咖啡防入口通用型规则包【7月19更新】

显示全部楼层 · 发表于 2008-7-18 19:29:55

我又在想另一个问题，小邪邪的昨天也更新了，他那个真的很精简了，你俩的精简版是不是最终会殊途同归呢？

显示全部楼层 · 发表于 2008-7-19 09:14:01

再顶一次，顶上去啊！！！又更新了

显示全部楼层 · 发表于 2008-7-19 17:00:45

邪邪的精简规则是默认规则几乎全开（个别默认规则有改进）+ 未知程序的注册表和联网控制
和我的规则的思路有很大的不同,任君挑选

[ 本帖最后由 rappar 于 2008-7-19 17:52 编辑 ]

显示全部楼层 · 发表于 2008-7-19 17:04:18

19号的更新内容还是比较多的，所以直接把自定义规则都帖上来
而默认规则没有什么改动，只是个别规则加了一些排除项，就不帖了

精简版的

注： File 指的是“要阻止的文件或文件夹”，后面的X、R、C等符号代表不同的操作
R = 读取
W = 写
X = 执行
C = 创建
D = 删除

AccessProtection {
"A01 禁止非本地文件执行文件操作（请调整排除项，排除本地磁盘和光驱）"
要包含的进程 *
要排除的进程 **\\C:\\** D:\\** E:\\** F:\\** G:\\** SYSTEM
{File RWXCD { * } }

"A02 禁止新建任何.HTA文件"
要包含的进程 *
{File C { *.hta } }

"A03 限制程序从Documents and Settings启动"
要包含的进程 "?:\\Documents and Settings\\**"
要排除的进程 "?:\\Documents and Settings\\**\\Application Data\\**\\*.exe" "?:\\Documents and Settings\\**\\Temp\\**"
{File RWXCD { * } }

"A04 管制浏览器（禁止新建、执行.BAT文件）"
要包含的进程
**\\Windows\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe
要排除的进程
**\\Windows\\explorer.exe **\\Windows\\system32\\msiexec.exe
{File XC { *.bat } }

"A05 管制浏览器（禁止新建、执行.PIF文件）"
要包含的进程
**\\Windows\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe
要排除的进程
**\\Windows\\explorer.exe **\\Windows\\system32\\msiexec.exe
{File XC { *.pif } }

"A06 管制浏览器（禁止调用cmd.exe）"
要包含的进程
**\\Windows\\** **\\桌面\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe \\*
要排除的进程
?:\\Windows\\explorer.exe ?:\\Windows\\system32\\cmd.exe ?:\\Windows\\system32\\msiexec.exe ?:\\Windows\\system32\\rundll32.exe ?:\\Windows\\system32\\services.exe
{File WXCD { cmd.exe } }

"A07 管制浏览器（禁止在磁盘根目录下新建/修改/执行文件）"
要包含的进程
Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe
File WXCD { /* } }

"A08 管制浏览器（禁止从桌面执行程序）"
要包含的进程
Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe
{File X { **\\桌面\\** } }

"A09 管制浏览器（禁止调用脚本宿主工具）"
要包含的进程
**\\Temp\\** **\\windows\\* Avant.exe Brexpo*.exe cmd.exe explorer.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe \\*
{File WXCD { **\\system32\\*script.exe } }

"A10 限制其他联网程序1（自行添加程序到\"要包含的进程\"）"
要包含的进程
emule.exe flashget.exe jetAudio.exe jetUpdate.exe PPstream.exe qq.exe thunder.exe thunder?.exe UUseeMediaCenter.exe UUseePlayer.exe
{File WC { **\\Windows\\**\\*.exe } }

"A11 限制其他联网程序2（自行添加程序到\"要包含的进程\"）"
要包含的进程
emule.exe flashget.exe jetAudio.exe jetUpdate.exe PPstream.exe qq.exe thunder.exe thunder?.exe UUseeMediaCenter.exe UUseePlayer.exe
{File WC { "**\\Program Files\\**\\*.exe" } }

"A12 管制浏览器（禁止从Documents and Settings文件夹执行exe文件）"
要包含的进程
Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}
{File X { "**\\Documents and Settings\\**\\*.exe" } }

"A13 管制浏览器（禁止新建.OCX文件）"
要包含的进程
Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe
{File C { *.ocx } }

"A14 C盘管制（限制除系统默认文件夹外的程序执行）"
要包含的进程
C:\\**}要排除的进程 **\\MCAFEE\\** "**\\Program Files\\**" **\\PROGRA~1\\** **\\Temp\\** "?:\\Documents and Settings\\**" ?:\\DOCUME~1\\** ?:\\Windows\\**
{File RWXCD { * } }

"A15 管制浏览器（禁止调用Adodb.stream控件）"
要包含的进程
Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe svchost.exe theworld.exe TTraveler.exe winlogon.exe
{File WXCD { msado15.dll } }

"A16 禁止从网页缓存中运行程序"
要包含的进程 *
{File X { 要包含的进程 **\\Content.IE5\\** } }

"A17 管制浏览器（禁止调用Wscript.Shell组件）"
要包含的进程
Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}
{File WXCD { wshom.ocx } }

"A18 管制浏览器（禁止加载urlmon.dll）"
要包含的进程
Avant.exe Brexpo.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe
{File X { urlmon.dll } }

"A19 管制浏览器（禁止调用FileSystemObject控件）"
要包含的进程
Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe svchost.exe theworld.exe TTraveler.exe winlogon.exe
{File WXCD { scrrun.dll } }

"A20 管制浏览器（禁止调用MDAC）"
要包含的进程
Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe
{File XC { 要包含的进程 msadco.dll } }

"A21 管制浏览器（禁止新建.COM文件）"
要包含的进程
**\\Windows\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}要排除的进程 **\\Windows\\explorer.exe **\\Windows\\system32\\msiexec.exe **\\Windows\\system32\\svchost.exe
{File XC { *.com } }

"A22 只允许执行指定后缀的文件"
要包含的进程 *}要排除的进程 *.com *.exe *.mp *.scr *.tmp SYSTEM
{File RWXCD { * } }

"A23 禁止未知程序读取网页缓存下的exe文件"
要包含的进程 *
要排除的进程 "**\\Program Files\\**" **\\PROGRA~1\\** ?:\\Windows\\explorer.exe Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe
{File RXC { **\\Content.IE5\\**\\*.exe } }

"A24 禁止私自执行SCR文件"
要包含的进程 *
要排除的进程 *.scr ?:\\Windows\\explorer.exe ?:\\WINDOWS\\system32\\rundll32.exe ?:\\WINDOWS\\system32\\winlogon.exe
{File X { *.scr } }

防范U盘病毒
要包含的进程 explorer.exe svchost.exe}
{Key CWD { HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2/*/shell/**} }

[ 本帖最后由 rappar 于 2008-7-19 17:46 编辑 ]

显示全部楼层 · 发表于 2008-7-19 17:14:56

加强版的

注： File 指的是“要阻止的文件或文件夹”，后面的X、R、C等符号代表不同的操作
R = 读取
W = 写
X = 执行
C = 创建
D = 删除

Include = 要包含的进程

Exclude = 要排除的进程

UserEnforce = 是否阻止，后面的值为1即阻止，为0则不阻止，即不启用此规则

UserReport = 是否报告，后面的值为1即报告并记录日志，为0则不记录日志

AccessProtection {
UserString UR0 "A01 禁止非本地文件执行文件操作（请调整排除项，只排除本地磁盘和光驱）"
UserEnforce UR0 1
UserReport UR0 1
UserProcess UR0 {Include *;Exclude **\\C:\\** D:\\** E:\\** F:\\** G:\\** system}
UserRule UR0 G_User {File RWXCD { Include * }
}
UserString UR1 "A02 禁止新建任何.HTA文件"
UserEnforce UR1 1
UserReport UR1 1
UserProcess UR1 {Include *}
UserRule UR1 G_User {File C { Include *.hta }
}
UserString UR10 "A03 禁止恶意格式化操作"
UserEnforce UR10 1
UserReport UR10 1
UserProcess UR10 {Include *}
UserRule UR10 G_User {File WXCD { Include **\\system32\\format.* }
}
UserString UR11 "A04 管制浏览器（禁止从Documents and Settings文件夹中运行.EXE文件）"
UserEnforce UR11 1
UserReport UR11 1
UserProcess UR11 {Include **\\桌面\\** Avant.exe Brexpo.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon.exe maxthon?.exe miniie.exe mplayerc.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe storm.exe theworld.exe TTraveler.exe webthunder.exe \\*}
UserRule UR11 G_User {File X { Include "**\\Documents and Settings\\**\\*.exe" }
}
UserString UR12 "A05 管制浏览器（禁止加载urlmon.dll）"
UserEnforce UR12 1
UserReport UR12 0
UserProcess UR12 {Include **\\桌面\\** Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe \\*}
UserRule UR12 G_User {File X { Include **\\system32\\urlmon.dll }
}
UserString UR13 "A06 管制浏览器（禁止调用cmd.exe）"
UserEnforce UR13 1
UserReport UR13 1
UserProcess UR13 {Include **\\windows\\** **\\桌面\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe \\*;Exclude **\\windows\\explorer.exe **\\Windows\\system32\\msiexec.exe **\\Windows\\system32\\rundll32.exe cmd.exe}
UserRule UR13 G_User {File WXCD { Include **\\system32\\cmd.exe }
}
UserString UR14 "A07 管制浏览器（禁止新建exe文件）（若开启此规则，下载文件时尽量用工具下载） "
UserEnforce UR14 0
UserReport UR14 0
UserProcess UR14 {Include **\\桌面\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe UUseeMediaCenter.exe UUseePlayer.exe}
UserRule UR14 G_User {File C { Include *.exe }
}
UserString UR15 "A08 禁止执行IE缓存文件夹下文件"
UserEnforce UR15 1
UserReport UR15 1
UserProcess UR15 {Include *}
UserRule UR15 G_User {File X { Include **\\Content.IE5\\** }
}
UserString UR16 "A09 管制浏览器（禁止调用脚本宿主工具）"
UserEnforce UR16 1
UserReport UR16 1
UserProcess UR16 {Include **\\Temp\\** **\\Windows\\** **\\桌面\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe \\*}
UserRule UR16 G_User {File WXCD { Include **\\WINDOWS\\system32\\*script.exe }
}
UserString UR17 "A10 管制浏览器（禁止在Application Data目录下新建、运行exe文件）"
UserEnforce UR17 1
UserReport UR17 1
UserProcess UR17 {Include **\\Windows\\** **\\桌面\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe UUseeMediaCenter.exe UUseePlayer.exe \\*;Exclude **\\WINDOWS\\Explorer.EXE **\\WINDOWS\\system32\\msiexec.exe **\\Windows\\system32\\rundll32.exe **\\WINDOWS\\system32\\services.exe}
UserRule UR17 G_User {File XC { Include "**\\Application Data\\**\\*.exe" }
}
UserString UR18 "A11 管制浏览器（禁止私自调用注册表编辑器）"
UserEnforce UR18 1
UserReport UR18 1
UserProcess UR18 {Include **\\桌面\\** Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe Safari.exe SeaMonkey.exe Sleipnir.exe svchost.exe theworld.exe TTraveler.exe \\*}
UserRule UR18 G_User {File WXCD { Include **\\WINDOWS\\**\\reg*.exe }
}
UserString UR19 "A12 管制浏览器（禁止在Common Files目录新建修改文件）"
UserEnforce UR19 1
UserReport UR19 1
UserProcess UR19 {Include **\\桌面\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe \\*}
UserRule UR19 G_User {File WC { Include "**\\Program Files\\Common Files\\**" }
}
UserString UR2 "A13 管制浏览器（禁止调用Adodb.stream控件）"
UserEnforce UR2 1
UserReport UR2 1
UserProcess UR2 {Include ?script.exe Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}
UserRule UR2 G_User {File WXCD { Include "**\\Program Files\\Common Files\\System\\ado\\msado15.dll" }
}
UserString UR20 "A14 管制浏览器（禁止新建cab文件）"
UserEnforce UR20 1
UserReport UR20 1
UserProcess UR20 {Include Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}
UserRule UR20 G_User {File C { Include *.cab }
}
UserString UR21 "A15 禁止CMD.exe在Program Files目录新建任何文件"
UserEnforce UR21 1
UserReport UR21 1
UserProcess UR21 {Include cmd.exe}
UserRule UR21 G_User {File C { Include "**\\Program Files\\**" }
}
UserString UR22 "A16 禁止调用16位虚拟机程序"
UserEnforce UR22 1
UserReport UR22 1
UserProcess UR22 {Include *}
UserRule UR22 G_User {File WXCD { Include **\\WINDOWS\\system32\\ntvdm.exe }
}
UserString UR23 "A17 禁止私自调用calcs.exe"
UserEnforce UR23 1
UserReport UR23 1
UserProcess UR23 {Include *}
UserRule UR23 G_User {File WXCD { Include **\\WINDOWS\\system32\\cacls.exe }
}
UserString UR24 "R18 禁止未授权程序访问注册表（请自行添加光驱到排除项）"
UserEnforce UR24 0
UserReport UR24 0
UserProcess UR24 {Include *;Exclude **\\McAfee\\** "**\\Program Files\\**" **\\PROGRA~1\\** **\\SP2???\\** **\\Temp\\** **\\update\\update.exe **\\安装程序\\** **\\游戏\\** "?:\\Documents and Settings\\**\\Application Data\\*\\**\\*.exe" ?:\\Windows\\**}
UserRule UR24 G_User {Key CWD {Include HKALL/**/**}
}
UserString UR25 "F19 禁止未授权程序进行文件操作（请自行添加光驱到排除项）"
UserEnforce UR25 0
UserReport UR25 0
UserProcess UR25 {Include *;Exclude **\\McAfee\\** "**\\Program Files\\**" **\\PROGRA~1\\** **\\SP2???\\** **\\Temp\\** **\\update\\update.exe **\\安装程序\\** **\\游戏\\** "?:\\Documents and Settings\\**\\Application Data\\**\\*.exe" ?:\\Windows\\** SYSTEM}
UserRule UR25 G_User {File WXCD { Include * }
}
UserString UR26 "A20 禁止本地新建.COM文件"
UserEnforce UR26 1
UserReport UR26 1
UserProcess UR26 {Include *;Exclude **\\Temp\\** **\\Tencent\\QQDoctor\\QQDoctor.exe **\\Windows\\system32\\msiexec.exe **\\WinRAR\\WinRAR.exe **\\安装程序\\**}
UserRule UR26 G_User {File C { Include *.com }
}
UserString UR27 "A21 禁止本地新建.CMD文件"
UserEnforce UR27 1
UserReport UR27 1
UserProcess UR27 {Include *;Exclude **\\Temp\\** **\\Windows\\system32\\msiexec.exe **\\WinRAR\\WinRAR.exe **\\安装程序\\**}
UserRule UR27 G_User {File C { Include *.cmd }
}
UserString UR28 "A22 禁止本地新建.BAT文件"
UserEnforce UR28 1
UserReport UR28 1
UserProcess UR28 {Include *;Exclude "**\\Program Files\\**" **\\PROGRA~1\\** **\\Temp\\** **\\windows\\explorer.exe **\\Windows\\system32\\msiexec.exe **\\安装程序\\** **\\游戏\\**}
UserRule UR28 G_User {File C { Include *.bat }
}
UserString UR29 "F23 保护更新程序的临时目录"
UserEnforce UR29 0
UserReport UR29 0
UserProcess UR29 {Include *;Exclude "**\\Program Files\\**" **\\PROGRA~1\\** **\\update\\update.exe **\\安装程序\\**}
UserRule UR29 G_User {File C { Include **\\SP2???\\** }
}
UserString UR3 "A24 禁止从网页缓存中执行程序"
UserEnforce UR3 1
UserReport UR3 1
UserProcess UR3 {Include *}
UserRule UR3 G_User {File X { Include **\\Content.IE5\\** }
}
UserString UR30 "F25 保护软件安装程序目录"
UserEnforce UR30 0
UserReport UR30 0
UserProcess UR30 {Include *;Exclude "**\\Program Files\\**" **\\PROGRA~1\\** **\\windows\\explorer.exe}
UserRule UR30 G_User {File WXCD { Include **\\安装程序\\** }
}
UserString UR31 "A26 管制浏览器（禁止新建/执行任何.BAT文件）"
UserEnforce UR31 1
UserReport UR31 1
UserProcess UR31 {Include **\\桌面\\** Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe hh.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe \\*}
UserRule UR31 G_User {File XC { Include *.bat }
}
UserString UR32 "A27 管制浏览器（禁止新建.OCX控件）"
UserEnforce UR32 1
UserReport UR32 1
UserProcess UR32 {Include Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}
UserRule UR32 G_User {File C { Include *.ocx }
}
UserString UR33 "A28 管制浏览器（禁止创建Wscript.Shell对象）"
UserEnforce UR33 1
UserReport UR33 1
UserProcess UR33 {Include Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}
UserRule UR33 G_User {File WXCD { Include **\\WINDOWS\\system32\\wshom.ocx }
}
UserString UR34 "A29 管制浏览器（禁止从桌面执行程序）（仅限简体中文系统）"
UserEnforce UR34 1
UserReport UR34 1
UserProcess UR34 {Include Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}
UserRule UR34 G_User {File WXCD { Include **\\桌面\\** }
}
UserString UR35 "A30 管制浏览器（禁止修改ProgramFiles下的程序）"
UserEnforce UR35 1
UserReport UR35 1
UserProcess UR35 {Include Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}
UserRule UR35 G_User {File WCD { Include "**\\Program Files\\**\\*.exe" }
}
UserString UR36 "A31 管制浏览器（禁止调用MDAC组件）"
UserEnforce UR36 1
UserReport UR36 1
UserProcess UR36 {Include Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe TTraveler.exe}
UserRule UR36 G_User {File XC { Include msadco.dll }
}
UserString UR37 "A32 管制浏览器（禁止在磁盘根目录下新建/修改/运行文件）"
UserEnforce UR37 1
UserReport UR37 1
UserProcess UR37 {Include **\\Windows\\** **\\桌面\\** Avant.exe Brexpo*.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe theworld.exe thunder.exe thunder?.exe TTraveler.exe webthunder.exe;Exclude **\\windows\\explorer.exe **\\Windows\\system32\\msiexec.exe}
UserRule UR37 G_User {File WXCD { Include ?:\\* }
}
UserString UR38 "A33 管制浏览器（禁止调用FileSystemObject控件）"
UserEnforce UR38 1
UserReport UR38 1
UserProcess UR38 {Include Avant.exe Brexpo*.exe cmd.exe firefox.exe GE.exe GreenBrowser.exe gsfbwsr.exe iexplore.exe MaxFox.exe maxthon*.exe miniie.exe netscape.exe opera.exe Orca.exe realplay.exe Safari.exe SeaMonkey.exe Sleipnir.exe svchost.exe theworld.exe TTraveler.exe winlogon.exe}
UserRule UR38 G_User {File WXCD { Include **\\system32\\scrrun.dll }
}
UserString UR39 "A34 禁止自私自执行.SCR文件"
UserEnforce UR39 1
UserReport UR39 1
UserProcess UR39 {Include *;Exclude **\\WINDOWS\\Explorer.EXE **\\WINDOWS\\system32\\Rundll32.exe **\\WINDOWS\\system32\\winlogon.exe *.scr}
UserRule UR39 G_User {File X { Include *.scr }
}
UserString UR4 "A35 禁止执行的后缀"
UserEnforce UR4 1
UserReport UR4 1
UserProcess UR4 {Include *;Exclude *.com *.exe *.mp *.scr *.tmp}
UserRule UR4 G_User {File X { Include * }
}
UserString UR40 "A36 禁止CMD.EXE在系统目录新建、修改文件"
UserEnforce UR40 1
UserReport UR40 1
UserProcess UR40 {Include cmd.exe}
UserRule UR40 G_User {File WCD { Include **\\windows\\** }
}
UserString UR41 "A37 禁止私自调用replace.exe"
UserEnforce UR41 1
UserReport UR41 1
UserProcess UR41 {Include *}
UserRule UR41 G_User {File WXCD { Include **\\WINDOWS\\system32\\replace.exe }
}
UserString UR42 "A38 防范U盘病毒（禁止写入\"打开磁盘\"右键命令）"
UserEnforce UR42 1
UserReport UR42 1
UserProcess UR42 {Include explorer.exe svchost.exe}
UserRule UR42 G_User {Key CWD {Include HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2/**/shell/**}
}
UserString UR43 "A39 禁止新建任何.SH?文件"
UserEnforce UR43 1
UserReport UR43 1
UserProcess UR43 {Include *;Exclude "**\\Program Files\\**" **\\PROGRA~1\\**}
UserRule UR43 G_User {File C { Include *.SH? }
}
UserString UR44 "A40 C盘管制（除系统默认文件夹外限制程序运行）"
UserEnforce UR44 1
UserReport UR44 1
UserProcess UR44 {Include C:\\**;Exclude **\\MCAFEE\\** "**\\Program Files\\**" **\\PROGRA~1\\** **\\Temp\\** "?:\\Documents and Settings\\**\\Application Data\\*\\**" "?:\\DOCUME~1\\**\\Application Data\\*\\**" ?:\\Windows\\**}
UserRule UR44 G_User {File RWXCD { Include * }
}
UserString UR45 "A41 禁止未授权程序调用reg.exe"
UserEnforce UR45 1
UserReport UR45 1
UserProcess UR45 {Include *;Exclude **\\安装程序\\** ?:\\windows\\explorer.exe}
UserRule UR45 G_User {File XD { Include **\\WINDOWS\\system32\\reg.exe }
}
UserString UR46 "A42 禁止未授权程序调用net.exe/netsetup.exe/netdde.exe/netsh.exe"
UserEnforce UR46 1
UserReport UR46 1
UserProcess UR46 {Include *;Exclude "**\\Program Files\\**" **\\PROGRA~1\\** **\\安装程序\\** ?:\\windows\\explorer.exe}
UserRule UR46 G_User {File WXCD { Include **\\WINDOWS\\system32\\net*.exe }
}
UserString UR47 "A43 管制.TMP文件"
UserEnforce UR47 1
UserReport UR47 1
UserProcess UR47 {Include *.tmp;Exclude **\\Temp\\**\\*.tmp **\\WINDOWS\\Installer\\**\\*.tmp}
UserRule UR47 G_User {File WXCD { Include * }
}
UserString UR48 "A44 禁止从回收站运行文件"
UserEnforce UR48 1
UserReport UR48 1
UserProcess UR48 {Include *;Exclude ?:\\Windows\\explorer.exe}
UserRule UR48 G_User {File X { Include **\\RECYCLE?\\** }
}
UserString UR49 "A45 禁止调用ntsd.exe"
UserEnforce UR49 1
UserReport UR49 1
UserProcess UR49 {Include *;Exclude ?:\\WINDOWS\\explorer.exe}
UserRule UR49 G_User {File WCD { Include **\\windows\\system32\\ntsd.exe }
}
UserString UR5 "A46 管制程序从Documents and Settings启动"
UserEnforce UR5 1
UserReport UR5 1
UserProcess UR5 {Include "?:\\Documents and Settings\\**";Exclude "?:\\Documents and Settings\\**\\Application Data\\**" "?:\\Documents and Settings\\**\\Temp\\**"}
UserRule UR5 G_User {File RWXCD { Include * }
}
UserString UR50 "A47 限制其他联网程序1（自行添加到\"包含的进程\"）"
UserEnforce UR50 1
UserReport UR50 1
UserProcess UR50 {Include emule.exe flashget.exe jetAudio.exe jetUpdate.exe PPstream.exe qq.exe thunder.exe thunder?.exe UUseeMediaCenter.exe UUseePlayer.exe}
UserRule UR50 G_User {File WC { Include **\\windows\\**\\*.exe }
}
UserString UR51 "A48 限制其他联网程序2（自行添加到\"包含的进程\"）"
UserEnforce UR51 1
UserReport UR51 1
UserProcess UR51 {Include emule.exe flashget.exe jetAudio.exe jetUpdate.exe PPstream.exe qq.exe thunder.exe thunder?.exe UUseeMediaCenter.exe UUseePlayer.exe}
UserRule UR51 G_User {File WC { Include "**\\Program Files\\**\\*.exe" }
}
UserString UR6 "A49 禁止调用sc.exe"
UserEnforce UR6 1
UserReport UR6 1
UserProcess UR6 {Include *}
UserRule UR6 G_User {File X { Include **\\Windows\\system32\\sc.exe }
}
UserString UR7 "A50 禁止运行Tskill.exe/Taskkill.exe"
UserEnforce UR7 1
UserReport UR7 1
UserProcess UR7 {Include *}
UserRule UR7 G_User {File X { Include **\\windows\\system32\\t*kill.exe }
}
UserString UR9 "A51 禁止私自运行shutdown.exe"
UserEnforce UR9 1
UserReport UR9 1
UserProcess UR9 {Include *;Exclude ?:\\windows\\explorer.exe ?:\\WINDOWS\\System32\\drwtsn32.exe ?:\\WINDOWS\\System32\\dwwin.exe}
UserRule UR9 G_User {File WXCD { Include **\\WINDOWS\\system32\\shutdown.exe }
}

}

显示全部楼层 · 发表于 2008-7-19 18:36:51

sf!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

显示全部楼层 · 发表于 2008-7-19 18:39:44

想问问
7.19 这次的更新的缘由？

我觉得这个更直观点。。。orz

显示全部楼层 · 发表于 2008-7-19 22:25:49

主要是为了补漏

显示全部楼层 · 发表于 2008-7-20 07:50:59

气流的东西一直在用很人性化～

显示全部楼层 · 发表于 2008-7-20 10:54:06

感谢楼主分享规则......试试

[技术原创] 咖啡防入口通用型规则包【7月19更新】

回复 641楼 svlbt 的帖子

回复 647楼 jiuzhege 的帖子