在给诺顿浇盆冷水！

FUCKCAT

驭龙 发表于 2014-5-29 20:16
似乎NDIS已经不是最新网络过滤技术了，未来的网络过滤功能大多数是利用WFP技术实现过滤，是Microsoft提 ...

wfp属于内核过滤吗？

biange200

驭龙 发表于 2014-5-29 13:24
Symantec Endpoint Protection的这个插件Symantec Vulnerability Protection就是赛门铁克漏洞保护插件， ...

好像和微软的NIS差不多  上次打开个网页  SCEP拦截的就是漏洞攻击

驭龙

FUCKCAT 发表于 2014-5-29 21:12
wfp属于内核过滤吗？

原文
Windows Filtering Platform (WFP) enables TCP/IP packet filtering, inspection, and modification, connection monitoring or authorization, IPsec rules and processing, and RPC filtering. Generally, you must convert your TCP/IP filtering or connection monitoring component in Windows XP and Windows Server 2003 to use a WFP user-mode application or service, a WFP kernel-mode callout driver, or both for Windows Vista and Windows Server 2008 and later. The following table lists the existing methods for packet processing in Windows XP and Windows Server 2003 and how you must change them in Windows Vista and Windows Server 2008 and later to use WFP.

驭龙

biange200 发表于 2014-5-29 21:14
好像和微软的NIS差不多  上次打开个网页  SCEP拦截的就是漏洞攻击

不一样，现在微软的网络检查系统是拥有网络行为实时监控功能，是一种行为保护，因此网络检查系统不是以前的防漏洞功能了，而是更高级的行为保护

FUCKCAT

驭龙 发表于 2014-5-29 21:23
原文
Windows Filtering Platform (WFP) enables TCP/IP packet filtering, inspection, and modificati ...

虽然看不太懂，依旧感谢大龙的帮助u！

尘梦幽然

消停 发表于 2014-5-28 11:43
http://bbs.kafan.cn/thread-1737607-1-1.html这个你上报了吗？虽然SONAR删了文件，但同样电脑也用不了了 ...

This message is an automatically generated reply -- do not reply to this message.This system is designed to analyze and process suspicious file submissions into Symantec Security Response and cannot accept correspondence or inquiries.


Submission Date        2014-05-28T03:49:30.177
Tracking #        38393069
Submitter        jerry chen
Customer Notes         尽管SONAR能够识别它，但是系统仍然被破坏。


jerry chen,


We have processed your submission (Tracking #38393069) and your submission is now closed. The following is a report of our findings for the files in your submission:
Submission Summary

Files Submitted
#        Filename        MD5        Determination        Signature Protection Name        RR Seq#
1         .rar        0xD4A923B45C07596554BB02CAEA18D88F        Archive         N/A        N/A
2        熊猫烧香.exe        0x7A3D2CD2820CC2758017527AF1EE2FD5        NewThreat        Trojan Horse
N/A
Developer Notes:


.rar is a container file e.g. archive, email

熊猫烧香.exe is a non-repairable threat.
Assessment

File1:         .rar
MD5:        0xD4A923B45C07596554BB02CAEA18D88F
SHA-1:        0x8E5B079C47A46DE092030A3033388E3CF1138423
Determination:        See Dev Notes
Submission Detail:        Please see the developer notes.

File2:        熊猫烧香.exe
MD5:        0x7A3D2CD2820CC2758017527AF1EE2FD5
SHA-1:        0x4591CB603FCD734E55BF573F16BED5153EC83AFD
Determination:        NewThreat
Submission Detail:        This file is detected as Trojan Horse with our existing certified LiveUpdate definitions.
Signature Protection Name:        Trojan Horse
Live Update Sequence Number:        154390

This message was generated by Symantec Security Response automation.

Should you have any questions about your submission, please contact our regional technical support from the Symantec Web site, and give them the tracking number included in this message.

Symantec Technical Support

http://www.symantec.com/techsupp/

Sincerely,

Symantec Security Response

消停

尘梦幽然 发表于 2014-6-1 08:59
This message is an automatically generated reply -- do not reply to this message.This system is de ...

入库了！

消停

尘梦幽然 发表于 2014-6-1 08:59
This message is an automatically generated reply -- do not reply to this message.This system is de ...

http://bbs.kafan.cn/thread-1739984-2-1.html这个是新出的,诺顿再次被攻陷,这次自报没问题,过了几分钟就恢复过来了,各项功能也没问题,但是与云的链接被中断了!明天我去上报,如果长时间不入库我在找你!

尘梦幽然

消停 发表于 2014-6-3 20:17
http://bbs.kafan.cn/thread-1739984-2-1.html这个是新出的,诺顿再次被攻陷,这次自报没问题,过了几分钟就 ...

嗯，我会留意。

消停

尘梦幽然 发表于 2014-6-3 23:11
嗯，我会留意。

已经入库了！我感觉我上报的样本处理速度并没快，这个是用另一个邮箱昨天上报的，今天就入库了！