NISSrv.exe防基于网络的0day攻击(Only for Win7?)

Continue

http://social.answers.microsoft. ... 2-a6dd-cc39e76b012c

Closes the ‘vulnerability window’ between vulnerability disclosures and patch deployment from weeks to just a few hours.
For Microsoft products that are retired (not supported by Microsoft), new security patches are not developed. As an example, Windows Server 2003 SP1 was retired in April 2009 and when Conflicker emerged, it attacked all unpatched machines – wreaking havoc.
NIS signatures for Microsoft products are updated free of charge for all TMG customers.
NIS is based on GAPA (General Application-level Protocol Analyzer) by Microsoft Research, and can also be extended to third party products, although at the moment it is protecting only Microsoft products.

现在只对微软自家的产品生效,不过以后也可能基于应用层协议扩展保护到第三方程序.
Forefront已经在更早的时间采用了Network Inspection System
看来微软也知道光靠特征,启发,云,UAC的还是不够的,Win7下这些东西加起来也不比那些安全套装的安全性差了吧.

jason_jiang

能扩展到第三方程序的话就跟norton的IPS一样了

飞机

表示看不懂

Continue

NISSrv.exe应该就是 启用网络检查系统 XP下好像没有

帅就是帅

后面已有解释，不过XP确实无此功能

fangweiqin

mse其实是为7所设计的

zhtq

回复 5楼 帅就是帅 的帖子

请问为什么我的MSE2.0没有 NISSrv.exe这个进程啊，我只有一个msseces .exe进程。WIN7旗舰版，32位的。

zhtq

哦，在服务里找到了它。

ostar843

回复 7楼 zhtq 的帖子

任务管理器里乃点显示所有用户进程就有了

Continue

帅就是帅 发表于 2010-12-18 15:32
xp确实没有
而且不是防范0-day攻击，那个行为监控就在做，这个是通过监控网络流量来防御通过已知漏洞的攻击 ...

Enable Network Inspection System
This option helps protect your computer against “zero day” exploits of known vulnerabilities, decreasing the window of time between the moment a vulnerability is discovered and an update is applied.

这个是英文的MSE离线帮助文档,NIS主要针对网络方面的0day,加上本地的防御,也算是全面的0day防御方案吧^_^