这条日志正常吗

显示全部楼层 · 发表于 2010-10-13 17:16:11

开机启动的时候有时会出现，出现的几率有一半吧

“已由访问保护规则禁止 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Tasks\SA.DAT 用户定义的规则:70、禁止写入任务计划已阻止的操作: 写入”

显示全部楼层 · 发表于 2010-10-13 18:53:49

为什么不是次次出现呢？

显示全部楼层 · 发表于 2010-10-14 15:27:50

这条规则删掉也罢

显示全部楼层 · 发表于 2010-11-8 09:45:12

有些病毒经常会写进任务计划，对于SA.DAT 这个东西很陌生，好像升级过后就出现了，现在把它排除了

显示全部楼层 · 发表于 2010-11-8 14:55:35

SA.DAT is a file that stores scheduler task information. Its date changes at PC startup, and any time new tasks are scheduled. If you have scheduled tasks, they will have file entries in this directory with an invisible .JOB extension on the name of the task. Every time one of these .JOB files is run, the file is updated to the current time and date, which can cause MJRW to alert, unless you add the scheduled job filenames to the Exempt Keys and Filespecs list (under the options menu). For example, I have these 2 entries in mine to prevent alerts from running these tasks :-

%windir%tasks\pick the kids up.job
%windir%tasks\incremental bcb source code backup.job

以上内容自己翻译吧。大概是说写进开机等计划的。

[求助] 这条日志正常吗