| OS | Windows Vista SP0 build 7600 |
|
| 1. RootkitInstallation: MissingDriverLoad | Protected |
| 2. RootkitInstallation: LoadAndCallImage | Protected |
| 3. RootkitInstallation: DriverSupersede | Protected |
| 4. RootkitInstallation: ChangeDrvPath | Vulnerable |
| 5. Invasion: Runner | Protected |
| 6. Invasion: RawDisk | Vulnerable |
| 7. Invasion: PhysicalMemory | Protected |
| 8. Invasion: FileDrop | Vulnerable |
| 9. Invasion: DebugControl | Protected |
| 10. Injection: SetWinEventHook | Vulnerable |
| 11. Injection: SetWindowsHookEx | Vulnerable |
| 12. Injection: SetThreadContext | Vulnerable |
| 13. Injection: Services | Vulnerable |
| 14. Injection: ProcessInject | Protected |
| 15. Injection: KnownDlls | Vulnerable |
| 16. Injection: DupHandles | Protected |
| 17. Injection: CreateRemoteThread | Protected |
| 18. Injection: APC dll injection | Vulnerable |
| 19. Injection: AdvancedProcessTermination | Vulnerable |
| 20. InfoSend: ICMP Test | Protected |
| 21. InfoSend: DNS Test | Protected |
| 22. Impersonation: OLE automation | Protected |
| 23. Impersonation: ExplorerAsParent | Protected |
| 24. Impersonation: DDE | Protected |
| 25. Impersonation: Coat | Protected |
| 26. Impersonation: BITS | Vulnerable |
| 27. Hijacking: WinlogonNotify | Protected |
| 28. Hijacking: Userinit | Vulnerable |
| 29. Hijacking: UIHost | Protected |
| 30. Hijacking: SupersedeServiceDll | Vulnerable |
| 31. Hijacking: StartupPrograms | Vulnerable |
| 32. Hijacking: ChangeDebuggerPath | Vulnerable |
| 33. Hijacking: AppinitDlls | Vulnerable |
| 34. Hijacking: ActiveDesktop | Protected |
发表于 2009-10-22 09:22:11
) ,LZ说的应该是预设规则过CLT吧,达到这种安全程度,还是要参考别人的规则,他们的规则都在200以上,还有一两项的Ask..................
楼主
发表于 2009-10-22 21:31:49