史萊姆論壇 - 查看單個文章

psac · 2006-06-04, 08:12 AM

轉自McAfee官方論壇：
詳細連接
http://knowledgemap.nai.com/KanisaSu...logID=10164959

這個是咖啡官方的KB庫，英文強的可以去看看
Registry Scanning with the McAfee Scanning Engine 5.0.00

QUOTE:
QUOTE
The registry is a simple, tree-based, hierarchical database of information used by the Windows operating systems and many applications to define the configuration of the system. Not all registry data types are applicable to all Windows operating systems. Windows 9x and Me have no separation or accounts for individual users. Windows 2000 and newer operating systems separate settings based on user accounts.

Most recently, Microsoft has released 64-bit versions of its operating systems. A 32-bit emulation layer (WOW64) is used on 64-bit versions of Windows to allow current 32-bit applications to operate and use the registry on 64-bit systems.

Registry Scanning with the 5.0.00 Engine:

Some potentially unwanted programs install extra registry keys or tamper with existing values. Registry scanning allows both detection and repair for registry only threats (such as changes to IE security settings, or change to the URL:filetype handlers).

The 5.0.00 Engine is capable of scanning both the 32-bit and 64-bit portions of the registry.

IMPORTANT: Registry scanning and cleaning is provided in the 5.0.00 engine ONLY in V2 mode to give generic functionality to all future AntiVirus products comparable to that provided by the current McAfee AntiSpyware products.

Notes:

V1, or 'legacy' mode.
This makes the 5.0.00 Engine drop-in compatible with existing products and offers the same functionality as the 4.4.00 Anti-Virus Scanning Engine. In this mode the legacy dats (SCAN.DAT, CLEAN.DAT, NAMES.DAT) will be used.

V2 Mode
This enables new Engine functionality, which will only become available as new compatible point products are released.

A new dat set (AVV DATs) is required by the new engine in V2 mode. These DATs are smaller that the old V1 DATs and therefore reduce bandwidth usage when downloading DAT packages. In addition, AVV DATs are protected via new and improved security techniques.

The AVV DAT files are named: AVVSCAN.DAT, AVVNAMES.DAT, AVVCLEAN.DAT

大致意思是
5000引擎支持V2方式

V1方式使用傳統的SCAN.DAT, CLEAN.DAT, NAMES.DAT，工作起來和4400引擎沒有大區別。

V2方式需要新的AVV資料庫，命名為 AVVSCAN.DAT, AVVNAMES.DAT, AVVCLEAN.DAT。

看來咖啡5000引擎很值得期待喲！

根據咖啡論壇http://forums.mcafeehelp.com/viewtop...VSE85支持的

2006-06-04, 08:12 AM	#7 (permalink)
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	轉自McAfee官方論壇：詳細連接 http://knowledgemap.nai.com/KanisaSu...logID=10164959 這個是咖啡官方的KB庫，英文強的可以去看看 Registry Scanning with the McAfee Scanning Engine 5.0.00 QUOTE: QUOTE The registry is a simple, tree-based, hierarchical database of information used by the Windows operating systems and many applications to define the configuration of the system. Not all registry data types are applicable to all Windows operating systems. Windows 9x and Me have no separation or accounts for individual users. Windows 2000 and newer operating systems separate settings based on user accounts. Most recently, Microsoft has released 64-bit versions of its operating systems. A 32-bit emulation layer (WOW64) is used on 64-bit versions of Windows to allow current 32-bit applications to operate and use the registry on 64-bit systems. Registry Scanning with the 5.0.00 Engine: Some potentially unwanted programs install extra registry keys or tamper with existing values. Registry scanning allows both detection and repair for registry only threats (such as changes to IE security settings, or change to the URL:filetype handlers). The 5.0.00 Engine is capable of scanning both the 32-bit and 64-bit portions of the registry. IMPORTANT: Registry scanning and cleaning is provided in the 5.0.00 engine ONLY in V2 mode to give generic functionality to all future AntiVirus products comparable to that provided by the current McAfee AntiSpyware products. Notes: V1, or 'legacy' mode. This makes the 5.0.00 Engine drop-in compatible with existing products and offers the same functionality as the 4.4.00 Anti-Virus Scanning Engine. In this mode the legacy dats (SCAN.DAT, CLEAN.DAT, NAMES.DAT) will be used. V2 Mode This enables new Engine functionality, which will only become available as new compatible point products are released. A new dat set (AVV DATs) is required by the new engine in V2 mode. These DATs are smaller that the old V1 DATs and therefore reduce bandwidth usage when downloading DAT packages. In addition, AVV DATs are protected via new and improved security techniques. The AVV DAT files are named: AVVSCAN.DAT, AVVNAMES.DAT, AVVCLEAN.DAT 大致意思是 5000引擎支持V2方式 V1方式使用傳統的SCAN.DAT, CLEAN.DAT, NAMES.DAT，工作起來和4400引擎沒有大區別。 V2方式需要新的AVV資料庫，命名為 AVVSCAN.DAT, AVVNAMES.DAT, AVVCLEAN.DAT。看來咖啡5000引擎很值得期待喲！根據咖啡論壇http://forums.mcafeehelp.com/viewtop...VSE85支持的
	__________________
	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次