ogamy
Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\C_1252.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\PROGRAM FILES\POWERMENU\POWERMENUHOOK.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\Program Files\WINZIP\WINZIP.CHM User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\Program Files\WINZIP\WZPOPUP.HLP User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\Program Files\WINZIP\WZINST.CHM User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\MSCTFIME.IME User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\SECUR32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\CLBCATQ.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\SYSTEM32\COMRES.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\REGISTRATION\R000000000016.CLB User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 19:59:35 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\system32\Msimtf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:01:46 Would be blocked by behavior blocking rule (rule is currently not enforced) NT AUTHORITY\SYSTEM winlogon.exe C:\WINDOWS\media\Windows XP Ding.wav User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:01:47 Would be blocked by behavior blocking rule (rule is currently not enforced) NT AUTHORITY\SYSTEM winlogon.exe C:\WINDOWS\system32\Msctf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\IMM32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\LPK.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\USP10.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Program Files\google\Google Desktop Search\GoogleDesktopNetwork3.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WS2_32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WS2HELP.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:10 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\SHELL32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\WindowsShell.Manifest User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\uniq User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\Secur32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:11 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\rsaenh.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\6T80AEFF\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\JXBP4L3T\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:11 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\TVNX572L\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\CD996JDU\desktop.ini User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Cookies\index.dat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\History\History.IE5\index.dat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:12 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\ws2_32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WS2HELP.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\System32\mswsock.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\DNSAPI.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\System32\winrnr.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\sensapi.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\RASAPI32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:12 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\rasman.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\TAPI32.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\rtutils.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:13 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\WINDOWS\system32\WINMM.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:22 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\system32\Msimtf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:44 Blocked by port blocking rule activate_crack * Common Maximum Protection:Prevent HTTP communication 85.249.23.119:80
03.04.2006 20:02:44 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:44 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:44 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\kl1.exe User-defined Rules:Block create, delete files in sys drive Action blocked : Create
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:45 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\kl1.exe User-defined Rules:Block create, delete files in sys drive Action blocked : Write
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:46 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NETa\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\kl1.exe User-defined Rules:Block create, delete files in sys drive Action blocked : Write
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\Galina\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:47 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\NET\Local Settings\Temporary Internet Files\Content.IE5\index.dat AntiVirus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read
03.04.2006 20:02:48 Blocked by behavior blocking rule TEST\NET activate_crack * C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk AntiVirus Standard Protection:Protect phonebook files from password and email address stealers Action blocked : Read
03.04.2006 20:02:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:02:49 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET WINZIP32.EXE C:\WINDOWS\system32\Msimtf.dll User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:02:49 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET activate_crack * C:\autoexec.bat User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:47 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\NTDLL.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\KERNEL32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\UNICODE.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:48 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\LOCALE.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:49 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\SORTTBLS.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:50 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\LZ32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:51 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\ADVAPI32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:52 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\RPCRT4.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\MSVCRT.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\CTYPE.NLS User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\PROGRAM FILES\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\PROGRAM FILES\MCAFEE\VIRUSSCAN ENTERPRISE\VSCAN.BOF User-defined Rules:Block create, delete files in sys drive Action blocked : Read
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\NTDLL.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\KERNEL32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\LZ32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\ADVAPI32.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\RPCRT4.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\WINDOWS\SYSTEM32\MSVCRT.DLL User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:53 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\PROGRAM FILES\MCAFEE\VIRUSSCAN ENTERPRISE\ENTVUTIL.EXE User-defined Rules:Block create, delete files in sys drive Action blocked : Execute
03.04.2006 20:03:54 Would be blocked by behavior blocking rule (rule is currently not enforced) TEST\NET entvutil.exe C:\Program Files\McAfee\VirusScan Enterprise\vscan.bof User-defined Rules:Block create, delete files in sys drive Action blocked : Read
Добавлено:
BETA VSE8.5
03.04.2006 6:18:34 Engine version =5000.0741
03.04.2006 6:18:34 AntiVirus DAT version =4731.0000
03.04.2006 6:18:34 Number of detection signatures in EXTRA.DAT =2
03.04.2006 6:18:34 Names of detection signatures in EXTRA.DAT =Generic Downloader (ED) Generic StartPage.w (ED)
**************************************************
Это логи AccesProtection
Добавлено:
03.04.2006 19:50:46 Moved (Clean failed) TEST\NET Opera.exe C:\Documents and Settings\NET\Application Data\Opera\Opera1\profile\cache4\opr00UB8.html\opr00UB8\00000337.js Exploit-IEPageSpoof (Trojan)
03.04.2006 19:50:51 Moved (Clean failed) TEST\NET GoogleDesktopCr* C:\quarantine\opr00UB8.html.mcm\opr00UB8.html\00000337.js Exploit-IEPageSpoof (Trojan)
********************************
Это данные One-Access Scanner
Добавлено:
Сщбственно тест провел что бы проследить действия вируса.
Добавлено:
извините не могу на VSE8.0 система виснет.
Добавлено:
tool1.exe,tool2.exe,tool3.exe,tool4.exe,tool5.exe,toolbar.exe,ms1.exe,country.exe,kl1.exe-это файлы создаваемые самим активат_крэком в корне диска С:, но без и-нета они 0 байт. Еще desktop.ini в темпах iexplore и opera.
Добавлено:
03.04.2006 22:08:16 User defined detection : Moved (Clean failed because the detection isn't cleanable) TEST\NET explorer.exe D:\activate_crack.exe\activate_crack.exe User defined detection: ГАВНО (Potentially Unwanted Program)............
*******************************************************************
Engine version =5000.0741
AntiVirus DAT version =4732.0000
Number of detection signatures in EXTRA.DAT =2
Names of detection signatures in EXTRA.DAT =Generic Downloader (ED) Generic StartPage.w (ED) |
Всего записей: 241 | Зарегистр. 21-03-2006 | Отправлено: 20:21 03-04-2006 | Исправлено: ogamy, 21:04 03-04-2006 |
|
(/rule is currently not enforced/ правило сейчас не используется) Я запретил любые обращения к системным каталогам ивообще диску С:, создал список исключений для зарегестрированных приложений. Запускал оба виря - активатора и paytime - и наблюдал за работой VSE. Сначала report, потом block&report. 
если в EXTRA.DAT они включены?
Пробовал несколько раз и только раз на четвертый VSE стал их идентифицыровать. 
On-Demand Scan тоже файлы не различал. 
Главное чтобы правила не противоречили друг-другу.К примеру: **Outlook Express** 
, та гадость что в базах имеется удаляется, та что не известна блокируется по процессу.