Bug 2008-7-16 09:20
Builds 8.0.0.432+
Dear All,
KL Developers would once again like to request your help.
It is quite possible that a new feature will be added for CF1 - monitoring of changes for Trusted Applications
Asyou already know, malware does not only modify system related files,but also other applications (browsers, email clients, etc) in anattempt at causing harm.
Thus to prevent the earlier fromoccuring, we had implemented a new feature.
[b]It is called "Auto resourcecreation based on Trusted Application"[/b]. For instance if you everlaunched a program called D:\Program Files\ASUS WiFi-APSolo\RTxAdmin.exe", the application will be classified as Trusted,because its known to us through Whitelisting Database. At the same timean appropriate resource will also be created. Other Trusted programswill also gain unrestricted access to it, and an alert prompt for allthe rest.
We need to check the following:
1) How correct is the creation nature of those resources
2) Would untrusted programs able to elevate without causing alerts
3) [b]Most importantly -[/b] that there are no falses for Trusted Applications
Please replace the attached module with self-defense turned OFF and restart the product.
[quote][color=Red]附件請自行更改附檔名為.ppl[/color][/quote]
------------------------------------------------------------------------------------------------------------------------
我發現HIPS多了這個規則
[img=841,599]http://img214.imageshack.us/img214/2489/88800647hh6.jpg[/img]
不知道對於自我保護是否有所提升?
[quote][color=Red]注意! 本模組僅適用於432[/color][/quote]
laolaoliu 2008-7-16 09:27
andy 2008-7-16 11:29
Soviet總部,很強大......怎麼是中文的:L
shenhwang 2008-7-16 14:04
每個人裝的程式不同,顯示的內容也就不同
原始的安裝路徑是中文 ,抓到的資料也就是中文
skywalker 2008-7-17 12:55
報告bug大大,我的8.0.0.432beta板未裝這個模組前都抓不到病毒(一開馬上顯示xxx病毒名並警告勿下載),未裝時不會掃到病毒碼後來開啟時,hips擋到病毒行為也時有時無(因為hips沒擋下來我用ad-aware有掃到病毒!代表未更新hips時kis根本就是讓病毒...放行;ya: ),這狀況在kis正式版我測過都抓得住,所以這模組大概是更正432 beta版完全閹割的毛病吧?:P