本帖最后由 TianShiYuEr 于 2014-11-2 17:58 编辑
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\HIP\Config\Settings]
- //显示任务栏图标
- "ClientUI_ShowTrayIcon"=dword:00000001
- //允许通过任务栏图标“全部禁用”
- "ClientUI_AllowDisableFeature"=dword:00000001
- //允许通过任务栏图标“禁用Firewall”
- "ClientUI_AllowDisableFirewall"=dword:00000001
- //允许通过任务栏图标“禁用IPS”
- "ClientUI_AllowDisableIps"=dword:00000001
- //开启Firewall
- "FW_Enabled"=dword:00000001
- //开启防火墙“入站”学习模式
- "FW_LearnModeInEnabled"=dword:00000001
- //开启防火墙“出站”学习模式
- "FW_LearnModeOutEnabled"=dword:00000001
- //开启Firewall启动保护
- "FW_BootTimeEnabled"=dword:00000001
- //开启防火墙IP欺骗保护
- "FW_IpSpoofEnabled"=dword:00000001
- //开启IPS
- "IPS_IsLicensed"=dword:00000001
- //开启Host IPS
- "IPS_HipsEnabled"=dword:00000001
- //开启Network IPS
- "IPS_NipsEnabled"=dword:00000001
- //开启IPS启动保护
- "IPS_BootTimeIpsEnabled"=dword:00000001
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\HIP]
- //开机自动开启Host IPS、Network IPS、Firewall
- "LastEnabledStateHips"=dword:00000001
- "LastEnabledStateNips"=dword:00000001
- "LastEnabledStateFirewall"=dword:00000001
另外看了一下文档,发现ClientControl.exe很有用:
- Usage: ClientControl.exe [/<arg>]
- Args: 1) /help
- 2) /start <service name>
- The service name is optional. Service 'enterceptAgent' is used by default. Other possible service name is: hipmgmt
- 3) /stop <password> <service name>
- The service name is optional. Service 'enterceptAgent' is used by default. Other possible service name is: hipmgmt
- 4) /log <password> <log type> <log option>
- Log Type: 0 = HIPS
- 1 = Firewall
- Log Option: 0 = off
- 1 = error
- 2 = warning
- 3 = info
- 4 = debug,
- 5 = violation (HIPS only)
- 5) /engine <password> <engine type> <engine option>
- Engine Type: 0 = all
- 1 = buffer overflow
- 2 = sql (server only)
- 3 = registry
- 4 = services
- 5 = files
- 6 = http (server only)
- 7 = host ips api
- 8 = illegal use
- 9 = program
- 10 = hook
- Engine Option: 0 = off
- 1 = on
- 6) /export /s <path to event log source file> <path of event log export file>
- The source file path is optional. Do not include the "/s" flag if there's no source file.
- 7) /readNaiLic
- 8) /exportConfig <path of export file> <config type ...>
- Config Type: 0 = all
- 1 = app protection
- 2 = blocked hosts
- 3 = firewall
- 4 = hip custom sigs
- 5 = IPS exceptions
- 6 = settings
- 7 = trusted apps
- 8 = trusted networks
- 9 = network ips sigs
- 10 = hip sigs
- 11 = hip engines
- 12 = logon sessions
- 13 = DNS blocking rules
- 9) /defConfig <password>
- 10) /startupIPSProtection <path of export file>
- 11) /execInfo <path of executable file>
- 12) /fwPassthru <password> <option>
- Option: 0 = off
- 1 = on
- 13) /fwStateTableSize <password> <a numeric value between 32768 and 262144>
- Notes:
- 1) A password is required for the "stop", "log", "engine", "defConfig", "fwPassthru", and "fwStateTableSize" operations.
- 2) There must be at least one space between the arg, the password, and any other required parameters.
- 3) For operations taking numeric arguments (e.g. "log", "engine", and "exportConfig"), those arguments will be converted to unsigned integers. For example, if you enter an argument like "10.1", the program will convert that to "10" and continue execution using the converted value.
- 4) See ClientControl.log for runtime logging. It is written to C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrustion Prevention (non-Vista) or C:\Program Data\McAfee\Host Intrustion Prevention (Vista)
|
发表于 2014-11-2 17:37:48
