившийся крек. Например M&I CD-Register v3.3
В открывшемся окне нажимаем Download the file кнопку.
Открывается окно c предложением сохранить или выполнить файл activate_crack.exe.
Выбираем - Выполнить. В появишемся окне - опять соглашаемся.
Далее ждем когда антивирус начинает разбираться с потоком вирусов.
В результате получаем проблему со стартовой страницей Internet Explorer
и невозможностью включения брандмауэра XP.
На другой системе этот тест привел к выходу из строя этого антивируса, проблемам с визуализацией и зараженим системы (по показаниям SAV9 в дальнейшем)
SAV 10.1(самый последний билд) - прошел тест без проблем.
Тест был проведен по наводке администратора банка. Он утверждает что человека который поставил в одном из подразделений этот антивирус и с cracks.am который пропустил вирус nechta.b - понизили в должности. Порекомендовал не связываться с VSE8.
ГОВОРИТ ЛИ ЭТО О ТОМ ЧТО VSE8 - НЕХОРОШИЙ АНТИВИРУС?
ОЧЕНЬ ВАЖНО ЧТО ДЛЯ ТЕСТОВ С CRACKS.AM ИСПОЛЬЗОВАЛСЯ ПОСЛЕДНИЙ ОФИЦИАЛЬНЫЙ
ДВИЖОК 4400, А НЕ BETA 5000!
+ фаервол Windows XP
Как я проводил тестирование:
На свежеустановленную систему была установлена вышеупомянутая поставка.
Заходим на сайт
www.cracks.am
Нажимаем на любую букву алфавита на экране. Например M.
Выбираем из списка любой понравившийся крек. Например M&I CD-Register v3.3
В открывшемся окне нажимаем Download the file кнопку.
Открывается окно c предложением сохранить или выполнить файл activate_crack.exe.
Выбираем - Выполнить. В появишемся окне - опять соглашаемся.
Далее ждем когда антивирус начинает разбираться с потоком вирусов.
В результате получаем проблему со стартовой страницей Internet Explorer
и невозможностью включения брандмауэра XP.
На другой системе этот тест привел к выходу из строя этого антивируса, проблемам с визуализацией и зараженим системы (по показаниям SAV9 в дальнейшем)
SAV 10.1(самый последний билд) - прошел тест без проблем.
Тест был проведен по наводке администратора банка. Он утверждает что человека который поставил в одном из подразделений этот антивирус и с cracks.am который пропустил вирус nechta.b - понизили в должности. Порекомендовал не связываться с VSE8.
ГОВОРИТ ЛИ ЭТО О ТОМ ЧТО VSE8 - НЕХОРОШИЙ АНТИВИРУС?
ОЧЕНЬ ВАЖНО ЧТО ДЛЯ ТЕСТОВ С CRACKS.AM ИСПОЛЬЗОВАЛСЯ ПОСЛЕДНИЙ ОФИЦИАЛЬНЫЙ
ДВИЖОК 4400, А НЕ BETA 5000!
Цитата:
Нажимаем на любую букву алфавита на экране. Например M.
Выбираем из списка любой понравившийся крек. Например M&I CD-Register v3.3
В открывшемся окне нажимаем Download the file кнопку.
Открывается окно c предложением сохранить или выполнить файл activate_crack.exe.
Выбираем - Выполнить. В появишемся окне - опять соглашаемся.
Далее ждем когда антивирус начинает разбираться с потоком вирусов.
Не знаю, что у тея там за VSE8, но я только что проверял - все "delete".
Делал все точно так же, загрузился ACTIVATE_CRACK.EXE на диск D который начал качать всяких там троянов и тд. Сколько соединений было - столько же в логах McAfee сообщений oб удалении всякой шняги. VSE-8+patch11+antyspyware module, dat-4731 engine-5000
Добавлено:
engine version = 5.0.00
01.04.2006 4:15:09 DAT version = 4731
01.04.2006 4:15:09 Number of virus signatures in EXTRA.DAT = None
01.04.2006 4:15:09 Names of viruses that EXTRA.DAT can detect = None
01.04.2006 4:17:04 Deleted activate_crack. C:\kl1.exe Generic Spy.c (Trojan)
01.04.2006 4:19:19 Deleted activate_crack. C:\tool2.exe Downloader-AFH (Trojan)
01.04.2006 4:19:52 Deleted activate_crack. C:\Documents and Settings\...\Local Settings\Temporary Internet Files\Content.IE5\8M1SULMU\gxtliblfa[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:19:53 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:20:20 Deleted activate_crack. C:\Documents and Settings\..............\Local Settings\Temporary Internet Files\Content.IE5\2QQ8I41K\gxtliblfa[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:20:20 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:20:36 Deleted activate_crack. C:\Documents and Settings\Galina\Local Settings\Temporary Internet Files\Content.IE5\8M1SULMU\gxtliblfa[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:20:36 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:20:43 Deleted activate_crack. C:\Documents and Settings\.............\Local Settings\Temporary Internet Files\Content.IE5\2QQ8I41K\gxtliblfa[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:20:43 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:20:53 Deleted activate_crack. C:\Documents and Settings\............\Local Settings\Temporary Internet Files\Content.IE5\8M1SULMU\gxtliblfa[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:20:53 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:49:01 Deleted activate_crack. C:\kl1.exe Generic Spy.c (Trojan)
01.04.2006 4:49:26 Deleted activate_crack. C:\tool2.exe Downloader-AFH (Trojan)
01.04.2006 4:49:54 Deleted activate_crack. C:\Documents and Settings\.............\Local Settings\Temporary Internet Files\Content.IE5\8M1SULMU\jjvlue[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:49:55 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:49:59 Deleted activate_crack. C:\Documents and Settings\Galina\Local Settings\Temporary Internet Files\Content.IE5\2QQ8I41K\jjvlue[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:49:59 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:50:04 Deleted activate_crack. C:\Documents and Settings\................\Local Settings\Temporary Internet Files\Content.IE5\8M1SULMU\jjvlue[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:50:04 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:50:21 Deleted activate_crack. C:\Documents and Settings\.............\Local Settings\Temporary Internet Files\Content.IE5\2QQ8I41K\jjvlue[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:50:21 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:50:34 Deleted activate_crack. C:\Documents and Settings\............\Local Settings\Temporary Internet Files\Content.IE5\8M1SULMU\jjvlue[1].htm ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:50:35 Deleted activate_crack. C:\country.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:50:42 Deleted activate_crack. C:\Documents and Settings\............\Local Settings\Temporary Internet Files\Content.IE5\2QQ8I41K\gbjedba[1].htm StartPage-IH (Trojan)
01.04.2006 4:50:42 Deleted activate_crack. C:\Program Files\secure32.html StartPage-IH (Trojan)
01.04.2006 4:51:06 Deleted activate_crack. C:\Documents and Settings\..............\Local Settings\Temporary Internet Files\Content.IE5\M1QA5MFE\gbjedba[1].htm StartPage-IH (Trojan)
01.04.2006 4:51:06 Deleted activate_crack. C:\Program Files\secure32.html StartPage-IH (Trojan)
01.04.2006 4:51:11 Deleted activate_crack. C:\Documents and Settings\...........\Local Settings\Temporary Internet Files\Content.IE5\2QQ8I41K\gbjedba[1].htm StartPage-IH (Trojan)
01.04.2006 4:51:11 Deleted activate_crack. C:\Program Files\secure32.html StartPage-IH (Trojan)
01.04.2006 4:51:16 Deleted activate_crack. C:\Documents and Settings\................\Local Settings\Temporary Internet Files\Content.IE5\M1QA5MFE\gbjedba[1].htm StartPage-IH (Trojan)
01.04.2006 4:51:16 Deleted activate_crack. C:\Program Files\secure32.html StartPage-IH (Trojan)
01.04.2006 4:51:23 Deleted activate_crack. C:\Documents and Settings\.............\Local Settings\Temporary Internet Files\Content.IE5\2QQ8I41K\gbjedba[1].htm StartPage-IH (Trojan)
01.04.2006 4:51:23 Deleted activate_crack. C:\Program Files\secure32.html StartPage-IH (Trojan)
01.04.2006 4:53:27 Deleted activate_crack. C:\toolbar.exe DollarRevenue (Trojan)
01.04.2006 4:53:33 Deleted activate_crack. C:\tool1.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:53:47 Deleted activate_crack. C:\tool3.exe Proxy-Agent.k.gen (Trojan)
01.04.2006 4:53:54 Deleted activate_crack. C:\tool4.exe ProcKill-DJ (Potentially Unwanted Program)
01.04.2006 4:53:59 Deleted activate_crack. C:\tool5.exe ProcKill-DJ (Potentially Unwanted Program)
ogamy
ПРОЧИТАЙ ПОЖАЛУЙСТА ПОВТОРНО МОЙ ПРЕДЫДУЩИЙ ПОСТ
ПРОЧИТАЙ ПОЖАЛУЙСТА ПОВТОРНО МОЙ ПРЕДЫДУЩИЙ ПОСТ
SpasitelofMoney
так что за вирус был пропущен?
nechta.b? Это по классификации какого вендора?
так что за вирус был пропущен?
nechta.b? Это по классификации какого вендора?
Да действительно пропустил.
Модификацией реестра занималась вот эта гнида - paytime.exe(в пропертях-модифицырованный EXPLORER.EXE), ms1.exe Trojan-Downloader.Win32.Small.cpa-этот он увидел только со второго раза когда я его носом ткнул.
Было еще несколько.
Это только те что я в корне диска нашел. Все отправил на AVERT - опознали толко ms1.exe и paytime.exe которого в сигнатурах еще нет.
=======================================
Analysis ID File Findings Detection Type Date Extra
2282768 ms1.exe new detection generic downloader.ab Trojan 03/31/06 Yes
2282696 paytime.exe heuristic detection new malware.j Trojan 03/31/06 No
2282690 activate_crack.exe inconclusive 03/31/06 No
=========================================
AVERT Labs - Beaverton
Current Scan Engine Version:4.4.00
Current DAT Version:4731
Thank you for your submission.
Analysis ID: 2282696
Name Findings Detection Type Extra
paytime.exe heuristic detection new malware.j Trojan no
heuristic detection [ paytime.exe ]
The file received may contain a potential virus or trojan threat identified heuristically. This potential threat was identified with our most powerful set of heuristic DAT drivers. Heuristic drivers can make false-positive identifications, as such, this issue is being escalated to AVERT for a thorough review. In the meantime, it is recommended that you update your DAT and engine files and scan your computer again. You will be contacted through e-mail with the results of our analysis.
=======================================
странно то что у меня то же Scan Engine Version:4.4.00,DAT Version:4731-но он ни хрена не словил.
Scan Engine Version:5000rc - ваааабще АТЦТОЙ
И еще така проблема, может кто сталкивался - svchost.exe выгружает mcshild.exe и останавливает сервис McAfee, при попытке рестартовать системма зависает навсегда.
Модификацией реестра занималась вот эта гнида - paytime.exe(в пропертях-модифицырованный EXPLORER.EXE), ms1.exe Trojan-Downloader.Win32.Small.cpa-этот он увидел только со второго раза когда я его носом ткнул. Было еще несколько. Это только те что я в корне диска нашел. Все отправил на AVERT - опознали толко ms1.exe и paytime.exe которого в сигнатурах еще нет. =======================================
Analysis ID File Findings Detection Type Date Extra
2282768 ms1.exe new detection generic downloader.ab Trojan 03/31/06 Yes
2282696 paytime.exe heuristic detection new malware.j Trojan 03/31/06 No
2282690 activate_crack.exe inconclusive 03/31/06 No
=========================================
AVERT Labs - Beaverton
Current Scan Engine Version:4.4.00
Current DAT Version:4731
Thank you for your submission.
Analysis ID: 2282696
Name Findings Detection Type Extra
paytime.exe heuristic detection new malware.j Trojan no
heuristic detection [ paytime.exe ]
The file received may contain a potential virus or trojan threat identified heuristically. This potential threat was identified with our most powerful set of heuristic DAT drivers. Heuristic drivers can make false-positive identifications, as such, this issue is being escalated to AVERT for a thorough review. In the meantime, it is recommended that you update your DAT and engine files and scan your computer again. You will be contacted through e-mail with the results of our analysis.
=======================================
странно то что у меня то же Scan Engine Version:4.4.00,DAT Version:4731-но он ни хрена не словил.
Scan Engine Version:5000rc - ваааабще АТЦТОЙ
И еще така проблема, может кто сталкивался - svchost.exe выгружает mcshild.exe и останавливает сервис McAfee, при попытке рестартовать системма зависает навсегда.
ogamy
SpasitelofMoney
1- голову на плечах еще никто не отменял,
2- а какие правила у вас в Access Protection? Не думаю, чтобы с настройками "блокировать запись в системную папку System32" прошел бы такой фокус.
Добавлено:
На VSE 8.5 заражения не случилось.
SpasitelofMoney
1- голову на плечах еще никто не отменял,
2- а какие правила у вас в Access Protection? Не думаю, чтобы с настройками "блокировать запись в системную папку System32" прошел бы такой фокус.
Добавлено:
На VSE 8.5 заражения не случилось.
В том то все идело что все ГАВНО заливается в основном в корень или переменные.
C:\toolbar.exe C:\tool1.exe C:\country.exe C:\Documents and Settings\..............\Local Settings\Temporary Internet Files !!!!!!!х D:\ACTIVATE_CRACK.EXE х!!!!!!!!
примечательно то что и после перезагрузки он ни ЧО НЕ видел пока НОСОМ не ткнул.
On-Demand Scan тоже ничего не показал.
VSE 8.5 ждем релиза.
C:\toolbar.exe C:\tool1.exe C:\country.exe C:\Documents and Settings\..............\Local Settings\Temporary Internet Files !!!!!!!х D:\ACTIVATE_CRACK.EXE х!!!!!!!!
примечательно то что и после перезагрузки он ни ЧО НЕ видел пока НОСОМ не ткнул.
On-Demand Scan тоже ничего не показал.
VSE 8.5 ждем релиза.
Прислали EXTRA.DAT
Кому надо могу на почту сбросить.
Кому надо могу на почту сбросить.
ogamy
...svchost.exe выгружает mcshild.exe...
- это связано или нет с тестом cracks.am?
То есть было ли это до первого запуска activate_crack.exe ?
Yurk
Пропущенный в банке вирус назывался Neshta.b
wood
Использовались дефолтные настройки.
Тема обсуждается еще здесь:
http://www.anti-malware.ru/phpbb/viewtopic.php?t=617
http://forum.ixbt.com/topic.cgi?id=7:26107
http://forum.sysadmins.ru/15/111611/
...svchost.exe выгружает mcshild.exe...
- это связано или нет с тестом cracks.am?
То есть было ли это до первого запуска activate_crack.exe ?
Yurk
Пропущенный в банке вирус назывался Neshta.b
wood
Использовались дефолтные настройки.
Тема обсуждается еще здесь:
http://www.anti-malware.ru/phpbb/viewtopic.php?t=617
http://forum.ixbt.com/topic.cgi?id=7:26107
http://forum.sysadmins.ru/15/111611/
Нет с тестом на прямую это не связано. Грабли были и до это. Но появились в один момент. Как точно не могу сказать я сначала внимания не обратил, но когда при каждом и-нет соединении сервис стал падать... (только при раличии активного интернет соединения)Применение патчей, различных вариантов настроек не помогало. Недели три мучался. Причину не мог найти.Надоело.
С утра снес VSE8.0 и поставил бету8.5. Проблемма изчезла. Вродебы. В AccesProtection создал правило File/Folder blocking rule на любые действия на диске С: report только.
Другая проблема появилась - не работает скан правой педалью. Как и нет такой функции, и в логах на этот счет пусто.
С утра снес VSE8.0 и поставил бету8.5. Проблемма изчезла. Вродебы. В AccesProtection создал правило File/Folder blocking rule на любые действия на диске С: report только.
Другая проблема появилась - не работает скан правой педалью. Как и нет такой функции, и в логах на этот счет пусто.
SpasitelofMoney
Цитата:
по-умолчанию "только отчет" - смотри в логах, что и куда распихалось
Цитата:
Использовались дефолтные настройки.
по-умолчанию "только отчет" - смотри в логах, что и куда распихалось
wood
Мы вообще-то здесь обсуждаем, то что Real-Time McAfee VSE8 сканирование пропускает вирусы!
Кстати McAfee выпустила нужное обновление и в данный момент запуск
activate_crack.exe не заражает компьютер.
ogamy
Можешь ли предположить с чем связана проблема с падением сервиса?
Варианты:
1. Твой комп начал глючить так как на программном уровне уже дошел до ручки
2. проблемы создают следы ранее установленных антивирусов
3. несовершенство антивируса McAfee VSE8
Мы вообще-то здесь обсуждаем, то что Real-Time McAfee VSE8 сканирование пропускает вирусы!
Кстати McAfee выпустила нужное обновление и в данный момент запуск
activate_crack.exe не заражает компьютер.
ogamy
Можешь ли предположить с чем связана проблема с падением сервиса?
Варианты:
1. Твой комп начал глючить так как на программном уровне уже дошел до ручки
2. проблемы создают следы ранее установленных антивирусов
3. несовершенство антивируса McAfee VSE8
SpasitelofMoney
Не может никакой антивирус знать ВСЕХ вирусов. У меня тоже дрвеб находил вирусы, а макэфи молчал, как партизан. Ну и что? Залил их на сайт и в следующем обновлении эти файлы уже лечились. Хотя, к слову, скорость реагирования на новые вирусы у лаборатории Данилова побыстрее была (в тот же день), да ещё и письмо прислали с названиями вирусов, которые они добавили в базу. А от NAI письмо так и не пришло, хотя вирусы из этих заражённых файлов уже скоро стали удаляться.
Не может никакой антивирус знать ВСЕХ вирусов. У меня тоже дрвеб находил вирусы, а макэфи молчал, как партизан. Ну и что? Залил их на сайт и в следующем обновлении эти файлы уже лечились. Хотя, к слову, скорость реагирования на новые вирусы у лаборатории Данилова побыстрее была (в тот же день), да ещё и письмо прислали с названиями вирусов, которые они добавили в базу. А от NAI письмо так и не пришло, хотя вирусы из этих заражённых файлов уже скоро стали удаляться.
19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\C_1252.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\PROGRAM FILES\POWERMENU\POWERMENUHOOK.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\Program Files\WINZIP\WINZIP.CHM User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\Program Files\WINZIP\WZPOPUP.HLP User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\Program Files\WINZIP\WZINST.CHM User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\MSCTFIME.IME User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\SECUR32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\CLBCATQ.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\COMRES.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\REGISTRATION\R000000000016.CLB User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:35 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\system32\Msimtf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:01:46 Would be blocked by behavior blocking rule (rule is currently not enforced) NT AUTHORITY\SYSTEM winlogon.exe C:\WINDOWS\media\Windows XP Ding.wav User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:01:47 Would be blocked by behavior blocking rule (rule is currently not enforced) NT AUTHORITY\SYSTEM winlogon.exe C:\WINDOWS\system32\Msctf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\IMM32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\LPK.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\USP10.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Program Files\google\Google Desktop Search\GoogleDesktopNetwork3.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WS2_32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WS2HELP.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\SHELL32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\WindowsShell.Manifest User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\uniq User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\Secur32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\rsaenh.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\6T80AEFF\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\JXBP4L3T\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\TVNX572L\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\CD996JDU\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Cookies\index.dat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\History\History.IE5\index.dat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:12 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\ws2_32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WS2HELP.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\System32\mswsock.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\DNSAPI.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\System32\winrnr.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\sensapi.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\RASAPI32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\rasman.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\TAPI32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\rtutils.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WINMM.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:22 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\system32\Msimtf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:44 Blocked by port blocking rule activate_crack * Common Maximum Protection:Prevent HTTP communication 85.249.23.119:80
03.04.2006 20:02:44 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:44 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:44 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\kl1.exe User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\kl1.exe User-defined Rules:Block create, delete files in sys drive Action blocked : Write
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NETa\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\kl1.exe User-defined Rules:Block create, delete files in sys drive Action blocked : Write
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\Galina\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:48 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:49 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\system32\Msimtf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:49 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\NTDLL.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\KERNEL32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\UNICODE.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\LOCALE.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:49 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\SORTTBLS.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:50 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\LZ32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:51 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\ADVAPI32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:52 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\RPCRT4.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\MSVCRT.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\CTYPE.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\PROGRAM FILES\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\PROGRAM FILES\MCAFEE\VIRUSSCAN ENTERPRISE\VSCAN.BOF User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\NTDLL.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\KERNEL32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\LZ32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\ADVAPI32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\RPCRT4.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\MSVCRT.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\PROGRAM FILES\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:54 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\Program Files\McAfee\VirusScan Enterprise\vscan.bof User-defined Rules:Block create, delete files in sys drive Action blocked : Read
Добавлено:
BETA VSE8.5
03.04.2006 6:18:34 Engine version =5000.0741
03.04.2006 6:18:34 AntiVirus DAT version =4731.0000
03.04.2006 6:18:34 Number of detection signatures in EXTRA.DAT =2
03.04.2006 6:18:34 Names of detection signatures in EXTRA.DAT =Generic Downloader (ED) Generic StartPage.w (ED)
**************************************************
Это логи AccesProtection
Добавлено:
03.04.2006 19:50:46 Moved (Clean failed) TEST\NET Opera.exe C:\Documents and Settings\NET\Application Data\Opera\Opera1\profile\cache4\opr00UB8.html\opr00UB8\00000337.js Exploit-IEPageSpoof (Trojan)
03.04.2006 19:50:51 Moved (Clean failed) TEST\NET GoogleDesktopCr* C:\quarantine\opr00UB8.html.mcm\opr00UB8.html\00000337.js Exploit-IEPageSpoof (Trojan)
********************************
Это данные One-Access Scanner
Добавлено:
Сщбственно тест провел что бы проследить действия вируса.
Добавлено:
извините не могу на VSE8.0 система виснет.
Добавлено:
tool1.exe,tool2.exe,tool3.exe,tool4.exe,tool5.exe,toolbar.exe,ms1.exe,country.exe,kl1.exe-это файлы создаваемые самим активат_крэком в корне диска С:, но без и-нета они 0 байт. Еще desktop.ini в темпах iexplore и opera.
Добавлено:
03.04.2006 22:08:16 User defined detection : Moved (Clean failed because the detection isn't cleanable) TEST\NET explorer.exe D:\activate_crack.exe\activate_crack.exe User defined detection: ГАВНО (Potentially Unwanted Program)............
*******************************************************************
Engine version =5000.0741
AntiVirus DAT version =4732.0000
Number of detection signatures in EXTRA.DAT =2
Names of detection signatures in EXTRA.DAT =Generic Downloader (ED) Generic StartPage.w (ED)
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\PROGRAM FILES\POWERMENU\POWERMENUHOOK.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\Program Files\WINZIP\WINZIP.CHM User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\Program Files\WINZIP\WZPOPUP.HLP User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\Program Files\WINZIP\WZINST.CHM User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\MSCTFIME.IME User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\SECUR32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\CLBCATQ.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\COMRES.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\REGISTRATION\R000000000016.CLB User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:35 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\system32\Msimtf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:01:46 Would be blocked by behavior blocking rule (rule is currently not enforced) NT AUTHORITY\SYSTEM winlogon.exe C:\WINDOWS\media\Windows XP Ding.wav User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:01:47 Would be blocked by behavior blocking rule (rule is currently not enforced) NT AUTHORITY\SYSTEM winlogon.exe C:\WINDOWS\system32\Msctf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\IMM32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\LPK.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\USP10.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Program Files\google\Google Desktop Search\GoogleDesktopNetwork3.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WS2_32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WS2HELP.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\SHELL32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\WindowsShell.Manifest User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\uniq User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\Secur32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\rsaenh.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\6T80AEFF\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\JXBP4L3T\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\TVNX572L\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\CD996JDU\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Cookies\index.dat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\History\History.IE5\index.dat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:12 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\ws2_32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WS2HELP.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\System32\mswsock.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\DNSAPI.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\System32\winrnr.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\sensapi.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\RASAPI32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\rasman.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\TAPI32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\rtutils.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WINMM.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:22 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\system32\Msimtf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:44 Blocked by port blocking rule activate_crack * Common Maximum Protection:Prevent HTTP communication 85.249.23.119:80
03.04.2006 20:02:44 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:44 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:44 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\kl1.exe User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\kl1.exe User-defined Rules:Block create, delete files in sys drive Action blocked : Write
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NETa\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\kl1.exe User-defined Rules:Block create, delete files in sys drive Action blocked : Write
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\Galina\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:48 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:49 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\system32\Msimtf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:49 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\NTDLL.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\KERNEL32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\UNICODE.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\LOCALE.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:49 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\SORTTBLS.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:50 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\LZ32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:51 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\ADVAPI32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:52 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\RPCRT4.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\MSVCRT.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\CTYPE.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\PROGRAM FILES\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\PROGRAM FILES\MCAFEE\VIRUSSCAN ENTERPRISE\VSCAN.BOF User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\NTDLL.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\KERNEL32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\LZ32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\ADVAPI32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\RPCRT4.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\MSVCRT.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\PROGRAM FILES\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:54 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\Program Files\McAfee\VirusScan Enterprise\vscan.bof User-defined Rules:Block create, delete files in sys drive Action blocked : Read
Добавлено:
BETA VSE8.5
03.04.2006 6:18:34 Engine version =5000.0741
03.04.2006 6:18:34 AntiVirus DAT version =4731.0000
03.04.2006 6:18:34 Number of detection signatures in EXTRA.DAT =2
03.04.2006 6:18:34 Names of detection signatures in EXTRA.DAT =Generic Downloader (ED) Generic StartPage.w (ED)
**************************************************
Это логи AccesProtection
Добавлено:
03.04.2006 19:50:46 Moved (Clean failed) TEST\NET Opera.exe C:\Documents and Settings\NET\Application Data\Opera\Opera1\profile\cache4\opr00UB8.html\opr00UB8\00000337.js Exploit-IEPageSpoof (Trojan)
03.04.2006 19:50:51 Moved (Clean failed) TEST\NET GoogleDesktopCr* C:\quarantine\opr00UB8.html.mcm\opr00UB8.html\00000337.js Exploit-IEPageSpoof (Trojan)
********************************
Это данные One-Access Scanner
Добавлено:
Сщбственно тест провел что бы проследить действия вируса.
Добавлено:
извините не могу на VSE8.0 система виснет.
Добавлено:
tool1.exe,tool2.exe,tool3.exe,tool4.exe,tool5.exe,toolbar.exe,ms1.exe,country.exe,kl1.exe-это файлы создаваемые самим активат_крэком в корне диска С:, но без и-нета они 0 байт. Еще desktop.ini в темпах iexplore и opera.
Добавлено:
03.04.2006 22:08:16 User defined detection : Moved (Clean failed because the detection isn't cleanable) TEST\NET explorer.exe D:\activate_crack.exe\activate_crack.exe User defined detection: ГАВНО (Potentially Unwanted Program)............
*******************************************************************
Engine version =5000.0741
AntiVirus DAT version =4732.0000
Number of detection signatures in EXTRA.DAT =2
Names of detection signatures in EXTRA.DAT =Generic Downloader (ED) Generic StartPage.w (ED)
SpasitelofMoney
Цитата:
а ты не согласен , что многое от настроек зависит? Я тест прошел нормально! Голова на плечах+подстраховка от антивируса=залог успеха! А сетевикам, которые разрешают "запустить файл" с интернета я бы бошки отрывал!
VSE - корпоративный антивирус, "домохозяйкам" не рекомендован, думать надо какая защита тебе нужна и внимательно настраивать права пользователя на рабочей машине. А дома....... дома можно и поиграться......... и русик на антивирус поставить (!?)......
Добавлено:
ogamy
Цитата:
перевести? : "ДОЛЖНО быть заблокировано согласно имеющегося правила"!
а VSE 8.5 , будет ЯВНО НЕ для домохозяек. Правил блокировки доступа добавили и очень жёстко, надо всё настраивать.
PS: недовольные покупают другой антивирус
Цитата:
Мы вообще-то здесь обсуждаем, то что Real-Time McAfee VSE8 сканирование пропускает вирусы
а ты не согласен , что многое от настроек зависит? Я тест прошел нормально! Голова на плечах+подстраховка от антивируса=залог успеха! А сетевикам, которые разрешают "запустить файл" с интернета я бы бошки отрывал!
VSE - корпоративный антивирус, "домохозяйкам" не рекомендован, думать надо какая защита тебе нужна и внимательно настраивать права пользователя на рабочей машине. А дома....... дома можно и поиграться......... и русик на антивирус поставить (!?)......
Добавлено:
ogamy
Цитата:
Would be blocked by behavior blocking rule
перевести? : "ДОЛЖНО быть заблокировано согласно имеющегося правила"!
а VSE 8.5 , будет ЯВНО НЕ для домохозяек. Правил блокировки доступа добавили и очень жёстко, надо всё настраивать.
PS: недовольные покупают другой антивирус
Тогда может быть кто-нибудь из "недомохозяек" объяснит "домохозяйкам" что и куда лучше настроить в текущей версии VSE (чтобы была некоторая "золотая середина" между заблокированым и разрешенным).
Форум на том и держится, что "недомохозяйки" обсуждают свои подоходы между собой, а "домохозяйки" повышают свой скил, чтобы стать "недомохозяйками"
Форум на том и держится, что "недомохозяйки" обсуждают свои подоходы между собой, а "домохозяйки" повышают свой скил, чтобы стать "недомохозяйками"
wood
Цитата:
Переводить не надо.
(/rule is currently not enforced/ правило сейчас не используется) Я запретил любые обращения к системным каталогам ивообще диску С:, создал список исключений для зарегестрированных приложений. Запускал оба виря - активатора и paytime - и наблюдал за работой VSE. Сначала report, потом block&report.
Цитата:
если в EXTRA.DAT они включены?
Пробовал несколько раз и только раз на четвертый VSE стал их идентифицыровать.
Deleted TEST/NET explorer.exe C:\Documents and Settings\NET\Desktop\paytime.exe Generic StartPage.w (ED) (Trojan)
Deleted TEST/NET explorer.exe C:\Documents and Settings\NET\Desktop\activate_crack.exe Generic Downloader.ab (ED) (Trojan)
Deleted TEST/NET explorer.exe C:\Documents and Settings\NET\Desktop\activate_crack.exe Generic Downloader.ab (ED) (Trojan)
Deleted TEST/NET explorer.exe D:\activate_crack.exe Generic Downloader.ab
Moved (Clean failed) TEST/NET Opera.exe C:\Documents and Settings\NET\Application Data\Opera\Opera1\profile\cache4\opr00VCF.html\opr00VCF\00000337.js Exploit-IEPageSpoof (Trojan)
Moved (Clean failed) TEST/NET GoogleDesktopCr* C:\quarantine\opr00VCF.html.mcm\opr00VCF.html\00000337.js Exploit-IEPageSpoof (Trojan)
Ну ладно - бета. Однако загруженные в память он их невидел. On-Demand Scan тоже файлы не различал.
Scan Items
D:\activate_crack (1).exe
D:\activate_crack.exe
D:\G6_Renamer_v1.51.zip
Scan Summary
Processes scanned : 0
Processes detected : 0
Processes cleaned : 0
Boot sectors scanned : 2
Boot sectors detected: 0
Boot sectors cleaned : 0
Files scanned : 3
Files with detections: 0
File detections : 0
Files cleaned : 0
Files moved : 0
Files deleted : 0
Files not scanned : 0
Run time : 0:00:06
On-Demand Scan
Т.е. только On-Access Scan. Вопрос почему?
sertas
Можешь блоконуть системный раздел поставив галочку: Warning mode (Report access attempts, but do not block), потратить день два позапускав разные приложения и посмотреть кто куда ломится и составить свой список програм для которых будут разрешены только определенные действия.
Главное чтобы правила не противоречили друг-другу.К примеру: **Outlook Express**
Use this rule to prevent Outlook Express from launching anything from any
temporary directory:
1 On the File, Share, and Folder Protection tab, click Add.
2 Under Rule Name, type the name for this rule.
3 Under What to block, type msimn.exe.
4 Under File or folder name to block, type **\temp*\**. For this example, a double
asterisk (**) indicates any number of directories that the asterisk matches, up
to a back slash (\) character.
5 Under File actions to prevent, select Files being executed.
6 Under How to react, select Block and report access attempts.
7 Click OK to save the rule and return to the Files, Shares, and Folders Protection
tab, then click Apply to save these settings.)
Но и это в принцепе не спасет от компрометации от доверенного приложения. activate_crack очень легко переименовывается и без сигнатур или правил где только зарегеные проги может также произойти заражение.
*********************************************
Добавлено:
04.04.2006 4:02:10 Blocked by port blocking rule activate_crack.* Common Maximum Protection:Prevent HTTP communication 85.249.23.119:80
04.04.2006 4:04:58 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\IMM32.DLL User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\LPK.DLL User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\Program Files\google\Google Desktop Search\GoogleDesktopNetwork3.dll User-defined Rules:ГАВНО2 Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\Program Files\Firewall\wl_hook.dll User-defined Rules:ГАВНО2 Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\SHELL32.dll User-defined Rules:ГАВНО Action blocked : Read
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\imm32.dll User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\uniq User-defined Rules:ГАВНО2 Action blocked : Create
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\Secur32.dll User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:05:00 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
04.04.2006 4:05:00 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\rsaenh.dll User-defined Rules:ГАВНО Action blocked : Read
04.04.2006 4:09:40 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run: SYSTRAY Common Maximum Protection:Prevent programs registering to autorun Action blocked : Create
04.04.2006 4:09:43 Blocked by behavior blocking rule TEST/NET paytime.exe C:\Program Files\secure32.html User-defined Rules:ГАВНО3 Action blocked : Read
04.04.2006 4:09:43 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: START PAGE Common Standard Protection:Protect Internet Explorer settings Action blocked : Write
04.04.2006 4:09:43 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: DEFAULT_PAGE_URL Common Standard Protection:Protect Internet Explorer settings Action blocked : Write
04.04.2006 4:09:43 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\S-1-5-21-1708537768-1004336348-725345543-1003 User-defined Rules:ГАВНО5 Action blocked : Read
------------********************-----------------------*******************-----------------------
04.04.2006 4:26:34 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\.DEFAULT User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe C:\Program Files\secure32.html User-defined Rules:ГАВНО3 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: START PAGE Common Standard Protection:Protect Internet Explorer settings Action blocked : Write
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: DEFAULT_PAGE_URL Common Standard Protection:Protect Internet Explorer settings Action blocked : Write
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\S-1-5-21-1708537768-1004336348-725345543-1003 User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\.DEFAULT User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\S-1-5-21-1708537768-1004336348-725345543-1003 User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\.DEFAULT User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\S-1-5-21-1708537768-1004336348-725345543-1003 User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\.DEFAULT User-defined Rules:ГАВНО5 Action blocked : Read
***********************************************
paytime.exe ломился пока мне это не надоело.......
Цитата:
перевести? : "ДОЛЖНО быть заблокировано согласно имеющегося правила"!
Переводить не надо.
(/rule is currently not enforced/ правило сейчас не используется) Я запретил любые обращения к системным каталогам ивообще диску С:, создал список исключений для зарегестрированных приложений. Запускал оба виря - активатора и paytime - и наблюдал за работой VSE. Сначала report, потом block&report. Цитата:
03.04.2006 22:08:16 User defined detection : Moved (Clean failed because the detection isn't cleanable) TEST\NET explorer.exe D:\activate_crack.exe\activate_crack.exe User defined detection: ГАВНО (Potentially Unwanted Program)............почеьу согласно моим правилам,
если в EXTRA.DAT они включены? Пробовал несколько раз и только раз на четвертый VSE стал их идентифицыровать. Deleted TEST/NET explorer.exe C:\Documents and Settings\NET\Desktop\paytime.exe Generic StartPage.w (ED) (Trojan)
Deleted TEST/NET explorer.exe C:\Documents and Settings\NET\Desktop\activate_crack.exe Generic Downloader.ab (ED) (Trojan)
Deleted TEST/NET explorer.exe C:\Documents and Settings\NET\Desktop\activate_crack.exe Generic Downloader.ab (ED) (Trojan)
Deleted TEST/NET explorer.exe D:\activate_crack.exe Generic Downloader.ab
Moved (Clean failed) TEST/NET Opera.exe C:\Documents and Settings\NET\Application Data\Opera\Opera1\profile\cache4\opr00VCF.html\opr00VCF\00000337.js Exploit-IEPageSpoof (Trojan)
Moved (Clean failed) TEST/NET GoogleDesktopCr* C:\quarantine\opr00VCF.html.mcm\opr00VCF.html\00000337.js Exploit-IEPageSpoof (Trojan)
Ну ладно - бета. Однако загруженные в память он их невидел.
On-Demand Scan тоже файлы не различал. Scan Items
D:\activate_crack (1).exe
D:\activate_crack.exe
D:\G6_Renamer_v1.51.zip
Scan Summary
Processes scanned : 0
Processes detected : 0
Processes cleaned : 0
Boot sectors scanned : 2
Boot sectors detected: 0
Boot sectors cleaned : 0
Files scanned : 3
Files with detections: 0
File detections : 0
Files cleaned : 0
Files moved : 0
Files deleted : 0
Files not scanned : 0
Run time : 0:00:06
On-Demand Scan
Т.е. только On-Access Scan. Вопрос почему?
sertas
Можешь блоконуть системный раздел поставив галочку: Warning mode (Report access attempts, but do not block), потратить день два позапускав разные приложения и посмотреть кто куда ломится и составить свой список програм для которых будут разрешены только определенные действия.
Главное чтобы правила не противоречили друг-другу.К примеру: **Outlook Express** Use this rule to prevent Outlook Express from launching anything from any
temporary directory:
1 On the File, Share, and Folder Protection tab, click Add.
2 Under Rule Name, type the name for this rule.
3 Under What to block, type msimn.exe.
4 Under File or folder name to block, type **\temp*\**. For this example, a double
asterisk (**) indicates any number of directories that the asterisk matches, up
to a back slash (\) character.
5 Under File actions to prevent, select Files being executed.
6 Under How to react, select Block and report access attempts.
7 Click OK to save the rule and return to the Files, Shares, and Folders Protection
tab, then click Apply to save these settings.)
Но и это в принцепе не спасет от компрометации от доверенного приложения. activate_crack очень легко переименовывается и без сигнатур или правил где только зарегеные проги может также произойти заражение.
*********************************************
Добавлено:
04.04.2006 4:02:10 Blocked by port blocking rule activate_crack.* Common Maximum Protection:Prevent HTTP communication 85.249.23.119:80
04.04.2006 4:04:58 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\IMM32.DLL User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\LPK.DLL User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\Program Files\google\Google Desktop Search\GoogleDesktopNetwork3.dll User-defined Rules:ГАВНО2 Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\Program Files\Firewall\wl_hook.dll User-defined Rules:ГАВНО2 Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\SHELL32.dll User-defined Rules:ГАВНО Action blocked : Read
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\imm32.dll User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\uniq User-defined Rules:ГАВНО2 Action blocked : Create
04.04.2006 4:04:59 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\Secur32.dll User-defined Rules:ГАВНО Action blocked : Execute
04.04.2006 4:05:00 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
04.04.2006 4:05:00 Blocked by behavior blocking rule TEST/NET activate_crack.* C:\WINDOWS\system32\rsaenh.dll User-defined Rules:ГАВНО Action blocked : Read
04.04.2006 4:09:40 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run: SYSTRAY Common Maximum Protection:Prevent programs registering to autorun Action blocked : Create
04.04.2006 4:09:43 Blocked by behavior blocking rule TEST/NET paytime.exe C:\Program Files\secure32.html User-defined Rules:ГАВНО3 Action blocked : Read
04.04.2006 4:09:43 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: START PAGE Common Standard Protection:Protect Internet Explorer settings Action blocked : Write
04.04.2006 4:09:43 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: DEFAULT_PAGE_URL Common Standard Protection:Protect Internet Explorer settings Action blocked : Write
04.04.2006 4:09:43 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\S-1-5-21-1708537768-1004336348-725345543-1003 User-defined Rules:ГАВНО5 Action blocked : Read
------------********************-----------------------*******************-----------------------
04.04.2006 4:26:34 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\.DEFAULT User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe C:\Program Files\secure32.html User-defined Rules:ГАВНО3 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: START PAGE Common Standard Protection:Protect Internet Explorer settings Action blocked : Write
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: DEFAULT_PAGE_URL Common Standard Protection:Protect Internet Explorer settings Action blocked : Write
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\S-1-5-21-1708537768-1004336348-725345543-1003 User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\.DEFAULT User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\S-1-5-21-1708537768-1004336348-725345543-1003 User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\.DEFAULT User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\S-1-5-21-1708537768-1004336348-725345543-1003 User-defined Rules:ГАВНО5 Action blocked : Read
04.04.2006 4:26:37 Blocked by behavior blocking rule TEST/NET paytime.exe \REGISTRY\USER\.DEFAULT User-defined Rules:ГАВНО5 Action blocked : Read
***********************************************
paytime.exe ломился пока мне это не надоело.......
ogamy
Цитата:
для кого? Для всех???
Цитата:
опять перевести?sertas
sertas
Цитата:
что интересует конкретно? Ставишь максимальную защиту и разрешаешь то, то тебе нужно
Цитата:
запретил любые обращения к системным каталогам ивообще диску С:
для кого? Для всех???
Цитата:
Clean failed because the detection isn't cleanable
опять перевести?sertas
sertas
Цитата:
Тогда может быть кто-нибудь из "недомохозяек" объяснит "домохозяйкам" что и куда лучше настроить в текущей версии VSE
что интересует конкретно? Ставишь максимальную защиту и разрешаешь то, то тебе нужно
всем здраствуйте, спасибо за советы вроде разобрался и все заработало, толькощас незнаю где в ePolicy Orchestrator посмотреть настройку обновлений, конкретно меня интересует обновляетли она версии агентов и антивирусные базы из интернэта и где эти настройки выставляются подскажите пожалуйста!!!
Apocalipsis
1. те нужно создать Update tasks для синхронизации Master repository твоего сервера с McAfee source repository
2. создать client update tasks, с указанием расписания и т.п., на основании которой клиенты будут ломится в Master repository твоего сервера за обновлением DAT и engine
подробнее см. ePO_36_ProductGuide_EN.pdf, главы 5, 6, 7
посмотреть обновляются ли версии агентов и антивирусные базы можно в отчетах, там есть отчеты по версии агента и по версиям DAT и engine. см. консоль ePO, Reports | Anti-Virus | Coverage | ...
1. те нужно создать Update tasks для синхронизации Master repository твоего сервера с McAfee source repository
2. создать client update tasks, с указанием расписания и т.п., на основании которой клиенты будут ломится в Master repository твоего сервера за обновлением DAT и engine
подробнее см. ePO_36_ProductGuide_EN.pdf, главы 5, 6, 7
посмотреть обновляются ли версии агентов и антивирусные базы можно в отчетах, там есть отчеты по версии агента и по версиям DAT и engine. см. консоль ePO, Reports | Anti-Virus | Coverage | ...
Цитата:
2. создать client update tasks,
А разве недостаточно просто включить Global Update, чтобы клиентам немедленно из Master repository рассылались обновления?
SunStroke
Цитата:
разумеется мона и так %)
Цитата:
А разве недостаточно просто включить Global Update, чтобы клиентам немедленно из Master repository рассылались обновления?
разумеется мона и так %)
Узнал у одного админа банка , что он использует на работе
McAfee VSE с патчем 10, а не 11a.
Мотивирует он это тем что проблемы, которые решает 11,11a - у него не имеют места,
и установка патчей на эффективность ловли вирусов не влияет.
Говорит что патчи 11/11a порождают проблемы с утечкой памяти(антивирус потребляет больше системной памяти чем с патчем 10)
Может ли такое быть, или я его неправильно понял?
, что он использует на работе McAfee VSE с патчем 10, а не 11a.
Мотивирует он это тем что проблемы, которые решает 11,11a - у него не имеют места,
и установка патчей на эффективность ловли вирусов не влияет.
Говорит что патчи 11/11a порождают проблемы с утечкой памяти(антивирус потребляет больше системной памяти чем с патчем 10)
Может ли такое быть, или я его неправильно понял?
SpasitelofMoney
прочитай readme к соотв. патчу, в нем всегда перечислен список того что патч фиксит
прочитай readme к соотв. патчу, в нем всегда перечислен список того что патч фиксит
ePo не дает залогиниться и все. Имею: Win xp sp2 на ней vmware c win 2k3 SBS sp1 AD+DNS+DHCP+SQL 2k sp4 SQL Authentication, NTLM 1. Все делал из под локального админа, добавил ему все возможные полномочия - нихрена. К БД подключаюсь, могу отчеты составлять... токо очем?.. Не логинит..
Добавлено:
Кстати...
Провел следующий тест: создал правила block read, execute и block write, create, delete. Для них список исключений по процессам, для каждого правила свой. Откатил DATы до 4716 и ......... позапускал разных вирей, все ОК. Систему не грузит вообще
, та гадость что в базах имеется удаляется, та что не известна блокируется по процессу.
Пробовал на VSE 8.0 и VSE 8.5.
По поводу svhost.exe в бете такое правило появилось: AntiVirus Standard Protection:Prevent svchost executing non-Windows executables.
Добавлено:
Кстати...
Провел следующий тест: создал правила block read, execute и block write, create, delete. Для них список исключений по процессам, для каждого правила свой. Откатил DATы до 4716 и ......... позапускал разных вирей, все ОК. Систему не грузит вообще, та гадость что в базах имеется удаляется, та что не известна блокируется по процессу. Пробовал на VSE 8.0 и VSE 8.5. По поводу svhost.exe в бете такое правило появилось: AntiVirus Standard Protection:Prevent svchost executing non-Windows executables.
ogamy
Цитата:
ты как пытаешся залогинится? вводиш admin и пасс который задавал при устновки ePO?
Цитата:
ePo не дает залогиниться и все
ты как пытаешся залогинится? вводиш admin и пасс который задавал при устновки ePO?
SergeyCVS
Да. Пробовал ePo authentication тоже ни-ни.
Добавлено:
Пишет возможно неверные: домен, админ, пасс или убедитесь что ePo svr вообще запущен.
Да. Пробовал ePo authentication тоже ни-ни.
Добавлено:
Пишет возможно неверные: домен, админ, пасс или убедитесь что ePo svr вообще запущен.
Страницы: 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768
Предыдущая тема: Динамическое управление шириной канала (Shaper, шейпер), Win
Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.