为何 MCAFEE 8.5I 无故修改访问保护中的规则选项？

显示全部楼层 · 发表于 2007-6-2 01:33:19

系统 WINDOWS 2003 SP2，安装有MCAFEE8.5I 和MCAFEE Host Intrusion Prevention 6.1.0版（安装过EPO，见资源占用大卸载掉了），把咖啡的访问保护选项全开后，没过半小时就会自动取消，如下图：

当时是阻止和报告都有钩选的。请DX指教

[ 本帖最后由 gxdzw 于 2007-6-2 01:39 编辑 ]

显示全部楼层 · 发表于 2007-6-2 01:38:58

附HijackThis_815汉化版扫描日志

HijackThis_815汉化版扫描日志 V1.99.1
保存于    1:36:02, 日期 2007-6-2
操作系统：  Windows 2003 SP2 (WinNT 5.02.3790)
浏览器： Internet Explorer v6.00 SP2 (6.00.3790.3959)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\SafeSignCertReg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
D:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
D:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
F:\TOOLS\系统\HijackThis\Hijackthis1991zww\HijackThis1991zww.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - 启动项HKLM\\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - 启动项HKLM\\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - 启动项HKLM\\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe"
O4 - 启动项HKLM\\Run: [CertificateRegistration] SafeSignCertReg.exe
O4 - 启动项HKLM\\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O8 - IE右键菜单中的新增项目: &使用快车(FlashGet)下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: &使用快车(FlashGet)下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\D区备份\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O15 - “受信任的站点”中添加项: http://www.icbc.com.cn
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wind ... e.cab?1179656046438
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F7AA015-B05F-4EBD-A462-F44C65997A43}: NameServer = 202.103.225.68,202.103.224.68,202.103.226.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{D894D78E-D5C2-4B21-8C15-5802222B7948}: NameServer = 202.103.225.68 202.103.224.68
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - NT 服务: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - NT 服务: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - NT 服务: McAfee Host Intrusion Prevention 服務 (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - NT 服务: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - NT 服务: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - NT 服务: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - NT 服务: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - NT 服务: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - NT 服务: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

显示全部楼层 · 发表于 2007-6-2 03:31:07

占个沙发~

显示全部楼层 · 发表于 2007-6-2 06:59:18

O23 - NT 服务: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
这个怎么是文件丢失？建议楼主重装一下咖啡企业版，或者修复安装

显示全部楼层 · 发表于 2007-6-2 07:00:47

种种问题我倒是没有碰到过，我估计可能是因为你装了EPO卸载后出了问题了

显示全部楼层 · 发表于 2007-6-2 10:21:54

修复！！可以能以前那个没有卸载干净~~~，不行就重装一下！！其实光用MCAFEE8.5I 已经相当强悍了，把规则设好~~~~~

显示全部楼层 · 发表于 2007-6-2 11:35:04

其实平常一个MVSE就够了，MHIP或可不用

显示全部楼层 · 发表于 2007-6-2 20:13:45

原帖由 shion 于 2007-6-2 06:59 发表
O23 - NT 服务: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
这个怎么是文件丢失？建议楼 ...

谢谢shion兄的提醒，自己没注意看这个，我试修复看看。

为何 MCAFEE 8.5I 无故修改访问保护中的规则选项？

本帖子中包含更多资源

浏览过的版块