EXPLORER.EXE 透過 HOOK 調用 IE 是不是很奇怪
這支不准 HOOK就失效了 並 並請
HIPS 自動建立此新規則 結束進程
Activity control rule
Name:
Application
Parent process Identifier: 2588
Parent process: EXPLORER.EXE
Process identifier: 316
File: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
User Identifier: XPSM1210\peter
Hook type: 0
Thread for event iterception: 0
Technical de
scription
The Set
WindowsHookEx installs a hook into the system hook chain. A hook is a point in the system message-handling mechanism where an application can install a subroutine to monitor the message traffic in the system and process certain types of messages before they reach the target window procedure. This subroutine will be called every time an event occurs (receiving a notification, pressing a key on the keyboard, opening a dialog box, etc.). This function is mainly used by special software for monitoring user activities.
However, spyware applications can install their own event interceptors to steal confidential data from a personal computer user.
Therefore, if the application is unknown to you, block any activity by this application.
User action: Block, Remember this decision Always (create the rule)
use event's parameters for creating a new rule
Kill the application after blocking
[
本帖最後由 peter_yu 於 2007-8-30 23:41 編輯 ]
