二次元同好交流新大陆
扫码下载App
温馨提示！由于新浪微博认证机制调整，您的新浪微博帐号绑定已过期，请重新绑定！&&|&&
Fear not you`ve no bosom friends as you go along!
There is no connoissear on earth but loves your song.
LOFTER精选
网易考拉推荐
用微信&&“扫一扫”
将文章分享到朋友圈。
用易信&&“扫一扫”
将文章分享到朋友圈。
Slider Options滑动选项
Comodo Internet Security allows you to customize the behavior of Defense+ by adjusting a Security Level slider to switch between preset security levels. 毛豆互联网安全的Defense+允许你通过不同的保密级别的滑动开关来定制行为
The choices available are: Paranoid Mode, Safe Mode, Clean PC Mode, Training Mode and Disabled. The setting you choose here are also to be displayed on the CIS summary screen.可以选择的模式有：疯狂模式、安全模式、干净PC模式、学习模式和禁用。你可以在这儿设置，也可以在CIS摘要显示里设置。
·Paranoid Mode疯狂模式&&&& -computer security policy is applied& 应用计算机安全规则
·Safe Mode安全模式&&&&&&&& -Every action of safe executable files is learned 学习安全程序的每个行为
·Clean PC Mode干净PC模式& -Every action of unknown executable files is alerted to the user未知可执行文件的任何行为将警告给用户
·Training Mode学习模式
·Disabled 禁用
Keep an alert on the screen for (seconds): 120&&& 警告窗口最多保持（秒） 120
□Trust the applications digitally signed by Trusted Software Vendors通过可信任软件商设置信任数字证书
□Block all unknown requests if the application is closed 如果本程序关闭，阻止所有未知请求
□Deactivate the Defense+ permanently (Requires a system restart)永远禁止Defense+，需要重启系统
□Create rules for safe applications 创建安全程序规则
？What do these settings do? 这些是如何设置的？
·Paranoid Mode疯狂模式: This is the highest security level setting and means that Defense+ monitors and controls all executable files apart from those that you have deemed safe. Comodo Internet Security does not attempt to learn the behavior of any applications - even those applications on the Comodo safe list and only uses your configuration settings to filter critical system activity. Similarly, the Comodo Internet Security does automatically create 'Allow' rules for any executables - although you still have the option to treat an application as 'Trusted' at the Defense+ alert. Choosing this option generates the most amount of Defense+ alerts and is recommended for advanced users that require complete awareness of activity on their system.
这是最高级别的安全设置，意思是说Defense+能够监视并控制所有的可执行文件，除了那些你认为可信安全文件。毛豆国际互联网安全套装不能尝试获悉所有应用软件的行为，即便是那些应用软件在毛豆的安全名单和只使用你对紧急过滤系统活动构造设置。同样，毛豆国际互联网安全套装会自动为那些可执行文件创造“允许”规则，尽管如此，你仍然可以在Defense+的警报里选择一个应用软件到可信任的名单中。选择这个选项会生成大多数的警报，推荐给能够完全熟悉他们的系统行为的高级使用者使用。
·Safe Mode安全模式: While monitoring critical system activity, Defense+ automatically learns the activity of executables and applications certified as 'Safe' by Comodo. It also automatically creates 'Allow' rules these activities, if the checkbox '' is selected. For non-certified, unknown, applications, you will receive an alert whenever that application attempts to run. Should you choose, you can add that new application to the safe list by choosing 'Treat this application as a Trusted Application' at the alert. This instructs the Defense+ not to generate an alert the next time it runs. If your machine is not new or known to be free of malware and other threats as in 'Clean PC Mode' then 'Safe Mode' is recommended setting for most users - combining the highest levels of security with an easy-to-manage number of Defense+ alerts.安全模式：能监视紧急的系统活动，通过毛豆的安全模式，Defense+能自动获悉执行文件和被鉴定的应用软件。也能自动创造规则来允许这些活动，如果在检查盒中有‘为安全软件创造规则’的选项。也有为非认证的，未知的应用软件，无论何时，当应用软件试图运行，你都将收到一条警告。在警告里，你应该选择，你能把新的应用软件添加到‘安全的信任应用软件’中。这个指令会使该应用软件第二次运行时，Defense+不会生成警告。如果你的设备不是新的或者知道有免费的恶意软件和其他的威胁，推荐大多数使用者先进入‘干净PC模式’后，再选择‘安全模式’---用易于管理的多数Defense+警报，化合最高水平的安全防护。
·Clean PC Mode: From the time you set the slider to 'Clean PC Mode', Defense+ learns the activities of the applications currently installed on the computer while all new executables introduced to the system are monitored and controlled. This patent-pending mode of operation is the recommended option on a new computer or one that the user knows to be clean of malware and other threats. From this point onwards Defense+ alerts the user whenever a new, unrecognized application is being installed. In this mode, the files in 'My Pending Files' are excluded from being considered as clean and are monitored and controlled.干净PC模式：从你把活动装置指向‘干净PC模式’，Defense+获悉所有当前运行在计算机里的应用程序，当所有的执行文件运行到系统时都是被监督和控制的。这种运行方式的专利在申请中，这种方式推荐给新的计算机用户或者知道要清理恶意软件和其他的威胁。从这一点来看，Defense+警报使用者，每次都得到一个未被承认的应用程序安装到计算机中。进入这种模式，文件进入‘我的待定文件’，是被排斥在干净和监视与被控制的文件之外。
·Training Mode: Defense+ monitors and learn the activity of any and all executables and create automatic 'Allow' rules until the security level is adjusted. You do not receive any Defense+ alerts in 'Training Mode'. If you choose the 'Training Mode' setting, we advise that you are 100% sure that all applications and executables installed on your computer are safe to run.
·学习模式：Defense+监视并获悉所有活动和全部执行文件并创造自动‘允许’规则，直到安全级别被调整过来。在‘学习模式’中，你不会收到任何来自Defense+的警报。如果你选择‘学习模式’设置，我们建议你必须100%确认所有的应用程序和执行文件安装到你的计算机中是安全的，才能运行。
Tip:&This mode can be used as the “Gaming Mode”. It is handy to use this setting temporarily when you are running an (unknown but trusted) application or Games for the first time. This suppresses all Defense+ alerts while Comodo Internet Security learns the components of the application that need to run on your machine and automatically create 'Allow' rules for them. Afterwards, you can switch back to 'Train with Safe Mode' mode).
小提示：这个模式也可以用作‘游戏模式’。当你在运行一个（未知但可信的）应用软件或游戏时，第一时间使用这个轻便的临时性设置。这个压制 所有Defense+警报& 当毛豆国际互联网安全套装获悉应用软件的组成部分 需要在你的机器上运行时并能自动为这些应用软件创造‘允许规则’。然后，你就可以转回到‘学习安全模式’的模式。
·Disabled: Disables Defense+ protection. All executables and applications are allowed to run irrespective of your configuration settings. Comodo strongly advise against this setting unless you are confident that you have an alternative intrusion defense system installed on your computer.
·禁用：使用这个模式无法保护Defense+。所有执行文件和应用程序都会被允许运行，而不受你的构造设置所限制。毛豆强烈反对起用这个设置，除非你确信无疑，你的计算机上有一个可供替代的防御系统。
Checkbox Options检查框选项
·Keep an alert on screen for maximum (n) seconds - Determines how long Comodo Internet Security shows a Defense+ alert without any user intervention. By default, the timeout is set at 120 seconds. You may adjust this setting to your own preference.警报窗口弹出最长时间限制—在没有任何使用者操作的情况下，测定毛豆国际互联网安全套装显示一个Defense+警报有多长时间。在默认选项里，显示时间设置为120秒。你可以根据你的偏好调整这个设置值。
·Trust applications digitally signed by Trusted Software Vendors - Leaving this option checked means software which is signed by a Trusted Certificate Authority is automatically treated as safe. Comodo recommend leaving this option enabled. For more details, see .通过信任的软件商来设置信任的应用软件数字证书—抛开这种选择检查软件的方式，一个被信任认证授权的软件是被自动当作安全软件来运行的。毛豆推荐你激活这个选项，更多详细资料，请看信任软件商栏目。
·Block all unknown requests if the application is closed - Checking this box blocks all unknown requests (those not included in your ) if Comodo Internet Security is not running/has been shut down. 如果关闭本程序，阻止所有未知请求—将会检查它的所有未知请求（未包括你电脑里的安全策略），如果毛豆国际互联网安全套装没有运行或者已经被关闭这些应用程序的话，
·Deactivate Defense+ permanently (Requires a system restart)- Shuts down the Defense+ Host Intrusion element of Comodo Internet Security PERMANENTLY. The firewall and antivirus are not affected and continues to protect your computer even if you deactivate Defense+. Comodo does not recommend users close Defense+ unless they are sure they have alternative Intrusion Prevention Systems installed. 永远禁用Defense+（需要重启系统）--永远关闭毛豆国际互联网安全套装的Defense+主要运行程序。防火墙和杀毒软件将不能运行并保护你的计算机，即便你禁止Defense+。毛豆不推荐用户关闭Defense+，除非确信已经安装了可供替代的预防软件。
Create rules for safe applications- Automatically creates rules for safe applications in Computer Security Policy.为安全应用软件创建规则—在计算机安全策略里，自动为安全软件创建规则。
Note注意: Defense+ trusts the applications if: &&&Defense+信任应用软件，要是：
·The application/file is included in the
list.应用软件或文件在信任文件名单中。
·The application is from a vendor included in the
list.应用软件来自包括在可信任软件商名单中。
·The application is included in the extensive and constantly updated Comodo safelist. 应用软件包括在毛豆的不断大量更新的安全名单中。
By default, CIS does not automatically create ‘allow’ rules for safe applications. This helps saving the resource usage, simplifies the rules interface by reducing the number of 'Allowed' rules in it, reduces the number of pop-up alerts and is beneficial to beginners who find difficulties in setting up the rules.缺省方式，CIS不能自动为安全应用软件创建‘允许’规则。这个帮助节省资源的使用方法，通过减少大量的‘允许’规则来简化界面，减少大量警报弹窗口，有利于开始使用者发现设置规则中的难点。Enabling this checkbox instructs CIS to begin learning the behavior of safe applications so that it can automatically generate the 'Allow' rules. These rules are listed in the
interface. The Advanced users can edit / modify the rules as they wish.使检查盒能够委托CIS开始学习应用软件的安全行为，以便它能自动产生‘允许’规则。这些规则也会被列在计算机安全策略的界面上。高级使用者可以根据他们的意愿来编辑\修改这些规则。
Background Note背景资料:&Prior to version 4.x , CIS would automatically add an allow rule for ‘safe’ files to the rules interface. This allowed advanced users to have granular control over rules but could also lead to a cluttered rules interface. The constant addition of these ‘allow’ rules and the corresponding requirement to learn the behavior of applications that are already considered ‘safe’ also took a toll on system resources. In version 4.x, ‘allow’ rules for applications considered ‘safe’ are not automatically created – simplifying the rules interface and cutting resource overhead with no loss in security. Advanced users can re-enable this setting if they require the ability to edit rules for safe applications (or, informally, if they preferred the way rules were created in CIS version 3.x).在4.X之前版本，CIS能为‘安全’文件自动加入允许规则到界面。这个允许使高级使用者可以更好地控制这些规则，但也可能导致界面规则零乱。这些‘允许’规则始终不变，这样相当于学习应用软件的行为，也已经考虑到这些‘安全’规则所占用的系统之源。在4.X版本，为应用软件‘安全’考虑，‘允许’规则是不被创建的—简单的规则界面和在安全的同时不损耗系统资源。高级使用者如果需要这个功能来重新编辑安全应用软件的规则（或者，非正式的，在CIS3.X版本中，这些首先选的规则也是被创建的话。）
Execution Control Settings 可执行控制设置
Image Execution Control&is an integral part of the Defense+ engine.& If your Defense+ Security Level is set to , then it is responsible for authenticating every executable image that is loaded into the memory.&映像执行控制是Defense+引擎的主要部分。如果你的安全级别是设置‘学习模式’或者‘干净PC模式’，那么它会把每一个可靠的可执行的映像装载到内存里去。
Comodo Internet Security calculates the hash of an executable at the point&it&attempts to load into memory. It then compares this hash with the list of known/recognized applications that are on the Comodo safe list. If the hash matches the one on record for the executable, then the application is safe. If no matching hash is found on the safe list, then the executable is 'unrecognized' and you will receive an alert.&毛豆国际互联网安全套装估计装载到内存里的每个可执行文件的意图。它会与毛豆的安全名单里已知的\被公认的名单相对照。如果这个被执行的映像是记录在案的，然后就会被确认为安全的。如果没有发现在安全名单中，就会被确认为‘未被承认的’，并收到一个警报。
This area allows you to quickly determine how proactive the monitor should be and which types of files it should check.这区域允许你前摄监控哪个文件类型是应该被阻止的。
Image Execution Control Level Slider映像执行控制水平滑标&The control slider in the Settings interface allows you to switch the Image Execution settings between Enabled and Disabled states. The Image Execution Control is disabled irrespective of the settings in this slider, if Defense+ is
in the General Settings from the
interface. 在设置界面上的控制滑标，是允许你在激活的和不能工作的两种状态之间进行映像执行设置。映像执行控制被设置成不工作的状态，从Defense+设置界面可以看到Defense+的所有设置都是永久停止的。
·Enabled 激活的- This setting instructs Defense+ to intercept the all the files before they are loaded into memory and also Intercepts prefetching/caching attempts for the executable files.这个按钮的设置，可以在所有文件下载到内存之前拦截，也可以拦截预先提取\隐藏企图的可执行文件。
·Disabled不能工作的- No execution control is applied to the executable files.对所有的可执行文件不执行控制。
Check Boxes检查框
Treat unrecognized files as 处理未被承认的文件– This has five options and the unrecognized files will be run as per the option这里有五个选项，未被承认的文件将会按照选项运行selected.
·Partially Limited部分控制 - The application is allowed to access all the Operating system files and resources likeclipboard. Modification of protected files/registry keys is not allowed. Privileged operations like loadingdrivers or debugging other applications are also not allowed.
·Limited - Only selected operating system resources can be accessed by the application. The application isnot allowed to execute more than 10 processes at a time and is run with out Administrator accountprivileges.
·Restricted - The application is allowed to access very few operating system resources. The application isnot allowed to execute more than 10 processes at a time and is run with very limited access rights.
&Note注意:&Some of the applications like computer games may not work properly under this setting.有部分应用程序在这个设置下不能正常地运行，象计算机游戏等。
·Untrusted不信任 - The application is not allowed to access any of the Operating system resources. The application is not allowed to execute more than 10 processes at a time and is run with very limited access rights. 在这个设置下，应用程序不能被允许通过入口进入操作系统。这时，应用程序运行被控制在10个进程之内，而且被控制运行入口权利。
&Note注意:&Some of the applications that require user interaction may not work properly under this setting.在这个设置下，部分应用程序即使用者之前需要运行的程序也这不能正常地工作。
·Blocked 拦截– The application is not allowed to run at all.应用程序根本不允许运行。
Do heuristic command-line analysis for certain applications 用启发式命令-准确地分析应用软件- Selecting this option instructs Comodo Internet Security to perform heuristic analysis of programs that are capable of executing code such as visual basic scripts and java applications. Example programs that are affected by enabling this option are wscript.exe, cmd.exe, java.exe and javaw.exe. For example, the program wscipt.exe can be made to execute visual basic scripts (.vbs file extension) via a command similar to “wscipt.exe c:\tests\test.vbs”. If this option is selected, CIS detects c:\tests\test.vbs from the commandline and applies all security checks based on this file. If test.vbs attempts to connect to the internet, for example, the alert will state ‘c:\tests\test.vbs’ is attempting to connect to the internet. 选择这个按钮命令，毛豆国际互联网安全套装执行启发式应用程序分析，能够执行代码像可见基本的运行脚本、java.exe 和javaw.exe. 例如：wscipt.exe能执行可见的基本的运行脚本（.vbs文件拓展槽）由一个类似的命令到“wscipt.exe c:\tests\test.vbs”。如果这个选项是被选中的话，CIS会从命令行里发现c:\tests\test.vbs，并且所有的安全应用检查都是建立在这个文件上。如果检测到.vbs试图连接到互联网，比如：防火墙警报状态弹出‘c:\tests\test.vbs’试图连接到互联网。
Security Considerations:安全性考虑：
leaktest.vbs could not be recognized and it is about to connect the Internet. If it is one of your everyday applications, you can allow this request.漏洞检测.vbs不能被确认，它就要连接到互联网。如果是你的日常应用程序之一的话，你可以允许这个请求。
Background note背景资料:&‘Heuristics’ describes the method of analyzing a file to ascertain whether it contains codes typical of a virus. Heuristics is about detecting virus-like behavior or attributes rather than looking for a precise virus signature that matches a signature on the virus blacklist. This helps to identify previously unknown (new) viruses.启发式详细地查明一个文件的分析方法，是否包含病毒类型代码。启发式是侦察病毒喜欢的行为或者特征而不是发现一个精确的病毒签名并与病毒黑名单相对照。这样能能帮助识别事先未知的（新）的病毒。
Perform cloud based behavior analysis of unrecognized files 执行未被承认文件的云底层扫描分析– When checked, any file that is marked as unrecognized and is sent to the&Comodo Instant Malware Analysis (CIMA) server for behavior analysis. Each file is executed in a virtual environment on Comodo servers and tested to determine whether it contains any malicious code. The results will be sent back to your computer in around 15 minutes. Comodo recommends&users leave this setting enabled.&&当软件在检查所有的文件时，象那些未被承认的文件会被发送到毛豆即时恶意软件分析服务器分析这种恶意行为。每个被执行的文件都是在毛豆的虚拟虾服务器上运行，并测试确认是否包含恶意代码。这个结果大约在15分钟内发送到你的计算机上。毛豆推荐用户激活这个设置。More details.&，The behavior analysis system is a cloud based service that is used to help determine whether an unknown file is safe or malicious. Once submitted to the system, the unknown executable will be automatically run in a virtual environment and all activities, host state changes and network activity will be recorded. The list of behaviors recorded during this analysis can include information about processes spawned, files and registry keys modified, network activity, and other changes. If these behaviors are found to be malicious then the signature of the executable is automatically added to the antivirus black list.&If no malicious behavior is recorded then the file is placed into 'Unrecognized Files' (for execution within the sandbox) and will be submitted to our technicians for further checks. The behavior analysis&system takes around 15 minutes to report its results back to CIS. If the executable is deemed a threat then it will be automatically quarantined or deleted. This threat report is also used to update the global black list databases and therefore benefit all CIS users.
更多的详细资料，行为分析系统是一个云底层服务，它能习惯上帮助你确认那些未知的文件是安全还是恶意的。一旦向系统递交，这个未知的执行文件将会自动到一个虚拟环境运行和所有的活动，主机状态改变和网络活动将会被记录。这份行为记录名单包括进程信息、文件和修改注册表信息、网络活动和其他改变。如果这些行为被发现是恶意的，跟着这个执行签名会被自动添加到抗病毒黑名单里。如果没有恶意行为的纪录，文件会被列入‘未被确认文件’（放在沙盘里运行），并被发送到我们的技术专家作更详细的检查。行为分析系统是将在15分钟左右把结果报告给CIS。如果这种行为被认为是一个威胁，它将被自动隔离或被删除。这个恶意报告也会习惯性地更新到整个资料库名单中，为所有的CIS使用者提供方便。Automatically scan unrecognized files in the cloud在云里自动扫墓未被承认的文件 – Selecting this option will automatically submit unrecognized files to our File Lookup Server to check whether or not they are on the master Comodo white list or black-list (White list = files that are known to be safe. Black list = files that&are known to be malware)&and the files are rated accordingly. The important features of the cloud based scanning are:选择这个按钮，将会自动提交未被承认的文件到我们的服务器，检查是否在白名单或黑名单中（白名单=的文件是被认为是安全的。黑名单=的文件被认为是不安全的）并照此归类到他们当中。这是云底层扫描最重要的特征。
·Cloud based Whitelisting: Safe files and trusted vendors and trusted publishers can
云底层白名单：安全文件、信任厂商和信任的出版商能很容易地被识别的。
·Cloud based Antivirus: Malicious files can be detected even if the users do not have an up-to-date local antivirus database or a local antiv
云底层抗病毒：恶意文件能被侦察出来，即便是使用者没有一个最新的本地病毒库或者是根本没有本地病毒库。
Cloud Based Behaviour Analysis: Zero-day malware can be instantly detected by Comodo’s cloud based behavior analysis system, CIMA.
云底层行为分析：零时差恶意软件也能马上被毛豆的云底层行为分析系统，毛豆即时恶意软件分析服务器侦察出来。
The cloud scanning, complemented by automatic sandboxing and application isolation technologies, is very extremely fast and powerful in preventing PC infection even without a traditional antivirus signature database while keeping the user interaction at minimal levels.
Comodo recommends&users leave this setting enabled.&&通过自动沙盘和应用软件隔离技术有助于云扫描。是非常快速和强大地阻止PC被感染，即便是没有一个传统杀毒签名数据库的时候，也能保持使用者在最低的水平上。
毛豆推荐用户激活这个设置。
Detect Shellcode injections (i.e. Buffer overflow protection)侦察壳代码注入（i.e.缓冲溢出保护） - Enabling this setting turns-on the Buffer over flow protection.激活这个选项，打开缓冲溢出保护。A buffer overflow is an anomalous condition where a process/executable attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data and may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits.缓冲溢出是一种不规则的状态，一个进程\执行文件试图储存数据超过一个固定长度缓存的范围。导致附加的数据储存到邻近的记忆单元。改写数据可能包括其他的缓冲器、可变因数和程序流动数据，并且可能产生进程碰撞或者导致错误的结果。他们可能通过输入特有的有计划的执行恶意代码，或者在一种无意识的情况下制作一个程序。缓冲溢出本身引发一些软件脆弱点，构成许多开发基础。
Turning-on buffer overflow protection instructs the Comodo Internet Security to raise pop-up alerts in every event of a possible buffer overflow attack. You can allow or deny the requested activity raised by the process under execution depending on the reliability of the software and it's vendor.
for more details on the alerts.在每一次可能发生的溢出攻击事件中，整经的缓存溢出保护设置会指示毛豆互联网安全套装加注弹出警告。你可以通过可信赖软件进程来允许或拒绝加注请求并发送给软件商。关于更多的警报消息请点击“click here”&&&
Comodo recommends&users leave this setting enabled.&&毛豆推荐用户激活这个设置。To exclude some of the file types from being monitored under Detect Shellcode injections.在发现注入壳代码的情况下，从被监视的文件类型中排除。
1. Click on the 'Exclusions' button.点击‘排除’按钮
2. Click 'Add' to include file groups or processes to the Exclusions list. Click here for an
available when adding file types. 点击‘添加’按钮，里面包括文件组或排除进程名单。但需要添加文件类型时，单击这儿有一个可用选项供你选择文件类型。3. Click 'Remove' to remove selected entries from the exclusions list 点击‘移除’按钮，从你的排除名单中移除选择的项目。4. Click 'Purge' to remove invalid entries (programs that are not present or uninstalled from your computer) automatically. 点击‘清除’按钮，会自动清理无用的接口
Note注意:&These settings are recommended for advanced users only.这些设置被推荐给高级用户使用。
5. Click 'Apply' to implement your settings. 点击‘应用’按钮，使你的设置生效。
Sandbox Settings 沙盘设置
The Sandbox Settings area allows you to configure the security level and the overall behavior of the sandbox. To access the Sandbox Settings interface, click ‘Defense + Settings’ then select the ‘Sandbox Settings’ tab. If you would like some background information on the sandbox before changing these settings then please see section .沙盘设置区域是允许你设定保密级别和全部的沙盘行为。进入沙盘设置界面，点击‘Defense +设置’按钮，然后选择‘沙盘设置’标签。在沙盘上，如果你喜欢一些背景资料设置，在改变这些设置前，请看4.1版本-沙盘介绍。
Sandbox Security Level Slider沙盘保密级别滑标
The Security Level slider in the Settings interface allows you to switch the Sandbox between Enabled and Disabled states. The programs included in the Sandbox is executed with the set restrictions only if the Sandbox is in Enabled state. If disabled, the programs is run normally without any restrictions. The Sandbox is disabled irrespective of the settings in this slider, if Defense+ is &in the General Settings from the
interface. 在沙盘滑标界面上，允许你在激活的和不激活的两个开关之间选择。在沙盘里程序包括：如果沙盘是活动状态，仅用在受限制的执行程序上；相反，程序则在没有任何限制上运行。沙盘滑标设置在不被激活的位置上，那么，从Defense+的设置界面上，所有的设置都是永久的失效的。
Check Boxes检查框
Enable file system virtualization提供文件系统虚拟化 - The sandboxed applications are not permitted to modify the files in your 'real' file system. Enabling file system virtualization instructs the Sandbox to create a virtual file system in your system. The sandboxed applications write any data only into the created virtual file system, instead of affecting and potentially causing damage to your real file system. If you disable this option, the sandboxed applications may not function correctly because they are not able to create the entries that they need too.
&在沙盘运行的应用软件是不被允许修改真实的文件系统。激活文件系统虚拟化命令沙盘在你的系统里创建虚拟的文件系统。在沙盘运行的应用软件写入任何数据仅进入虚拟的文件系统，代替影响和潜在的破坏到你的真实的文件系统。如果你不激活这个选项，在沙盘运行的应用软件不能正确地发挥作用，因为他们也不能根据需要来创建一个入口。
Note for advanced users高级用户注意: The virtual file system is created inside the Sandbox working folder (e.g. c:\sandbox\) to execute the applications within this file system.虚拟文件系统是被创造进入沙盘工作的文件夹（例如：C：\sandbox\），在这个文件系统内运行应用软件。
If you disable this option here, the virtual file system is not created even if you have
for individual applications within the Sandbox.如果在这儿你不激活这个选项，虚拟文件系统不能被创建即便你有激活虚拟化文件系统为个别应用软件进入沙盘内。
Enable registry virtualization -The sandboxed applications are not permitted to access and modify the entries in your 'real' Window's Registry hives. Enabling registry virtualization instructs the Sandbox to create a virtual registry hive in your system. The sandboxed applications write any entries pertaining to them only into the created registry hive, instead of affecting and potentially causing damage to your real registry hives. If you disable this option, the sandboxed applications may not function correctly because they are not able to create the entries that they need too. 在沙盘运行的应用软件不被允许进入和修改入口在你的‘真实’视窗注册表项目。
Note for advanced users高级用户注意: The virtual file system is created inside the Sandbox working folder (e.g. c:\sandbox\) to execute the applications within this file system.
If you disable this option here, the virtual file system is not created even if you have
for individual applications within the Sandbox.
The table below explains the precedence of the file system virtualization and registry virtualization settings made through this interface and those through .在目录下解释文件系统虚拟化的优先权和注册表虚拟化设置，通过这个界面和那些通过计算机安全策略&永远沙盘&加入&永远沙盘&高级设置。
Sandbox Settings沙盘设置
Always Sandbox & Advanced Settings永远沙盘&高级设置
Is the setting enabled for the specific application?是否为个别应用软件激活这个按钮？
Automatically detect the installers / updaters and run them outside the Sandbox自动侦察在沙盘外安装\更新和运行的软件 - On execution of an Installer or an Updater, the application is run outside the Sandbox. Select this option only if you are going to run installers / updaters from trusted vendors.在执行安装或更新时，应用软件是运行在沙盘之外的。你选择了这个按钮，要是你将要安装、更新的软件程序仅仅来自信任厂商软件。Automatically trust the files from the trusted installers自动信任文件来自信任安装 - Files that are generated by trusted installers are also trusted. This means that they will not be sandboxed.通过信任安装的文件也是信任的。意思是说，他们不会被放入沙盘运行。Show notifications for automatically sandboxed processes自动显示通知沙盘进程 - By default, CIS will display an alert whenever it runs an unknown application in the sandbox. Use this control to enable or disable these alerts. 通过缺省模式，CIS会显示一警报，无论何时在沙盘里运行一个未知的应用软件。用这些警报来控制应用软件是给运行还是不给运行。Click 'OK' for your settings to take effect. 点击‘OK’设置生效。
Additional information:补充说明：
·See '' for a explanation of the options available at a Sandbox alert.
·在一个沙盘警报里，看见‘沙盘警报’是对这个按钮的可用性作说明。
·See '' to understand the decision making process behind why CIS chooses to sandbox certain applications.
·看见‘未知文件：沙盘和扫描进程’在明白为什么选择沙盘肯定的应用软件之后，决定对作出进程处理，
Monitoring Settings 监视设置
The 'Monitoring Settings' tab allows you configure which activities, entities and objects should monitored by Defense+.‘监视设置’标签允许你设定哪一个是活动的、独立存在的和目标，这些能通过Defense+监控。
Note注意: The settings you choose here are universally applied.这儿选择这个设置是普遍实用的
·If you disable monitoring of an activity, entity or object using this interface it completely switches off monitoring of that activity on a global basis - effectively creating a universal 'Allow' rule for that activity . This 'Allow' setting over-rules any policy specific 'Block' or 'Ask' setting for that activity that you may have selected using the '' and '' interface. 要是你不激活监视，实体和目标按钮在界面上整个系统显示是完全不活动的，-实际上创建一个普遍的活动的‘允许’规则，这个‘允许’设置推翻以前为这些设置在界面上做出的‘入口权’和‘保护设置’的选择。
Activities To Monitor:活动监听
·Interprocess Memory Access进程间的存储器存取 - Malware programs use memory space modification to inject malicious code for numerous types of attacks, including recording y modifying the behavior of the stealing confidential data by sending confidential information from one process to another process etc. One of the most serious aspects of memory-space breaches is the ability of the offending malware to take the identity of the invaded process, or 'impersonate' the application under attack. This makes life harder for traditional virus scanning software and intrusion-detection systems. Leave this box checked and Defense+ alerts you when an application attempts to modify the memory space allocated to another application. 或者伪装合法的应用软件进行攻击。这样会给传统的杀毒软件扫描和入侵监测系统带来很大的困难。当一个应用软件企图修改内存空间分配给另外一个应用软件的时候，会Defense+警报。
·Windows/WinEvent Hooks事件钩子 - In the Microsoft Windows? operating system, a hook is a mechanism by which a function can intercept events (messages, mouse actions, keystrokes) before they reach an application. The function can act on events and, in some cases, modify or discard them. Originally developed to allow legitimate software developers to develop more powerful and useful applications, hooks have also been exploited by hackers to create more powerful malware. Examples include malware that can record every str record
monitor and modify all messa take over control of your mouse and keyboard to remotely administer your computer. Leaving this box checked means that you are warned every time a hook is executed by an untrusted application.在微软的操作系统中，钩子是一个具有拦截事件的操作方法（信息、鼠标功能、按键）在信息达到之前起用应用程序。在一些事件中，起到修改程序或丢弃文件的作用。起初，被合法的软件开发商开发出强大的和有用的应用软件，钩子也被黑客用来开发广告软件。例如，包括能记录键盘点击的的位置；鼠标活动的整个过程；能监视和修改电脑中的所有信息；能远程控制鼠标和键盘。离开这个沙盘的意思是，即便通过信任程序的每次钩子事件，也会发出警报。
·Device Driver Installations设备驱动程序安装 - Device drivers are small programs that allow applications and/or operating systems to interact with a hardware device on your computer. Hardware devices include your disk drives, graphics card,wireless and LAN network cards, CPU, mouse, USB devices, monitor, DVD player etc.. Even the installation of a perfectly well-intentioned device driver can lead to system instability if it conflicts with other drivers on your system. The installation of a malicious driver could, obviously, cause irreparable damage to your computer or even pass control of that device to a hacker. Leaving this box checked means Defense+ alerts you every time a device driver is installed on your machine by an untrusted application.在你的计算机里，设备驱动程序是允许应用软件和操作系统相互作用的程序。硬件包括：硬盘驱动器、显卡、无线网卡、中央处理器、鼠标、USB设备、显示器、光驱等等…即使安装了一个完整的设备驱动程序，要是系统与其它的驱动程序有冲突，也不能平稳地引导你的系统。显然，黑客会通过控制安装一个恶意的程序来损坏你的计算机。离开沙盘检测的意思是你每次都能收到一个通过信任程序安装软件的Defense+警报。
·Processes' Terminations进程终止 - A process is a running instance of a program. (for example, the Comodo Internet Security process is called 'cfp.exe'. Press 'Ctrl+Alt+Delete' and click on 'Processes' to see the full list that are running on your system). Terminating a process, obviously, terminates the program. Viruses and Trojan horses often try to shut down the processes of any security software you have been running in order to bypass it. With this setting enabled, Defense+ monitors and alerts you to all attempts by an untrusted application to close down another application. 进程是一个正在运行的程序。（例如，毛豆国际互联网安全套装进程被叫做‘cfp.exe’. 按‘Ctrl+Alt+Delete’和单击在‘进程’上就可以看到所有的进程清单，它们正在你的系统上运行）。显然，结束一个进程，就等于结束一的程序。病毒和特洛伊木马常常会试图关闭任何安全软件的进程，目的是为了快速绕过安全软件进入系统，激活这个按钮，Defense+监听和警报，你能通过不信任应用软件程序来关闭另外一个应用软件。
·Windows Messages视窗信息 - This setting means Comodo Internet Security monitors and detects if one application attempts to send special Windows Messages to modify the behavior of another application (e.g. by using the WM_PASTE command). 这个设置的意思是：毛豆国际互联网安全套装监听和侦察，如果一个应用软件企图发送特殊的视窗信息去修改另外一个应用软件（例如：通过使用WM_PASTE的命令）。
·DNS Client Service - This setting alerts you if an application attempts to access the 'Windows DNS service' - possibly in order to launch a DNS recursion attack.A DNS recursion attack is a type of Distributed Denial of Service attack whereby an malicious entity sends several thousand spoofed requests to a DNS server. The requests are spoofed in that they appear to come from the target or 'victim' server but in fact come from different sources - often a network of 'zombie' pc's which are sending out these requests without the owners knowledge. The DNS servers are tricked into sending all their replies to the victim server - overwhelming it with requests and causing it to crash. Leaving this setting enabled prevents malware from using the DNS Client Service to launch such an attack.这个设置警报，如果一个应用软件企图通过‘视窗域名服务器的服务’，目的是可能地向另外一个域名服务器发送递归式攻击。一个域名服务器递归式攻击是一种分布式拒绝服务类型，凭藉这个，一个恶意实体软件发送成千上万的欺骗请求到一个域名服务器的服务器。
Background Note背景注解: DNS stands for Domain Name System. It is the part of the Internet infrastructure that translates a familiar domain name, such as '' to an IP address like 123.456.789.04. This is essential because the Internet routes messages to their destinations on the basis of this destination IP address, not the domain name. Whenever you type a domain name, your Internet browser contacts a DNS server and makes a 'DNS Query'. In simplistic terms, this query is 'What is the IP address ?'. Once the IP address has been located, the DNS server replies to your computer, telling it to connect to the IP in question. DNS表示域名系统。它是因特网的基础组成部分，用来解释一个熟悉的域名，例如：’’的IP地址像 。这是必须的，因为因特网路径把消息发送到目的必须通过目标IP地址才能发送出去。没有域名。无论何时，你打入一个域名，因特网浏览器会找到一个域名服务器对你的因特网域名提出质疑。在一个单纯的协商中，这个问题是：这个IP地址是吗？一旦有这个IP地址，域名服务器会回复你的计算机，告诉你能联系到这个IP地址。
Objects To Monitor Against Modifications对象要监测对修改:
Protected COM Interfaces保护界面端口 enables monitoring of COM interfaces you specified .这里能精确地监听到界面端口。
Protected Registry Keys保护注册键 enables monitoring of Registry keys you specified . 这里能精确地监听到界面注册键。
Protected Files/Folders保护文件、文件夹 enables monitoring of files and folders you specified . 这里能精确地监听到文件和文件夹。
Objects To Monitor Against Direct Access目标要监听对直接存取:
Determines whether or not Comodo Internet Security should monitor access to system critical objects on your computer. Using direct access methods, malicious applications can obtain data from a storage devices, modify or infect other executable software, record keystrokes and more. Comodo advises the average user to leave these settings enabled: 确定无论毛豆国际互联网安全套装能你的计算机上有效监听系统关键性的目标。使用直接存取方式，恶意的应用软件能从一个存储装置获得数据，修改或感染其他的执行软件，记录键击和更多的信息。毛豆建议平常使用者激活这个设置。
Physical Memory物理内存: Monitors your computer's memory for direct access by an applications and processes. Malicious programs attempt to access physical memory to run a wide range of exploits - the most famous being the 'Buffer Overflow' exploit. Buffer overruns occur when an interface designed to store a certain amount of data at a specific address in memory allows a malicious process to supply too much data to that address., This overwrites its internal structures and can be used by malware to force the system to execute its code.通过一个应用软件和进程，监听计算机内存的直接存取。恶意的程序企图通过物理内存进行大量开发-最著名的是‘缓存溢出’开发。当一个接口设计通过一个专用地址接收一定量的数据在存储器里，允许一个恶意的进程提供大量的数据给那个地址。这个多出数据是它的内部结构和被广告软件强制系统执行它的代码。
Computer Monitor计算机监听: Comodo Internet Security raises an alert every time a process tries to directly access your computer monitor. Although legitimate applications sometimes require this access, there is also an emerging category of spyware-programs that use such access to monitor users' activities. (for example, to take screen shots of
to record your browsing activities etc). 毛豆国际互联网安全套装在每次一个进程设法直接地进入入口你的计算机监听都会增加一个警报，虽然合法的应用软件有时需要这个入口，也有一种类型的间谍软件使用这种入口来监听用户的活动的。
Disks光盘: Monitors your local disk drives for direct access by running processes. This helps guard against malicious software that need this access to, for example, obtain data stored on the drives, destroy files on a hard disk, format the drive or corrupt the file system by writing junk data. 通过一个进程来监视你的磁盘驱动器进行直接存储。这样帮助预防恶意软件通过这个入口写入恶意数据，比如：获得数据存储在驱动器上，在你的硬盘上破坏文件，格式化驱动器或损坏文件系统。
Keyboard键盘: Monitors your keyboard for access attempts. Malicious software, known as 'key loggers', can record every stroke you make on your keyboard and can be used to steal your passwords, credit card numbers and other personal data. With this setting checked, Comodo Internet Security alerts you every time an application attempts to establish direct access to your keyboard. 通过入口企图监听键盘。恶意软件知道象‘键盘日记’，能记录每次键盘点击和能偷盗你的密码、信用卡密码和其他的个人数据。用这个设置检测，毛豆国际互联网安全套装警报每次应用软件企图通过直接存取确认键盘点击。
阅读(2070)|
用微信&&“扫一扫”
将文章分享到朋友圈。
用易信&&“扫一扫”
将文章分享到朋友圈。
历史上的今天
loftPermalink:'',
id:'fks_',
blogTitle:'COMODO Internet Security(7.Defense+设置（General Settings一般设置）',
blogAbstract:'
7．Defense+设置',
blogTag:'',
blogUrl:'blog/static/',
isPublished:1,
istop:false,
modifyTime:6,
publishTime:4,
permalink:'blog/static/',
commentCount:2,
mainCommentCount:1,
recommendCount:0,
bsrk:-100,
publisherId:0,
recomBlogHome:false,
currentRecomBlog:false,
attachmentsFileIds:[],
groupInfo:{},
friendstatus:'none',
followstatus:'unFollow',
pubSucc:'',
visitorProvince:'',
visitorCity:'',
visitorNewUser:false,
postAddInfo:{},
mset:'000',
remindgoodnightblog:false,
isBlackVisitor:false,
isShowYodaoAd:false,
hostIntro:'Fear not you`ve no bosom friends as you go along!\r\nThere is no connoissear on earth but loves your song.',
hmcon:'1',
selfRecomBlogCount:'0',
lofter_single:''
{list a as x}
{if x.moveFrom=='wap'}
{elseif x.moveFrom=='iphone'}
{elseif x.moveFrom=='android'}
{elseif x.moveFrom=='mobile'}
${a.selfIntro|escape}{if great260}${suplement}{/if}
{list a as x}
推荐过这篇日志的人：
{list a as x}
{if !!b&&b.length>0}
他们还推荐了：
{list b as y}
转载记录：
{list d as x}
{list a as x}
{list a as x}
{list a as x}
{list a as x}
{if x_index>4}{break}{/if}
${fn2(x.publishTime,'yyyy-MM-dd HH:mm:ss')}
{list a as x}
{if !!(blogDetail.preBlogPermalink)}
{if !!(blogDetail.nextBlogPermalink)}
{list a as x}
{if defined('newslist')&&newslist.length>0}
{list newslist as x}
{if x_index>7}{break}{/if}
{list a as x}
{var first_option =}
{list x.voteDetailList as voteToOption}
{if voteToOption==1}
{if first_option==false},{/if}&&“${b[voteToOption_index]}”&&
{if (x.role!="-1") },“我是${c[x.role]}”&&{/if}
&&&&&&&&${fn1(x.voteTime)}
{if x.userName==''}{/if}
网易公司版权所有&&
{list x.l as y}
{if defined('wl')}
{list wl as x}{/list}