很怀疑McAfee企业版的能力

回复 8楼 gzhoubin 的帖子

你们网管问题,一般企业版杀软哪有允许卸载的?这样的网管用什么软件都没用

墨池

Windows 2008 r2 ，咖啡8.8企业版，自己设置的规则。下载了，解压、扫描均未报。打开文件夹，被规则（8.8，自己设置的规则）阻止：
2011/3/21 8:04:25 已由访问保护规则禁止  WIN-EP8M6B2PHS4\Administrator G:\10 临时文件\IE下载\Important.FILES\Important.FILES.EXE C:\Windows\System32\wow64.dll 防病毒爆发控制:阻止对所有共享资源的读写访问 已阻止的操作: 读取
2011/3/21 8:04:37 已由访问保护规则禁止  WIN-EP8M6B2PHS4\Administrator G:\10 临时文件\IE下载\重要文件\重要文件..EXE C:\Windows\System32\wow64.dll 防病毒爆发控制:阻止对所有共享资源的读写访问 已阻止的操作: 读取
进程中有smss（小写）：位置在C:\Windows\System32下，文件信息：

不是病毒进程。
        结论：1、咖啡没有入库，请达人赶紧上报。2、防止未知病毒，要充分利用规则。3、好的规则+干净的信任区，是使用咖啡的王道。4、咖啡格言：谁干坏事我杀谁，不完全是谁长得像坏蛋我杀谁。
      另：金山网盾下载完就报毒。我一直用金山网盾和咖啡企业版搭配，还是很有道理的。

xuexibu008

回复 1楼 gzhoubin 的帖子

根本不用怀疑。老牌软件

墨池

回复 9楼 sandyyangjie 的帖子

感谢斑竹评分！

趋势也是2月28号截获的,不过月神的出现对mcafee的上报是个问题,不支持vista,win7和server2008


Step 1:  Delete this registry key  [learn how]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry. Before you could do this, you must restart in Safe Mode. For instructions on how to do this, you may refer to this page If the preceding step requires you to restart in safe mode, you may proceed to edit the system registry.


In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services
NTService
Step 1:  Delete this registry key  [back]

To delete the registry key this malware/grayware/spyware created:

Restart your computer in Safe Mode. For instructions on how to do this, you may refer to this page. If the preceding step requires you to restart in safe mode, you may proceed to #2.
Open Registry Editor. To do this, click Start>Run, type REGEDIT in the text box provided, then press Enter
In the left panel of the Registry Editor window, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>
Services
Still in the left panel, locate and delete the key:

NTService
Close Registry Editor.
Step 2:  Search and delete these files  [learn how]

*Note: There may be some component files that are hidden. Please make sure you uncheck Hide protected operating system files in Folders Option>View tab, and then check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.


%Windows%\system\smss.exe
Step 2:  Search and delete these files  [back]

To delete malware/grayware/spyware component files:

Search for the following files:

%Windows%\system\smss.exe

Note: To do a search for the following files, right-click Start then click Search... or Find..., depending on the version of Windows you are running. For each file to be deleted, type its file name in the Named input box. In the Look In drop-down list, select My Computer, then press Enter.
Once located, select the file then press SHIFT+DELETE to permanently delete the file.
Repeat the said steps for all files listed.
Step 3: Scan your computer with your Trend Micro product to delete files detected as BKDR_GANIPIN.B  

墨池

回复 15楼 sololp 的帖子

的确是个大问题！

大猫熊

回复 14楼 墨池 的帖子

不用谢，这是我应该做的~~

一视同仁

扫描能力确实欠缺。还喜欢杀注册机，用了3个月实在受不了了。

hanghuo

有了毛豆，让他死不死的

hilan

你们网管没有很好地制定规则~内部的计算机管理也是个问题，普通员工能随意更换杀软？你们的咖啡、铁壳是批量购买的吗？