這是在http://www.spycar.org/Spycar.html中下載的測試程式
有17之測試程式 ,TowTruck.exe這個是用來評分和還原測試程式所更改的地方,使用時直接按Cleanup

我的EQ只有IE-SetHomePage.exe和IE-SetSearchPage.exe沒過

期待大大發出新的EQ規則喔！
使用大大給的規則的人  留

試試看，應該不會有永久性傷害吧……（對TH的傻瓜相機式規則不太有信心）

TowTruck.exe就可以還原了

TH 3 BETA預設規則全數直接抓去關。它到底是用甚麼條件在抓實在是很讓人傷腦筋的事，這幾個測試程式它也都有案備查了（團隊已經測過的意思，說明中有名字）。我想，等到他們把測試程式的目標由IE改成FF，大概就會全MISS吧……不知道自訂規則要怎麼寫才防的住以FF為目標的攻擊……

但是評分時每一樣都顯示Not preformed？而且還忽然抓emule有鍵盤測錄？

解壓縮時全被NORTON 2008幹掉

這…這樣不準吧……

我如果沒關小紅傘也會全幹掉（18個17個歸為SPR）……這種出來一段時間的測試程式多數防毒大概都會報，要關掉監控才能測HIPS行為判斷力（表示能擋下長相不同但以同樣方式攻擊系統的惡意程式）……

不過同樣走傻瓜相機路線的Norton AntiBot應該也能全過這類測試吧。

可是NORTON 2008連剩下那個說是清除的也幹掉

Autostart Tests

1.Click here make Spycar try to drop a file and install a Registry key to execute it under HKLM\Software\Microsoft\Windows\CurrentVersion\Run




2.Click here to make Spycar try to drop a file and install a Registry key to execute it under HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce




3.Click here to make Spycar try to drop a file and install a Registry key to execute it under HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx






4.Click here to make Spycar try to drop a file and install a Registry key to execute it under HKCU\Software\Microsoft\Windows\CurrentVersion\Run




5.Click here to make Spycar try to drop a file and install a Registry key to execute it under HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce




6.Click here to make Spycar try to drop a file and install a Registry key to execute it under HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx






Internet Explorer Config Change Tests

1.Click here to make Spycar try to change your default home page in IE



2.Click here to make Spycar try to lockout users from changing the default home page in IE



3.Click here to make Spycar try to change your default search page in IE



4.Click here to make Spycar try to remove the Advanced Tab in your IE Internet Options Screen



5.Click here to make Spycar try to remove the Programs Tab in your IE Internet Options Screen



6.Click here to make Spycar try to remove the Connections Tab in your IE Internet Options Screen



7.Click here to make Spycar try to remove the Content Tab in your IE Internet Options Screen



8.Click here to make Spycar try to remove the Privacy Tab in your IE Internet Options Screen



9.Click here to make Spycar try to remove the Security Tab in your IE Internet Options Screen



10.Click here to make Spycar try to remove the General Tab in your IE Internet Options Screen



Network Config Change Tests

1.Click here to make Spycar try to add an entry to your hosts file (typically c:\windows\system32\drivers\etc\hosts)






[ 本帖最後由 Roger 於 2007-9-4 15:37 編輯 ]

心得：

第一個測試：需先靠FD，再來RD

第二個測試：完全靠RD

第三個測試：完全靠FD

我的測試方式都是將EQ的詢問視窗關閉,也就是詢問全部允許

By pass RegMon(突破RD保护)



常规方法A：



特殊方法A：





常规方法B：



特殊方法B：

來試試看我的可以過幾項