DG、BD、瑞星、BG主防、小a沙盘、诺顿的sonar小弟惨遭999胃泰蹂躏！OA貌似被过（更2）

firefox3

青春虎 发表于 2012-12-16 14:12
静候sonar阵亡……

别小瞧人哦

a256886572008

看來，加入命令行檢測的 HIPS 才攔得住。

firefox3

a256886572008 发表于 2012-12-16 14:18
看來，加入命令行檢測的 HIPS 才攔得住。

a大你测试一下毛豆吧
SSF有命令行的吧

zmzcy

sonar我就不测了不过呢运行后ips可以拦截

darkwolf_99

firefox3 发表于 2012-12-16 12:38
不会吧？太智能了吧？还好没用Mamutu
你向官方提交一下结果吧
另外诺顿的sonar 我这么呼唤 ...

对小屠屠没兴趣哦，最后更新还是去年

试试xp下

firefox3

zmzcy 发表于 2012-12-16 14:29
sonar我就不测了不过呢运行后ips可以拦截

测一个呗，sonar兄！
IPS拉黑什么的求别说了

firefox3

darkwolf_99 发表于 2012-12-16 14:31
对小屠屠没兴趣哦，最后更新还是去年

试试xp下

好的，静观杯具

darkwolf_99

firefox3 发表于 2012-12-16 14:20
a大你测试一下毛豆吧
SSF有命令行的吧

SSF有命令行　这点我喜欢，OA也是

就是毛豆磕si也不加

UDady

OA free 提示拦截

不过我为了看行为点“Allow”

OA 自动“runsafe”，重启后还提示拦截这个dll，不过没被锁住










重启后，正常进入系统，但提示依旧拦截dll

UDady

这个dll的行为

Created:      2012-12-16 14:34:58
Summary:      Program Guard: 999.dll
Description:  C:\Program Files\Process Hacker 2\ProcessHacker.exe -> C:\Documents and Settings\Administrator\桌面\999.dll
Event type:   Program Guard(9)
Event action: Allowed(2)

Created:      2012-12-16 14:35:00
Summary:      Program Guard: rundll32.exe
Description:  C:\WINDOWS\system32\rundll32.exe was trusted automatically.
Event type:   Program Guard(22)
Event action: Trusted(6)

Created:      2012-12-16 14:35:20
Summary:      Program Guard: 999.dll -> rundll32.exe
Description:  C:\Documents and Settings\Administrator\桌面\999.dll(0) wants to start C:\WINDOWS\system32\rundll32.exe(0)
Event type:   Program Guard(9)
Event action: Allowed(2)

Created:      2012-12-16 14:35:28
Summary:      Program Guard: kernel event
Description:  OADriver: SendMessage, 3148 -> 1132, Msg: 1049/419 - Deny (watched)
Event type:   Kernel event(26)
Event action: None(1)
Processes:
  PID:    1132        Name: explorer.exe
  PID:    3148        Name: rundll32.exe

Created:      2012-12-16 14:35:28
Summary:      Program Guard: kernel event
Description:  OADriver: CreateKey, PID: 3148, Act:  1, Idn: 0, Mask: \REGISTRY\USER\S-1-5-21-1715567821-1275210071-1417001333-500\Software\Microsoft\Internet Explorer\Main - Deny (rule)
Event type:   Kernel event(26)
Event action: None(1)
Processes:
  PID:    3148        Name: rundll32.exe

Created:      2012-12-16 14:35:42
Summary:      Program Guard: 999.dll -> IEXPLORE.EXE
Description:  C:\Documents and Settings\Administrator\桌面\999.dll(0) wants to allocate memory in C:\Program Files\Internet Explorer\IEXPLORE.EXE(3212)
Event type:   Program Guard(9)
Event action: Allowed(2)

Created:      2012-12-16 14:35:44
Summary:      Firewall: Automatic decision
Description:  C:\Program Files\Internet Explorer\IEXPLORE.EXE, Outgoing UDP access allowed to: 127.0.0.1:1048
Event type:   Firewall: Automatic decision(16)
Event action: Allowed(2)

Created:      2012-12-16 14:35:49
Summary:      Program Guard: 999.dll -> IEXPLORE.EXE
Description:  C:\Documents and Settings\Administrator\桌面\999.dll(0) wants to create thread in C:\Program Files\Internet Explorer\IEXPLORE.EXE(3212)
Event type:   Program Guard(9)
Event action: Allowed(2)

Created:      2012-12-16 14:35:50
Summary:      Program Guard: kernel32.dll
Description:  C:\WINDOWS\system32\kernel32.dll was trusted automatically.
Event type:   Program Guard(22)
Event action: Trusted(6)

Created:      2012-12-16 14:37:16
Summary:      Program Guard: taskmgr.exe
Description:  C:\WINDOWS\system32\taskmgr.exe was trusted automatically.
Event type:   Program Guard(22)
Event action: Trusted(6)