求教一下怎样设置毛豆才能让CLT的测试达到一个比较理想的分数?

显示全部楼层 · 发表于 2008-10-20 21:18:51

COMODO LAKE TESTS的测试,都是测试的什么方面的?本人比较菜...麻烦高手给说明一下,具体需要设置那些方面,或者说怎样设置毛豆才能让CLT测试的值比较理想一些?

显示全部楼层 · 发表于 2008-10-20 21:45:55

有兴趣的话，可以看看这个http://forums.comodo.com/leak_te ... tests-t21917.0.html;msg158073#msg158073
首先确定d+在设置成cleanpc mode的时候，未把这个测试程序设为信任；D+开到safe mode；FW开到Custom Policy Mode；Image Execution开到aggressive。其中引用链接里52l的回复也许能给lz一点帮助：
At the Leak Tests clt.exe startup:
'obtain an elevated privilege' -> ALLOW or BLOCK

Rootkit Installation 1:
'test the device driver' -> BLOCK
State will be Protected.

Rootkit Installation 2:
'modify a protected file or directory' -> BLOCK
'modify a protected file or directory' -> BLOCK
State will be Protected.

DLL Injection 1:
'create a new file or directory' -> ALLOW (if Blocked, it stops as Error)
'access svchost.exe in memory' -> BLOCK (if Allowed, it stops as Vulnerable)
'modify a protected registry key' -> ALLOW or BLOCK
State will remain Testing...

DLL Injection 2:
'create a new file or directory' -> ALLOW (if Blocked, it stops as Error)
'access svchost.exe in memory' -> BLOCK (if Allowed, it stops as Vulnerable)
State will be Protected.

(there is an extra 'modify a protected registry key' -> ALLOW or BLOCK)

BITS Hijack:
'access a protected COM interface' -> ALLOW (if Blocked, it crashes and calls dwwin.exe)
'access svchost.exe in memory' -> BLOCK (if Allowed, it stops as Vulnerable)
State will be Protected.

显示全部楼层 · 发表于 2008-10-21 07:22:30

非常感谢,虽然看不太懂,但是会好好学习

[求助] 求教一下怎样设置毛豆才能让CLT的测试达到一个比较理想的分数?

评分