主題: 增加Mcafee8.5 有害流泯程序功能設置修正檔
查看單個文章
舊 2006-06-04, 08:49 AM   #16 (permalink)
psac
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設
只要逐個雙擊把註冊訊息匯入就可以了!非常簡單,已經將大多數流氓軟件定義為病毒和阻止了它們進入系統中!
並且把系統文件全都保護起來了,基本上能夠全面的防護了系統,以為規則我設置的比較嚴厲所以打上這些規則後如果想要在系統盤中安裝程式時必須要把咖啡的監控關閉掉,不然會安裝不了的,WINDOWS更新時也須把監控關閉掉!


我的自定義有害程式策略.reg


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\NVP]
"DetectAdware"=dword:00000001
"DetectDialers"=dword:00000001
"DetectPotentiallyUnwantedApps"=dword:00000001
"DetectionExclusions"=hex(7):52,00,65,00,67,00,2d,00,46,00,6c,00,61,00,73,00,\
68,00,47,00,65,00,74,00,00,00,41,00,64,00,77,00,61,00,72,00,65,00,2d,00,46,\
00,6c,00,61,00,73,00,68,00,67,00,65,00,74,00,00,00,4a,00,63,00,63,00,61,00,\
74,00,63,00,68,00,2e,00,64,00,6c,00,6c,00,00,00,53,00,65,00,72,00,76,00,55,\
00,44,00,61,00,65,00,6d,00,6f,00,6e,00,2e,00,65,00,78,00,65,00,00,00,00,00
"DetectRemoteAdminTools"=dword:00000001
"DetectPasswordCrackers"=dword:00000001
"DetectSpyware"=dword:00000001
"DetectJokes"=dword:00000001
"UserDefinedDetection_0"="baidubar.dll:baidu"
"UserDefinedDetection_1"="ss_setup.exe:劃詞搜索"
"UserDefinedDetection_2"="infomgr.exe:珊瑚蟲"
"UserDefinedDetection_3"="infonet.exe: 珊瑚蟲"
"UserDefinedDetection_4"="winup.exe:很棒小秘書"
"UserDefinedDetection_5"="hap.dll:很棒小秘書"
"UserDefinedDetection_6"="winhtp.dll:很棒小秘書"
"UserDefinedDetection_7"="hda.ini:很棒小秘書"
"UserDefinedDetection_8"="qylhelper.dll:青蛙娛樂"
"UserDefinedDetection_9"="ali.exe:阿里巴巴商機直通車"
"UserDefinedDetection_10"="assist4.exe:3721上網助手"
"UserDefinedDetection_11"="yassist4.exe:雅虎助手"
"UserDefinedDetection_12"="cns.exe:雅虎助手元件"
"UserDefinedDetection_13"="cns.dll:雅虎助手元件"
"UserDefinedDetection_14"="yascnsup.ini:雅虎助手元件"
"UserDefinedDetection_15"="yascnsup.cab:雅虎助手元件"
"UserDefinedDetection_16"="cnsinst.dll:雅虎助手元件"
"UserDefinedDetection_17"="searchnet.exe:中搜元件"
"UserDefinedDetection_18"="servehost.exe:中搜元件"
"UserDefinedDetection_19"="FAD.sys:中搜元件"
"UserDefinedDetection_20"="Anfad.sys:中搜元件"
"UserDefinedDetection_21"="hProcess.sys:中搜元件"

=============================

我的按需掃瞄設置.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\Tasks\{818C7543-358A-4C84-899A-14334EMS4BGS}]
"nRepeatInterval"=dword:00000000
"Daily_nRepeatDays"=dword:00000000
"nPriority"=dword:00000050
"bAlwaysExit"=dword:00000000
"ScanArchives"=dword:00000001
"bDispMessage"=dword:00000000
"bSkipCDROM"=dword:00000000
"wFlags"=dword:0000047f
"wTaskType"=dword:00000004
"szLastScanFile0"=""
"dwMacroHeuristicsLevel"=dword:00000001
"Monthly_nDayOfWeek"=dword:00000000
"Monthly_maskMonthsOfYear"=dword:00000000
"nStopMonth"=dword:00000000
"wTaskAttrib"=dword:00000000
"bEnabled"=dword:00000000
"uKilobytes"=dword:00000400
"bLimitSize"=dword:00000001
"uMissedTaskDelay"=dword:00000005
"wLastExec"=dword:00000000
"nStartDay"=dword:00000000
"szProgExts"=""
"Weekly_nRepeatWeeks"=dword:00000000
"szMoveToFolder"="C:\\QUARANTINE\\"
"eRepeatOption"=dword:00000000
"nStartMonth"=dword:00000000
"bLogToFile"=dword:00000001
"bRepeatable"=dword:00000000
"bDoHSM"=dword:00000001
"bRunIfMissed"=dword:00000000
"eScheduleType"=dword:00000000
"nStopYear"=dword:00000000
"ApplyNVP"=dword:00000001
"NumExcludeItems"=dword:00000000
"dwScanPeriod"=dword:00000000
"bSkipBootScan"=dword:00000000
"bRandomizationEnabled"=dword:00000000
"bLogScanEncryptFail"=dword:00000001
"szSuggestMessage"=""
"nStartYear"=dword:00000000
"nUntilDuration"=dword:00000000
"bLogUserName"=dword:00000001
"szMessage"="您的自定義消息!"
"bGMTTime"=dword:00000000
"szScanItem0"="SpecialMemory"
"bSecDisplayMessage"=dword:00000000
"bStopScanPeriod"=dword:00000000
"bOnceADayEnabled"=dword:00000000
"Monthly_nDayNumOfMonth"=dword:00000000
"Monthly_nWeekNumOfMonth"=dword:00000000
"wTime"=dword:00001119
"bScanAllFiles"=dword:00000001
"bLogSettings"=dword:00000000
"UIType"=dword:00000001
"dwProgramHeuristicsLevel"=dword:00000001
"szScanItem1"="SpecialRegistrySpyware"
"uSecAction_Program"=dword:00000001
"uAction"=dword:00000003
"bSchConfigChanged"=dword:00000000
"bScanAllOle"=dword:00000000
"bSkipMemScan"=dword:00000001
"bAutoScan"=dword:00000001
"bApplyNow"=dword:00000001
"nUntilHour"=dword:00000000
"nStopDay"=dword:00000000
"nStartHour"=dword:00000000
"dwEndTime"=dword:00000000
"nRandomizationWndMins"=dword:00000000
"wDate"=dword:00000907
"bScanCompressed"=dword:00000001
"Idle_nIdleMinutes"=dword:00000000
"bAutoExit"=dword:00000000
"eUntilOption"=dword:00000000
"bNotifyAlertMgr"=dword:00000001
"Weekly_maskDaysOfWeek"=dword:00000000
"Monthly_eMonthlyOption"=dword:00000000
"szSecCustomMessage"=""
"dwPromptActionOptions"=dword:0000001f
"nStartMinute"=dword:00000000
"bScanSubDirs"=dword:00000001
"bScanDefaultFiles"=dword:00000000
"uScanNumItems"=dword:00000003
"bStopDateValid"=dword:00000000
"bSchedEnabled"=dword:00000000
"uAction_Program"=dword:00000003
"bLogSummary"=dword:00000001
"ScanMime"=dword:00000001
"szLogFileName"="%VSEDEFLOGDIR%\\OnDemandScanLog.txt"
"nUntilMinute"=dword:00000000
"uStartupDelay"=dword:00000005
"dwLastModified"=dword:0000001c
"LogFileFormat"=dword:00000001
"uSecAction"=dword:00000001
"szTaskName"="掃瞄所有固定磁碟"
"szScanItem2"="FixedDrives"
"szScanItem3"="SpecialCookiesSpyware"
"DetectAdware"=dword:00000000
"DetectDialers"=dword:00000000
"DetectJokes"=dword:00000000
"DetectPasswordCrackers"=dword:00000000
"DetectPotentiallyUnwantedApps"=dword:00000000
"DetectRemoteAdminTools"=dword:00000000
"LogFormat"=dword:00000001
"bDontScanCompress"=dword:00000000

===========================


我的按訪問掃瞄設置.reg


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration]
"bDisableScanning"=dword:00000000
"Alert_MaxAlertsKb"=dword:000003e8
"bFileCacheEnabled"=dword:00000001
"bStartDisabled"=dword:00000000
"wFlags"=dword:00001000
"uKilobytes"=dword:00000064
"ScannerThreadTimeout"=dword:00002710
"szLogFileName"="%VSEDEFLOGDIR%\\OnAccessScanLog.txt"
"bScanFloppyOnShutdown"=dword:00000000
"DotVirOnQuarantine"=dword:00000001
"bReloadDATs"=dword:00000000
"Alert_UsersCanDelete"=dword:00000001
"dwExitStatus"=dword:00000000
"Alert_AutoShowList"=dword:00000001
"Alert_UsersCanRemove"=dword:00000001
"WorkAroundAllocateFloppies"=dword:00000001
"bDenyFloppyMountIfInfected"=dword:00000000
"bDontScanMBRSectors"=dword:00000000
"bLogToFile"=dword:00000001
"szTaskName"="按訪問掃瞄"
"SmoothWritesExtensions"="ini 日誌"
"bDisconnectUser"=dword:00000000
"uCloseDelta"=dword:000001f4
"dwLastModified"=dword:00000341
"ScanArchiveTimeout"=dword:00000005
"bLogClean"=dword:00000001
"dwMaxLogSizeMB"=dword:00000001
"bLoadAtStartup"=dword:00000001
"bLimitSize"=dword:00000001
"bDontScanBootSectors"=dword:00000000
"DotVirToDenyWrite"=dword:00000001
"Alert_UsersCanClean"=dword:00000001
"bApplyNow"=dword:00000001
"bVScan"=dword:00000001
"OnlyUseDefaultConfig"=dword:00000001
"DotVirToDenyFailedClean"=dword:00000001
"ScannerThreadTimeoutEx"=dword:00002710
"szMoveToFolder"="\\quarantine\\"
"wTaskType"=dword:00000001
"bLogSettings"=dword:00000000
"RepairBootSectors"=dword:00000000
"bLogUserName"=dword:00000001
"Alert_UsersCanQuarantine"=dword:00000001
"Alert_LocalMessage"="McAfee VirusScan 警報!"
"szDisconnectMessage"="病毒警報!!!"
"wTime"=dword:00000200
"ReportEncryptedFiles"=dword:00000001
"LogFileFormat"=dword:00000001
"WorkAroundAllocateCDRoms"=dword:00000001
"wDate"=dword:00000000
"bLogSummary"=dword:00000001
"Alert_MaxAlertsCount"=dword:000003e8
"bLogDateTime"=dword:00000001
"EOLPId"=dword:00002ef3

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Default]
"ProcessList"=hex(7):00,00,00,00
"dwProgramHeuristicsLevel"=dword:00000001
"bScanCompressed"=dword:00000001
"uAction_Program"=dword:00000003
"NumExcludeItems"=dword:00000001
"uAction"=dword:00000003
"LocalExtensionMode"=dword:00000001
"bScanIncoming"=dword:00000001
"bNetworkScanEnabled"=dword:00000001
"bScanOutgoing"=dword:00000001
"uSecAction"=dword:00000001
"uSecAction_Program"=dword:00000001
"szIncludeExts"=""
"ReportEncryptedFiles"=dword:00000000
"ScanArchives"=dword:00000001
"szProgExts"=""
"ExcludedItem_0"="5|2|"
"ScanMime"=dword:00000001
"dwMacroHeuristicsLevel"=dword:00000001
"ApplyNVP"=dword:00000001
"NetworkExtensionMode"=dword:00000001
"DetectPrograms"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\High]
"dwMacroHeuristicsLevel"=dword:00000001
"bScanOutgoing"=dword:00000001
"uAction"=dword:00000005
"LocalExtensionMode"=dword:00000001
"ApplyNVP"=dword:00000001
"Exclusions"=""
"dwProgramHeuristicsLevel"=dword:00000001
"uSecAction_Program"=dword:00000003
"ProcessList"=hex(7):34,00,6e,00,74,00,2e,00,65,00,78,00,65,00,00,00,61,00,67,\
00,65,00,6e,00,74,00,2e,00,65,00,78,00,65,00,00,00,61,00,69,00,6d,00,2e,00,\
65,00,78,00,65,00,00,00,62,00,65,00,61,00,72,00,73,00,68,00,61,00,72,00,65,\
00,2e,00,65,00,78,00,65,00,00,00,43,00,6d,00,64,00,2e,00,45,00,78,00,65,00,\
00,00,63,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,00,65,00,78,00,65,00,00,\
00,65,00,75,00,64,00,6f,00,72,00,61,00,2e,00,65,00,78,00,65,00,00,00,45,00,\
78,00,63,00,65,00,6c,00,2e,00,65,00,78,00,65,00,00,00,45,00,78,00,70,00,6c,\
00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,46,00,69,00,6c,00,\
65,00,4e,00,61,00,76,00,69,00,67,00,61,00,74,00,6f,00,72,00,2e,00,65,00,78,\
00,65,00,00,00,66,00,74,00,70,00,2e,00,65,00,78,00,65,00,00,00,67,00,64,00,\
6f,00,6e,00,6b,00,65,00,79,00,2e,00,65,00,78,00,65,00,00,00,67,00,6e,00,75,\
00,63,00,6c,00,65,00,75,00,73,00,2e,00,65,00,78,00,65,00,00,00,49,00,43,00,\
51,00,2e,00,65,00,78,00,65,00,00,00,49,00,65,00,78,00,70,00,6c,00,6f,00,72,\
00,65,00,2e,00,65,00,78,00,65,00,00,00,69,00,6e,00,65,00,74,00,69,00,6e,00,\
66,00,6f,00,2e,00,65,00,78,00,65,00,00,00,6d,00,69,00,72,00,63,00,2e,00,65,\
00,78,00,65,00,00,00,6d,00,6f,00,62,00,73,00,79,00,6e,00,63,00,2e,00,65,00,\
78,00,65,00,00,00,6d,00,6f,00,73,00,61,00,69,00,63,00,2e,00,65,00,78,00,65,\
00,00,00,6d,00,6f,00,7a,00,69,00,6c,00,6c,00,61,00,2e,00,65,00,78,00,65,00,\
00,00,4d,00,73,00,41,00,63,00,63,00,65,00,73,00,73,00,2e,00,65,00,78,00,65,\
00,00,00,4d,00,73,00,49,00,6d,00,6e,00,2e,00,65,00,78,00,65,00,00,00,6d,00,\
73,00,6d,00,73,00,67,00,73,00,2e,00,65,00,78,00,65,00,00,00,6d,00,73,00,6e,\
00,36,00,2e,00,65,00,78,00,65,00,00,00,6e,00,65,00,6f,00,32,00,30,00,2e,00,\
65,00,78,00,65,00,00,00,6e,00,65,00,74,00,73,00,63,00,61,00,70,00,65,00,2e,\
00,45,00,78,00,65,00,00,00,6e,00,65,00,74,00,73,00,63,00,70,00,36,00,2e,00,\
65,00,78,00,65,00,00,00,6f,00,70,00,65,00,72,00,61,00,2e,00,65,00,78,00,65,\
00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,2e,00,65,00,78,00,65,00,\
00,00,50,00,6f,00,77,00,65,00,72,00,50,00,6e,00,74,00,2e,00,65,00,78,00,65,\
00,00,00,74,00,66,00,74,00,70,00,2e,00,65,00,78,00,65,00,00,00,56,00,69,00,\
73,00,69,00,6f,00,33,00,32,00,2e,00,65,00,78,00,65,00,00,00,77,00,61,00,6f,\
00,6c,00,2e,00,65,00,78,00,65,00,00,00,57,00,69,00,6e,00,50,00,4d,00,2d,00,\
33,00,32,00,2e,00,65,00,78,00,65,00,00,00,57,00,69,00,6e,00,57,00,6f,00,72,\
00,64,00,2e,00,45,00,78,00,65,00,00,00,77,00,73,00,5f,00,66,00,74,00,70,00,\
2e,00,65,00,78,00,65,00,00,00,77,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,\
00,65,00,78,00,65,00,00,00,77,00,75,00,61,00,75,00,63,00,6c,00,74,00,2e,00,\
65,00,78,00,65,00,00,00,78,00,6f,00,6c,00,6f,00,78,00,2e,00,65,00,78,00,65,\
00,00,00,79,00,70,00,61,00,67,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00,\
79,00,75,00,70,00,64,00,61,00,74,00,65,00,2e,00,65,00,78,00,65,00,00,00,00,\
00
"ScanArchives"=dword:00000000
"NetworkExtensionMode"=dword:00000001
"bNetworkScanEnabled"=dword:00000000
"bScanCompressed"=dword:00000001
"uSecAction"=dword:00000003
"uAction_Program"=dword:00000005
"ScanMime"=dword:00000001
"NumExcludeItems"=dword:00000000
"ReportEncryptedFiles"=dword:00000001
"szProgExts"=""
"szIncludeExts"=""
"bScanIncoming"=dword:00000001
"DetectPrograms"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\Configuration\Low]
"ScanMime"=dword:00000001
"uSecAction"=dword:00000003
"uSecAction_Program"=dword:00000003
"LocalExtensionMode"=dword:00000001
"bNetworkScanEnabled"=dword:00000000
"ExcludedItem_0"="5|2|"
"ApplyNVP"=dword:00000001
"dwMacroHeuristicsLevel"=dword:00000001
"bScanIncoming"=dword:00000001
"NetworkExtensionMode"=dword:00000001
"dwProgramHeuristicsLevel"=dword:00000001
"bScanCompressed"=dword:00000001
"szProgExts"=""
"ScanArchives"=dword:00000000
"ReportEncryptedFiles"=dword:00000000
"ProcessList"=hex(7):41,00,65,00,78,00,61,00,75,00,64,00,69,00,74,00,70,00,6c,\
00,73,00,2e,00,65,00,78,00,65,00,00,00,41,00,65,00,78,00,6e,00,73,00,63,00,\
6c,00,69,00,65,00,6e,00,74,00,2e,00,65,00,78,00,65,00,00,00,41,00,65,00,78,\
00,6e,00,73,00,63,00,6c,00,69,00,65,00,6e,00,74,00,74,00,72,00,61,00,6e,00,\
73,00,70,00,6f,00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,41,00,65,00,78,\
00,6e,00,73,00,77,00,64,00,75,00,73,00,72,00,2e,00,65,00,78,00,65,00,00,00,\
00,00
"uAction"=dword:00000005
"NumExcludeItems"=dword:00000001
"bScanOutgoing"=dword:00000000
"uAction_Program"=dword:00000005
"szIncludeExts"=""
"DetectPrograms"=dword:00000000

===========================

我的訪問保護設置.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\BehaviourBlocking]
"szLogFileName_Ent"="%VSEDEFLOGDIR%\\BufferOverflowProtectionLog.txt"
"FileBlockEnabled_8"=dword:00000001
"FileBlockEnabled_14"=dword:00000001
"FileBlockEnabled_7"=dword:00000000
"FileBlockEnabled_4"=dword:00000001
"FileBlockEnabled_29"=dword:00000001
"FileBlockEnabled_21"=dword:00000001
"LogFileFormat"=dword:00000002
"EnterceptMode"=dword:00000001
"FileBlockEnabled_30"=dword:00000001
"VSIDSendMessage"=dword:00000000
"VSIDBlockTimeout"=dword:0000000a
"VSIDBlock"=dword:00000001
"dwMaxLogSizeMB_Ent"=dword:00000001
"FileBlockEnabled_16"=dword:00000001
"FileBlockEnabled_18"=dword:00000001
"FileBlockEnabled_15"=dword:00000001
"FileBlockEnabled_20"=dword:00000001
"FileBlockEnabled_6"=dword:00000000
"bLogToFile"=dword:00000001
"FileBlockEnabled_25"=dword:00000001
"bLimitSize"=dword:00000001
"FileBlockEnabled_11"=dword:00000001
"FileBlockEnabled_17"=dword:00000001
"FileBlockEnabled_22"=dword:00000001
"FileBlockEnabled_26"=dword:00000001
"FileBlockEnabled_0"=dword:00000001
"FileBlockEnabled_27"=dword:00000000
"FileBlockEnabled_13"=dword:00000001
"FileBlockEnabled_5"=dword:00000001
"PortBlockProcessExclusionList"=hex(7):46,00,72,00,61,00,6d,00,65,00,77,00,6f,\
00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,2e,00,65,00,78,00,\
65,00,00,00,41,00,67,00,65,00,6e,00,74,00,6e,00,74,00,2e,00,65,00,78,00,65,\
00,00,00,00,00
"FileBlockEnabled_3"=dword:00000001
"FileBlockEnabled_28"=dword:00000001
"szLogFileName"="%VSEDEFLOGDIR%\\AccessProtectionLog.txt"
"FileBlockEnabled_12"=dword:00000001
"PortBlockReport"=dword:00000001
"bLimitSize_Ent"=dword:00000001
"dwMaxLogSizeMB"=dword:00000001
"LogFileFormat_Ent"=dword:00000001
"FileBlockEnabled_19"=dword:00000001
"FileBlockEnabled_23"=dword:00000001
"FileBlockEnabled_24"=dword:00000001
"EnterceptShowMessages"=dword:00000001
"FileBlockEnabled_1"=dword:00000001
"FileBlockEnabled_9"=dword:00000001
"bLogToFile_Ent"=dword:00000001
"FileBlockEnabled_2"=dword:00000001
"VSIDMessage"=""
"ShareBlockMode"=dword:00000000
"FileBlockEnabled_10"=dword:00000001
"ShareBlockReport"=dword:00000001
"EnterceptEnabled"=dword:00000001
"PortBlockReportMinutes"=dword:00000001
"VSIDBlockOnNonVirus"=dword:00000001
"FileBlockEnabled_31"=dword:00000001
"FileBlockEnabled_32"=dword:00000001
"FileBlockEnabled_33"=dword:00000001
"FileBlockEnabled_34"=dword:00000001
"FileBlockEnabled_35"=dword:00000001
"FileBlockEnabled_36"=dword:00000001
"FileBlockEnabled_37"=dword:00000001
"FileBlockEnabled_38"=dword:00000001
"FileBlockEnabled_39"=dword:00000001
"Fifanluntan x b s"=hex:00
"FileBlockEnabled_40"=dword:00000001
"FileBlockEnabled_41"=dword:00000001
"FileBlockEnabled_42"=dword:00000001
"FileBlockEnabled_43"=dword:00000001
"FileBlockEnabled_44"=dword:00000001
"FileBlockEnabled_45"=dword:00000001
"FileBlockEnabled_46"=dword:00000001
"FileBlockEnabled_47"=dword:00000001
"FileBlockEnabled_48"=dword:00000001
"FileBlockEnabled_49"=dword:00000001
"FileBlockEnabled_50"=dword:00000001
"FileBlockEnabled_51"=dword:00000001
"FileBlockEnabled_52"=dword:00000001
"FileBlockEnabled_53"=dword:00000001
"FileBlockEnabled_54"=dword:00000001
"FileBlockEnabled_55"=dword:00000001
"FileBlockEnabled_56"=dword:00000001
"FileBlockEnabled_57"=dword:00000001
"FileBlockEnabled_58"=dword:00000001
"FileBlockEnabled_59"=dword:00000001
"FileBlockEnabled_60"=dword:00000001
"EnterceptExclusionProcess_0"="explorer.exe"
"EnterceptExclusionModule_0"=""
"EnterceptExclusionAPI_0"="VirtualProtect"
"EnterceptExclusionProcess_1"="WINWORD.EXE"
"EnterceptExclusionModule_1"=""
"EnterceptExclusionAPI_1"="GetProcAddress"
"EnterceptExclusionProcess_2"="WINWORD.EXE"
"EnterceptExclusionModule_2"=""
"EnterceptExclusionAPI_2"="VirtualProtect"
"EnterceptExclusionProcess_3"="IEXPLORE.EXE"
"EnterceptExclusionModule_3"=""
"EnterceptExclusionAPI_3"="GetProcAddress"
"EnterceptExclusionProcess_4"="IEXPLORE.EXE"
"EnterceptExclusionModule_4"=""
"EnterceptExclusionAPI_4"="VirtualProtect"
"EnterceptExclusionProcess_5"="EXCEL.EXE"
"EnterceptExclusionModule_5"=""
"EnterceptExclusionAPI_5"="GetProcAddress"
"EnterceptExclusionProcess_6"="EXCEL.EXE"
"EnterceptExclusionModule_6"=""
"EnterceptExclusionAPI_6"="VirtualProtect"
"EnterceptExclusionProcess_7"="POWERPNT.exe"
"EnterceptExclusionModule_7"=""
"EnterceptExclusionAPI_7"="GetProcAddress"
"EnterceptExclusionProcess_8"="POWERPNT.EXE"
"EnterceptExclusionModule_8"=""
"EnterceptExclusionAPI_8"="VirtualProtect"
"EnterceptExclusionProcess_9"="explorer.exe"
"EnterceptExclusionModule_9"=""
"EnterceptExclusionAPI_9"="GetProcAddress"
"EnterceptExclusionProcess_10"="msimn.exe"
"EnterceptExclusionModule_10"=""
"EnterceptExclusionAPI_10"="GetProcAddress"
"EnterceptExclusionProcess_11"="msimn.exe"
"EnterceptExclusionModule_11"=""
"EnterceptExclusionAPI_11"="VirtualProtect"
"EnterceptExclusionProcess_12"="wmplayer.exe"
"EnterceptExclusionModule_12"=""
"EnterceptExclusionAPI_12"="GetProcAddress"
"EnterceptExclusionProcess_13"="wmplayer.exe"
"EnterceptExclusionModule_13"=""
"EnterceptExclusionAPI_13"="VirtualProtect"
"FileBlockEnabled_61"=dword:00000001
"FileBlockEnabled_62"=dword:00000001
"FileBlockEnabled_63"=dword:00000001
"PortBlockEnabled_0"=dword:00000001
"PortBlockName_0"="禁止大量發送郵件的蠕蟲病毒發送郵件"
"PortBlockDirection_0"=dword:00000001
"PortBlockRange_0"="25"
"PortBlockWhiteList_0"="amgrsrvc.exe,tomcat.exe,outlook.exe,msimn.exe,agent.exe,eudora.exe,nlnotes.exe,mozilla.exe,netscp.exe,opera.exe,winpm-32.exe,pine.exe,poco.exe,thebat.exe,thunderbird.exe,ntaskldr.exe,inetinfo.exe,nsmtp.exe,nrouter.exe,tomcat5.exe,tomcat5w.exe,ebs.exe,FireSvc.exe,modulewrapper.exe,MSKSrvr.exe,MSKDetct.exe,mapisp32.exe,Foxmail.exe,DreamMail.exe"
"PortBlockEnabled_1"=dword:00000001
"PortBlockName_1"="禁止 IRC 通訊"
"PortBlockDirection_1"=dword:00000001
"PortBlockRange_1"="6666-6669"
"PortBlockWhiteList_1"=""
"PortBlockEnabled_2"=dword:00000001
"PortBlockName_2"="禁止 IRC 通訊"
"PortBlockDirection_2"=dword:00000000
"PortBlockRange_2"="6666-6669"
"PortBlockWhiteList_2"=""
"PortBlockEnabled_3"=dword:00000000
"PortBlockName_3"="禁止從萬維網上下載"
"PortBlockDirection_3"=dword:00000001
"PortBlockRange_3"="80"
"PortBlockWhiteList_3"="outlook.exe,msimn.exe,iexplore.exe,mozilla.exe,netscp.exe,opera.exe,thunderbird.exe,msn6.exe,neo20.exe,mobsync.exe,waol.exe,nlnotes.exe"
"PortBlockEnabled_4"=dword:00000000
"PortBlockName_4"="禁止 FTP 入站通訊(阻止諸如 Nimda 等病毒傳播)"
"PortBlockDirection_4"=dword:00000000
"PortBlockRange_4"="20-21"
"PortBlockWhiteList_4"=""
"PortBlockEnabled_5"=dword:00000000
"PortBlockName_5"="禁止 FTP 出站通訊(阻止病毒下載文件)"
"PortBlockDirection_5"=dword:00000001
"PortBlockRange_5"="20-21"
"PortBlockWhiteList_5"="ftp.exe,iexplore.exe"
"PortBlockEnabled_6"=dword:00000000
"PortBlockName_6"="135-139"
"PortBlockDirection_6"=dword:00000000
"PortBlockRange_6"="135-139"
"PortBlockWhiteList_6"=""
"PortBlockEnabled_7"=dword:00000000
"PortBlockName_7"="445"
"PortBlockDirection_7"=dword:00000000
"PortBlockRange_7"="445-445"
"PortBlockWhiteList_7"=""
"PortBlockEnabled_8"=dword:00000000
"PortBlockName_8"="90"
"PortBlockDirection_8"=dword:00000001
"PortBlockRange_8"="90-90"
"PortBlockWhiteList_8"=""
"PortBlockEnabled_9"=dword:00000000
"PortBlockName_9"="5000"
"PortBlockDirection_9"=dword:00000000
"PortBlockRange_9"="5000-5000"
"PortBlockWhiteList_9"=""
"FileBlockRuleName_0"="禁止 Internet Explorer 從 Temp 資料夾啟動任何專案"
"FileBlockProcess_0"="iexplore.exe"
"FileBlockWildcard_0"="**\\temp*\\**"
"FileBlockWhat_0"=dword:00080000
"FileBlockReport_0"=dword:00000001
"FileBlockRuleName_1"="禁止 Internet Explorer 從 Downloaded Programs 資料夾啟動文件 (.exe)"
"FileBlockProcess_1"="iexplore.exe"
"FileBlockWildcard_1"="**\\Downloaded Program Files\\**\\*.exe"
"FileBlockWhat_1"=dword:00080000
"FileBlockReport_1"=dword:00000002
"FileBlockRuleName_2"="禁止 Outlook 從 Temp 資料夾啟動任何專案"
"FileBlockProcess_2"="outlook.exe"
"FileBlockWildcard_2"="**\\temp*\\**"
"FileBlockWhat_2"=dword:00080000
"FileBlockReport_2"=dword:00000002
"FileBlockRuleName_3"="禁止 Outlook Express 從 Temp 資料夾啟動任何專案"
"FileBlockProcess_3"="msimn.exe"
"FileBlockWildcard_3"="**\\temp*\\**"
"FileBlockWhat_3"=dword:00080000
"FileBlockReport_3"=dword:00000002
"FileBlockRuleName_4"="禁止 Packager 從 Temp 資料夾啟動任何專案"
"FileBlockProcess_4"="packager.exe"
"FileBlockWildcard_4"="**\\temp*\\**"
"FileBlockWhat_4"=dword:00080000
"FileBlockReport_4"=dword:00000002
"FileBlockRuleName_5"="禁止 MSN 從 Temp 資料夾啟動任何專案"
"FileBlockProcess_5"="msn6.exe"
"FileBlockWildcard_5"="**\\temp*\\**"
"FileBlockWhat_5"=dword:00080000
"FileBlockReport_5"=dword:00000002
"FileBlockRuleName_6"="禁止 WinZip32 從 Temp 資料夾啟動任何專案"
"FileBlockProcess_6"="winzip32.exe"
"FileBlockWildcard_6"="**\\temp*\\**"
"FileBlockWhat_6"=dword:00080000
"FileBlockReport_6"=dword:00000002
"FileBlockRuleName_7"="禁止 WinRAR 從 Temp 資料夾啟動任何專案"
"FileBlockProcess_7"="winrar.exe"
"FileBlockWildcard_7"="**\\temp*\\**"
"FileBlockWhat_7"=dword:00080000
"FileBlockReport_7"=dword:00000002
"FileBlockRuleName_8"="禁止從 Temp 資料夾執行腳本"
"FileBlockProcess_8"="?script.exe"
"FileBlockWildcard_8"="**\\temp*\\**"
"FileBlockWhat_8"=dword:00020000
"FileBlockReport_8"=dword:00000002
"FileBlockRuleName_9"="禁止使用 tftp.exe,因為某些蠕蟲使用它。"
"FileBlockProcess_9"="*"
"FileBlockWildcard_9"="**\\tftp.exe"
"FileBlockWhat_9"=dword:001f0000
"FileBlockReport_9"=dword:00000001
"FileBlockRuleName_10"="禁止訪問可疑的啟動專案 (.exe)"
"FileBlockProcess_10"="*"
"FileBlockWildcard_10"="**\\startup\\**\\*.exe"
"FileBlockWhat_10"=dword:000f0000
"FileBlockReport_10"=dword:00000001
"FileBlockRuleName_11"="禁止訪問可疑的啟動專案 (.scr)"
"FileBlockProcess_11"="*"
"FileBlockWildcard_11"="**\\startup\\**\\*.scr"
"FileBlockWhat_11"=dword:000f0000
"FileBlockReport_11"=dword:00000001
"FileBlockRuleName_12"="禁止訪問可疑的啟動專案 (.hta)"
"FileBlockProcess_12"="*"
"FileBlockWildcard_12"="**\\startup\\**\\*.hta"
"FileBlockWhat_12"=dword:000f0000
"FileBlockReport_12"=dword:00000001
"FileBlockRuleName_13"="禁止訪問可疑的啟動專案 (.pif)"
"FileBlockProcess_13"="*"
"FileBlockWildcard_13"="**\\startup\\**\\*.pif"
"FileBlockWhat_13"=dword:000f0000
"FileBlockReport_13"=dword:00000001
"FileBlockRuleName_14"="禁止訪問可疑的啟動專案 (.com)"
"FileBlockProcess_14"="*"
"FileBlockWildcard_14"="**\\startup\\**\\*.com"
"FileBlockWhat_14"=dword:000f0000
"FileBlockReport_14"=dword:00000001
"FileBlockRuleName_15"="禁止遠端修改文件 (.exe)"
"FileBlockProcess_15"="System:Remote"
"FileBlockWildcard_15"="**\\*.exe"
"FileBlockWhat_15"=dword:00040000
"FileBlockReport_15"=dword:00000001
"FileBlockRuleName_16"="禁止遠端修改文件 (.scr)"
"FileBlockProcess_16"="System:Remote"
"FileBlockWildcard_16"="**\\*.scr"
"FileBlockWhat_16"=dword:00040000
"FileBlockReport_16"=dword:00000001
"FileBlockRuleName_17"="禁止遠端修改文件 (.ocx)"
"FileBlockProcess_17"="System:Remote"
"FileBlockWildcard_17"="**\\*.ocx"
"FileBlockWhat_17"=dword:00040000
"FileBlockReport_17"=dword:00000001
"FileBlockRuleName_18"="禁止遠端修改文件 (.dll)"
"FileBlockProcess_18"="System:Remote"
"FileBlockWildcard_18"="**\\*.dll"
"FileBlockWhat_18"=dword:00040000
"FileBlockReport_18"=dword:00000001
"FileBlockRuleName_19"="禁止遠端創建/修改/刪除 Windows 資料夾和子資料夾中的任何內容"
"FileBlockProcess_19"="System:Remote"
"FileBlockWildcard_19"="%windir%\\**\\*"
"FileBlockWhat_19"=dword:00150000
"FileBlockReport_19"=dword:00000001
"FileBlockRuleName_20"="禁止遠端創建/修改/刪除 Windows 資料夾和子資料夾中的文件 (.ini)"
"FileBlockProcess_20"="System:Remote"
"FileBlockWildcard_20"="%windir%\\**\\*.ini"
"FileBlockWhat_20"=dword:00150000
"FileBlockReport_20"=dword:00000001
"FileBlockRuleName_21"="禁止遠端創建/修改/刪除系統根目錄中的任何內容"
"FileBlockProcess_21"="System:Remote"
"FileBlockWildcard_21"="%systemdrive%\\*"
"FileBlockWhat_21"=dword:00150000
"FileBlockReport_21"=dword:00000001
"FileBlockRuleName_22"="禁止遠端創建/修改/刪除文件 (.exe)"
"FileBlockProcess_22"="System:Remote"
"FileBlockWildcard_22"="**\\*.exe"
"FileBlockWhat_22"=dword:00150000
"FileBlockReport_22"=dword:00000001
"FileBlockRuleName_23"="禁止遠端創建/修改/刪除文件 (.scr)"
"FileBlockProcess_23"="System:Remote"
"FileBlockWildcard_23"="**\\*.scr"
"FileBlockWhat_23"=dword:00150000
"FileBlockReport_23"=dword:00000001
"FileBlockRuleName_24"="禁止遠端創建/修改/刪除文件 (.ocx)"
"FileBlockProcess_24"="System:Remote"
"FileBlockWildcard_24"="**\\*.ocx"
"FileBlockWhat_24"=dword:00150000
"FileBlockReport_24"=dword:00000001
"FileBlockRuleName_25"="禁止遠端創建/修改/刪除文件(.pif)"
"FileBlockProcess_25"="System:Remote"
"FileBlockWildcard_25"="**\\*.pif"
"FileBlockWhat_25"=dword:00150000
"FileBlockReport_25"=dword:00000001
"FileBlockRuleName_26"="禁止遠端創建 autorun.inf 文件"
"FileBlockProcess_26"="System:Remote"
"FileBlockWildcard_26"="**\\autorun.inf"
"FileBlockWhat_26"=dword:00010000
"FileBlockReport_26"=dword:00000001
"FileBlockRuleName_27"="監視系統資料夾"
"FileBlockProcess_27"="*"
"FileBlockWildcard_27"="%windir%\\**\\*.*"
"FileBlockWhat_27"=dword:00050000
"FileBlockReport_27"=dword:00000002
"FileBlockRuleName_28"="禁止系統盤根目錄建立新文件"
"FileBlockProcess_28"="*"
"FileBlockWildcard_28"="%systemdrive%\\*.*"
"FileBlockWhat_28"=dword:00010000
"FileBlockReport_28"=dword:00000001
"FileBlockRuleName_29"="禁止在 Windows 資料夾中創建新文件 (.dll)"
"FileBlockProcess_29"="*"
"FileBlockWildcard_29"="%windir%\\*.dll"
"FileBlockWhat_29"=dword:00010000
"FileBlockReport_29"=dword:00000001
"FileBlockRuleName_30"="禁止在 Windows 資料夾中創建新文件 (.exe)"
"FileBlockProcess_30"="*"
"FileBlockWildcard_30"="%windir%\\*.exe"
"FileBlockWhat_30"=dword:00010000
"FileBlockReport_30"=dword:00000001
"FileBlockRuleName_31"="禁止在 System32 資料夾中創建新文件 (.dll)"
"FileBlockProcess_31"="*"
"FileBlockWildcard_31"="%windir%\\system32\\*.dll"
"FileBlockWhat_31"=dword:00010000
"FileBlockReport_31"=dword:00000001
"FileBlockRuleName_32"="禁止在 System32 資料夾中創建新文件 (.exe)"
"FileBlockProcess_32"="*"
"FileBlockWildcard_32"="%windir%\\system32\\*.exe"
"FileBlockWhat_32"=dword:00010000
"FileBlockReport_32"=dword:00000001
"FileBlockRuleName_33"="禁止在 Windows 資料夾中創建新文件 (.sys)"
"FileBlockProcess_33"="*"
"FileBlockWildcard_33"="%windir%\\*.sys"
"FileBlockWhat_33"=dword:00010000
"FileBlockReport_33"=dword:00000001
"FileBlockRuleName_34"="禁止在 Windows 資料夾中創建新文件 (.com)"
"FileBlockProcess_34"="*"
"FileBlockWildcard_34"="%windir%\\*.com"
"FileBlockWhat_34"=dword:00010000
"FileBlockReport_34"=dword:00000001
"FileBlockRuleName_35"="禁止在 System32 資料夾中創建新文件 (.sys)"
"FileBlockProcess_35"="*"
"FileBlockWildcard_35"="%windir%\\system32\\*.sys"
"FileBlockWhat_35"=dword:00010000
"FileBlockReport_35"=dword:00000001
"FileBlockRuleName_36"="禁止在 System32 資料夾中創建新文件 (.com)"
"FileBlockProcess_36"="*"
"FileBlockWildcard_36"="%windir%\\system32\\*.com"
"FileBlockWhat_36"=dword:00010000
"FileBlockReport_36"=dword:00000001
"FileBlockRuleName_37"="禁止在 Windows 資料夾中創建新文件 (.bat)"
"FileBlockProcess_37"="*"
"FileBlockWildcard_37"="%windir%\\*.bat"
"FileBlockWhat_37"=dword:00050000
"FileBlockReport_37"=dword:00000001
"FileBlockRuleName_38"="禁止在 System32 資料夾中創建新文件 (.bat)"
"FileBlockProcess_38"="*"
"FileBlockWildcard_38"="%windir%\\system32\\*.bat"
"FileBlockWhat_38"=dword:00050000
"FileBlockReport_38"=dword:00000001
"FileBlockRuleName_39"="保護hosts"
"FileBlockProcess_39"="*"
"FileBlockWildcard_39"="%windir%\\system32\\drivers\\etc\\hosts"
"FileBlockWhat_39"=dword:00150000
"FileBlockReport_39"=dword:00000001
"FileBlockRuleName_40"="保護win.ini"
"FileBlockProcess_40"="*"
"FileBlockWildcard_40"="%windir%\\win.ini"
"FileBlockWhat_40"=dword:00140000
"FileBlockReport_40"=dword:00000001
"FileBlockRuleName_41"="保護system.ini"
"FileBlockProcess_41"="*"
"FileBlockWildcard_41"="%windir%\\system.ini"
"FileBlockWhat_41"=dword:00140000
"FileBlockReport_41"=dword:00000001
"FileBlockRuleName_42"="免疫3721上網助手/中文郵"
"FileBlockProcess_42"="*"
"FileBlockWildcard_42"="**\\3721\\**"
"FileBlockWhat_42"=dword:00050000
"FileBlockReport_42"=dword:00000001
"FileBlockRuleName_43"="禁止雅虎助手"
"FileBlockProcess_43"="*"
"FileBlockWildcard_43"="**\\Assistant\\**"
"FileBlockWhat_43"=dword:00050000
"FileBlockReport_43"=dword:00000001
"FileBlockRuleName_44"="禁止3721網路實名"
"FileBlockProcess_44"="*"
"FileBlockWildcard_44"="%windir%\\Downloaded Program Files\\cns*.*"
"FileBlockWhat_44"=dword:00050000
"FileBlockReport_44"=dword:00000001
"FileBlockRuleName_45"="禁止DUDU"
"FileBlockProcess_45"="*"
"FileBlockWildcard_45"="**\\dudu\\**"
"FileBlockWhat_45"=dword:00050000
"FileBlockReport_45"=dword:00000001
"FileBlockRuleName_46"="禁止網路豬"
"FileBlockProcess_46"="*"
"FileBlockWildcard_46"="**\\網路豬\\**"
"FileBlockWhat_46"=dword:00050000
"FileBlockReport_46"=dword:00000001
"FileBlockRuleName_47"="禁止劃詞搜索"
"FileBlockProcess_47"="*"
"FileBlockWildcard_47"="**\\Program Files\\wsearch\\**"
"FileBlockWhat_47"=dword:00050000
"FileBlockReport_47"=dword:00000001
"FileBlockRuleName_48"="禁止新劃詞搜索"
"FileBlockProcess_48"="*"
"FileBlockWildcard_48"="**\\*HuaCi*\\**"
"FileBlockWhat_48"=dword:00050000
"FileBlockReport_48"=dword:00000001
"FileBlockRuleName_49"="禁止baidu"
"FileBlockProcess_49"="*"
"FileBlockWildcard_49"="**\\baidu\\**"
"FileBlockWhat_49"=dword:00050000
"FileBlockReport_49"=dword:00000001
"FileBlockRuleName_50"="禁止360度搜"
"FileBlockProcess_50"="*"
"FileBlockWildcard_50"="**\\360so\\**"
"FileBlockWhat_50"=dword:00050000
"FileBlockReport_50"=dword:00000001
"FileBlockRuleName_51"="禁止QQ廣告"
"FileBlockProcess_51"="*"
"FileBlockWildcard_51"="**\\AD\\**"
"FileBlockWhat_51"=dword:00050000
"FileBlockReport_51"=dword:00000001
"FileBlockRuleName_52"="禁止Infofo Bar"
"FileBlockProcess_52"="*"
"FileBlockWildcard_52"="**\\Infofo Bar\\**"
"FileBlockWhat_52"=dword:00050000
"FileBlockReport_52"=dword:00000001
"FileBlockRuleName_53"="禁止IInfo"
"FileBlockProcess_53"="*"
"FileBlockWildcard_53"="**\\IInfo\\**"
"FileBlockWhat_53"=dword:00050000
"FileBlockReport_53"=dword:00000001
"FileBlockRuleName_54"="禁止很棒小秘書"
"FileBlockProcess_54"="*"
"FileBlockWildcard_54"="**\\HDP\\**"
"FileBlockWhat_54"=dword:00050000
"FileBlockReport_54"=dword:00000001
"FileBlockRuleName_55"="禁止很棒小秘書"
"FileBlockProcess_55"="*"
"FileBlockWildcard_55"="**\\henbangtemp\\**"
"FileBlockWhat_55"=dword:00050000
"FileBlockReport_55"=dword:00000001
"FileBlockRuleName_56"="禁止青蛙娛樂"
"FileBlockProcess_56"="*"
"FileBlockWildcard_56"="**\\Qyule\\**"
"FileBlockWhat_56"=dword:00050000
"FileBlockReport_56"=dword:00000001
"FileBlockRuleName_57"="禁止一搜"
"FileBlockProcess_57"="*"
"FileBlockWildcard_57"="**\\YiSou\\**"
"FileBlockWhat_57"=dword:00050000
"FileBlockReport_57"=dword:00000001
"FileBlockRuleName_58"="禁止CNNIC"
"FileBlockProcess_58"="*"
"FileBlockWildcard_58"="**\\CNNIC\\**"
"FileBlockWhat_58"=dword:00050000
"FileBlockReport_58"=dword:00000001
"FileBlockRuleName_59"="禁止CNNIC"
"FileBlockProcess_59"="*"
"FileBlockWildcard_59"="**\\cdn*.*"
"FileBlockWhat_59"=dword:00050000
"FileBlockReport_59"=dword:00000001
"FileBlockRuleName_60"="禁止阿里巴巴商機直通車"
"FileBlockProcess_60"="*"
"FileBlockWildcard_60"="**\\alitb*\\**"
"FileBlockWhat_60"=dword:00050000
"FileBlockReport_60"=dword:00000001
"FileBlockRuleName_61"="禁止新浪點點通"
"FileBlockProcess_61"="*"
"FileBlockWildcard_61"="**\\*ddt*\\**"
"FileBlockWhat_61"=dword:00050000
"FileBlockReport_61"=dword:00000001
"FileBlockRuleName_62"="禁止中搜"
"FileBlockProcess_62"="*"
"FileBlockWildcard_62"="**\\*Searchnet*\\**"
"FileBlockWhat_62"=dword:00050000
"FileBlockReport_62"=dword:00000001
"FileBlockRuleName_63"="隱私文件"
"FileBlockProcess_63"="*"
"FileBlockWildcard_63"="E:\\MTV\\hhh\\**"
"FileBlockWhat_63"=dword:001a0000
"FileBlockReport_63"=dword:00000000
__________________
http://bbsimg.qianlong.com/upload/01/08/29/68/1082968_1136014649812.gif
psac 目前離線  
送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次