hpCaslpush notificationn什...

来源:蜘蛛抓取(WebSpider) 时间:2011-09-27 10:17 标签: push notification
查看: 3711|回复: 21
C:\Windows\system32\taskeng.exe
本帖最后由 w 于
11:11 编辑
& & & & 11:06:00& & & & 将由访问保护规则 (当前不强制执行规则) 禁止 & & & & NT AUTHORITY\SYSTEM& & & & C:\Windows\system32\taskeng.exe& & & & \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{15258EC2-DB46--BDB}& & & & 用户定义的规则:313保护Userinit注册表& & & & 已阻止的操作: 写入
& & & & 11:06:00& & & & 将由访问保护规则 (当前不强制执行规则) 禁止 & & & & NT AUTHORITY\SYSTEM& & & & C:\Windows\system32\taskeng.exe& & & & \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{15258EC2-DB46--BDB}\data& & & & 用户定义的规则:313保护Userinit注册表& & & & 已阻止的操作: 创建
& & & & 11:06:41& & & & 将由访问保护规则 (当前不强制执行规则) 禁止 & & & & NT AUTHORITY\SYSTEM& & & & C:\Windows\system32\SearchIndexer.exe& & & & \REGISTRY\MACHINE\Software\Microsoft\Windows Search& & & & 用户定义的规则:313保护Userinit注册表& & & & 已阻止的操作: 写入
C:\Windows\system32\DllHost.exe& & & & \REGISTRY\MACHINE\Software\Microsoft\IdentityStore\Cache\S-1-5-21----1000& & & & 用户定义的规则:313保护Userinit注册表& & & & 已阻止的操作: 写入
感谢反馈:)
这条规则内容是什么?
McAfee VirusScan Enterprise 8.8 P3
Google Chrome beta
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.81 Safari/537.36
大猫熊 发表于
这条规则内容是什么?
313保护Userinit注册表、
排除C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe, C:\Program Files\alipay\alieditplus\AlipayUA.exe, C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe, C:\Program Files\McAfee\Common Framework\FrameworkService.exe, C:\Program Files\McAfee\VirusScan Enterprise\mcupdate.exe, C:\Program Files\StarSoftComm\StarCenter\BIN\scupdate.exe, C:\Windows\servicing\TrustedInstaller.exe, C:\Windows\system32\AUDIODG.EXE, C:\Windows\system32\csrss.exe, C:\Windows\system32\DllHost.exe, C:\Windows\system32\LogonUI.exe, C:\Windows\system32\lsass.exe, C:\Windows\system32\SearchIndexer.exe, C:\Windows\system32\SearchProtocolHost.exe, C:\Windows\system32\services.exe, C:\Windows\system32\svchost.exe, C:\Windows\system32\taskeng.exe, C:\Windows\system32\taskhost.exe, C:\Windows\system32\wbem\WMIADAP.EXE, C:\Windows\system32\wbem\wmiprvse.exe, C:\Windows\system32\wininit.exe, D:\Program Files\Game\**\*.exe, D:\Program Files\Tencent\QQ\bin\QQ.exe
hklm/Software/**/Microsoft/**
本帖最后由 大猫熊 于
16:20 编辑
建议排除C:\Windows\system32\**,配合windows可执行文件写入保护已经伪装系统进程防护。
McAfee VirusScan Enterprise 8.8 P3
Google Chrome beta
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.81 Safari/537.36
感谢解答: )
大猫熊 发表于
建议排除C:\Windows\system32\**,配合windows可执行文件写入保护已经伪装系统进程防护。
配合windows可执行文件写入保护已经伪装系统进程防护??&&是怎么我用的是墨池的伪封笔+你的部分规则,
配合windows可执行文件写入保护已经伪装系统进程防护??&&是怎么我用的是墨池的伪封笔+你的部分规则,
28. Hijacking: Userinit
What does it do ? Tries to modify “Userinit” key in registry in order to take the place of userinit.exe, the process responsible for initialization of the user data after the logon.
What is the risk ? The malware is going to have itself automatically started every time Windows starts. The fact that this key is not a common startup key that an average diagnostics utility would look for, increases the chance of malware survival.
这条规则的防范范围较宽,容易引起其他问题。所以建议排除整个系统区进程。我的规则里面相应规则也需要修改。
McAfee VirusScan Enterprise 8.8 P3
Google Chrome beta
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.81 Safari/537.36
感谢解答: )
大猫熊 发表于
已经排除整个文件夹
感觉规则多余了...
大猫熊 发表于
呼叫熊猫版主,看了你修改后的
规则名称:R-06 保护Userinit
C:\Windows\system32\**\*.exe,
阻挡用不报告
但是我这边C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe, C:\Program Files\alipay\alieditplus\AlipayUA.exe, C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe, C:\Program Files\McAfee\Common Framework\FrameworkService.exe, C:\Program Files\McAfee\VirusScan Enterprise\mcupdate.exe, C:\Program Files\StarSoftComm\StarCenter\BIN\scupdate.exe, C:\Windows\servicing\TrustedInstaller.exe, C:\Windows\system32\**\*.exe, D:\Program Files\Game\**\*.exe, D:\Program Files\Tencent\QQ\bin\QQ.exe, D:\Program Files\Thunder Network\Xmp\Program\XMP.exe
有以上这些都触红难道也不用排除吗,就只要排除C:\Windows\system32\**\*.exe,我看到咖啡自己的进程也阻止了,还有好多程序的
jml521m 发表于
感觉规则多余了...
怎么说??
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,$:Tips Guid Ravivez Votre Relation Par SMS - Par Michael Fiore on PureVolume
Please click
if you are not redirected within a few seconds.
$:Tips Guid Ravivez Votre Relation Par SMS - Par Michael Fiore
Location: Andorra
Stats: 0 fans / 0 plays / 0 plays today
There was a problem adding your comment. Please try again.
is listening to:
is listening to:
is listening to:
is listening to:
Top Artists
All GenresAcousticAlternativeAmbientBluegrassBluesChristianChristian RapClassic RockClubComedyCountryDeath MetalDrum and BassElectronicEmoExperimentalFolkFolk RockFunkGrungeHardcoreHip HopHouseIndieIndustrialJam BandJazzMetalMetalcoreOtherPopPop PunkPost HardcorePowerpopProgressivePsychedelicPunkR&BRapReggaeRockRockabillyScreamoSkaSoulSouthern RockSurf RockTechnoTranceWorld114网址导航

我要回帖

更多关于 push notification 的文章

 

随机推荐