"PortBlockName_0"="禁止大量发送邮件的蠕虫病毒发送邮件"
"PortBlockDirection_0"=dword:00000001
"PortBlockRange_0"="25"
"PortBlockWhiteList_0"="amgrsrvc.exe,tomcat.exe,outlook.exe,msimn.exe,agent.exe,eudora.exe,nlnotes.exe,mozilla.exe,netscp.exe,opera.exe,winpm-32.exe,pine.exe,poco.exe,thebat.exe,thunderbird.exe,ntaskldr.exe,inetinfo.exe,nsmtp.exe,nrouter.exe,tomcat5.exe,tomcat5w.exe,ebs.exe,FireSvc.exe,modulewrapper.exe,MSKSrvr.exe,MSKDetct.exe,foxmail.exe,dreammail.exe,dm2005.exe"
"PortBlockEnabled_1"=dword:00000001
"PortBlockName_1"="禁止 IRC 通讯"
"PortBlockDirection_1"=dword:00000001
"PortBlockRange_1"="6666-6669"
"PortBlockWhiteList_1"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,VNNClient.exe,utorrent.exe"
"PortBlockEnabled_2"=dword:00000001
"PortBlockName_2"="禁止 IRC 通讯"
"PortBlockDirection_2"=dword:00000000
"PortBlockRange_2"="6666-6669"
"PortBlockWhiteList_2"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,VNNClient.exe,utorrent.exe"
"PortBlockEnabled_3"=dword:00000000
"PortBlockName_3"="禁止从万维网上下载"
"PortBlockDirection_3"=dword:00000001
"PortBlockRange_3"="80"
"PortBlockWhiteList_3"="outlook.exe,msimn.exe,iexplore.exe,mozilla.exe,netscp.exe,opera.exe,thunderbird.exe,msn6.exe,neo20.exe,mobsync.exe,waol.exe,nlnotes.exe"
"PortBlockEnabled_4"=dword:00000000
"PortBlockName_4"="禁止 FTP 入站通讯(阻止诸如 Nimda 等病毒传播)"
"PortBlockDirection_4"=dword:00000000
"PortBlockRange_4"="20-21"
"PortBlockWhiteList_4"=""
"PortBlockEnabled_5"=dword:00000000
"PortBlockName_5"="禁止 FTP 出站通讯(阻止病毒下载文件)"
"PortBlockDirection_5"=dword:00000001
"PortBlockRange_5"="20-21"
"PortBlockWhiteList_5"=" ftp.exe,iexplore.exe"
"PortBlockEnabled_6"=dword:00000001
"PortBlockName_6"="禁止波波入侵135"
"PortBlockDirection_6"=dword:00000000
"PortBlockRange_6"="135-135"
"PortBlockWhiteList_6"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,utorrent.exe"
"PortBlockEnabled_7"=dword:00000001
"PortBlockName_7"="禁止波波入侵445"
"PortBlockDirection_7"=dword:00000000
"PortBlockRange_7"="445-445"
"PortBlockWhiteList_7"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,utorrent.exe"
"FileBlockRuleName_0"="禁止在windows下生成如SCVHOST,SCVh0ST这些仿冒伪劣垃圾"
"FileBlockProcess_0"="*"
"FileBlockWhat_0"=dword:000f0000
"FileBlockReport_0"=dword:00000001
"FileBlockRuleName_1"="禁止在windows下生成如smss仿冒伪劣垃圾"
"FileBlockProcess_1"="*"
"FileBlockWhat_1"=dword:000f0000
"FileBlockReport_1"=dword:00000001
"FileBlockRuleName_2"="禁止 Outlook 从 Temp 文件夹启动任何项目"
"FileBlockProcess_2"="outlook.exe"
"FileBlockWildcard_2"="**\\temp*\\**"
"FileBlockWhat_2"=dword:00080000
"FileBlockReport_2"=dword:00000001
"FileBlockRuleName_3"="禁止 Outlook Express 从 Temp 文件夹启动任何项目"
"FileBlockProcess_3"="msimn.exe"
"FileBlockWildcard_3"="**\\temp*\\**"
"FileBlockWhat_3"=dword:00080000
"FileBlockReport_3"=dword:00000001
"FileBlockRuleName_4"="禁止 从 Temp 文件夹安装SYS底层驱动"
"FileBlockProcess_4"="*"
"FileBlockWildcard_4"="**\\temp*\\*.sys"
"FileBlockWhat_4"=dword:00090000
"FileBlockReport_4"=dword:00000001
"FileBlockRuleName_5"="禁止Internet Explore文件夹安装SYS底层驱动"
"FileBlockProcess_5"="*"
"FileBlockWildcard_5"="**\\Internet Explorer\\**\\*.sys"
"FileBlockWhat_5"=dword:00090000
"FileBlockReport_5"=dword:00000001
"FileBlockRuleName_6"="禁止腾讯的SOSOBAR"
"FileBlockProcess_6"="*"
"FileBlockWildcard_6"="**\\Sosobar*\\**"
"FileBlockWhat_6"=dword:000b0000
"FileBlockReport_6"=dword:00000001
"FileBlockRuleName_7"="禁止从 Temp 文件夹执行脚本"
"FileBlockProcess_7"="?script.exe"
"FileBlockWildcard_7"="**\\temp*\\**"
"FileBlockWhat_7"=dword:00020000
"FileBlockReport_7"=dword:00000001
"FileBlockRuleName_8"="禁止在windows文件夹安装rundll32.exerunD1132.仿冒"
"FileBlockProcess_8"="*"
"FileBlockWildcard_8"="%windir%\\**\un**32.exe"
"FileBlockWhat_8"=dword:00050000
"FileBlockReport_8"=dword:00000001
"FileBlockRuleName_9"="禁止访问可疑的启动项目 (.exe)"
"FileBlockProcess_9"="*"
"FileBlockWildcard_9"="**\\startup\\**\\*.exe"
"FileBlockWhat_9"=dword:000f0000
"FileBlockReport_9"=dword:00000001
"FileBlockRuleName_10"="禁止访问可疑的启动项目 (.scr)"
"FileBlockProcess_10"="*"
"FileBlockWildcard_10"="**\\startup\\**\\*.scr"
"FileBlockWhat_10"=dword:000f0000
"FileBlockReport_10"=dword:00000001
"FileBlockRuleName_11"="禁止访问可疑的启动项目 (.hta)"
"FileBlockProcess_11"="*"
"FileBlockWildcard_11"="**\\startup\\**\\*.hta"
"FileBlockWhat_11"=dword:000f0000
"FileBlockReport_11"=dword:00000001
"FileBlockRuleName_12"="禁止访问可疑的启动项目 (.pif)"
"FileBlockProcess_12"="*"
"FileBlockWildcard_12"="**\\startup\\**\\*.pif"
"FileBlockWhat_12"=dword:000f0000
"FileBlockReport_12"=dword:00000001
"FileBlockRuleName_13"="禁止访问可疑的启动项目 (.com)"
"FileBlockProcess_13"="*"
"FileBlockWildcard_13"="**\\startup\\**\\*.com"
"FileBlockWhat_13"=dword:000f0000
"FileBlockReport_13"=dword:00000001
"FileBlockRuleName_14"="禁止远程修改文件 (.exe)"
"FileBlockProcess_14"="System:Remote"
"FileBlockWildcard_14"="**\\*.exe"
"FileBlockWhat_14"=dword:00040000
"FileBlockReport_14"=dword:00000001
"FileBlockRuleName_15"="禁止远程修改文件 (.scr)"
"FileBlockProcess_15"="System:Remote"
"FileBlockWildcard_15"="**\\*.scr"
"FileBlockWhat_15"=dword:00040000
"FileBlockReport_15"=dword:00000001
"FileBlockRuleName_16"="禁止远程修改文件 (.ocx)"
"FileBlockProcess_16"="System:Remote"
"FileBlockWildcard_16"="**\\*.ocx"
"FileBlockWhat_16"=dword:00040000
"FileBlockReport_16"=dword:00000001
"FileBlockRuleName_17"="禁止远程修改文件 (.dll)"
"FileBlockProcess_17"="System:Remote"
"FileBlockWildcard_17"="**\\*.dll"
"FileBlockWhat_17"=dword:00040000
"FileBlockReport_17"=dword:00000001
"FileBlockRuleName_18"="禁止远程创建/修改/删除 Windows 文件夹和子文件夹中的任何内容"
"FileBlockProcess_18"="System:Remote"
"FileBlockWildcard_18"="%windir%\\**\\*"
"FileBlockWhat_18"=dword:00150000
"FileBlockReport_18"=dword:00000001
"FileBlockRuleName_19"="禁止远程创建/修改/删除 Windows 文件夹和子文件夹中的文件 (.ini)"
"FileBlockProcess_19"="System:Remote"
"FileBlockWildcard_19"="%windir%\\**\\*.ini"
"FileBlockWhat_19"=dword:00150000
"FileBlockReport_19"=dword:00000001
"FileBlockRuleName_20"="禁止远程创建/修改/删除系统根目录中的任何内容"
"FileBlockProcess_20"="System:Remote"
"FileBlockWildcard_20"="%systemdrive%\\*"
"FileBlockWhat_20"=dword:00150000
"FileBlockReport_20"=dword:00000001
"FileBlockRuleName_21"="禁止远程创建/修改/删除文件 (.exe)"
"FileBlockProcess_21"="System:Remote"
"FileBlockWildcard_21"="**\\*.exe"
"FileBlockWhat_21"=dword:00150000
"FileBlockReport_21"=dword:00000001
"FileBlockRuleName_22"="禁止远程创建/修改/删除文件 (.scr)"
"FileBlockProcess_22"="System:Remote"
"FileBlockWildcard_22"="**\\*.scr"
"FileBlockWhat_22"=dword:00150000
"FileBlockReport_22"=dword:00000001
"FileBlockRuleName_23"="禁止远程创建/修改/删除文件 (.ocx)"
"FileBlockProcess_23"="System:Remote"
"FileBlockWildcard_23"="**\\*.ocx"
"FileBlockWhat_23"=dword:00150000
"FileBlockReport_23"=dword:00000001
"FileBlockRuleName_24"="禁止远程创建/修改/删除文件(.pif)"
"FileBlockProcess_24"="System:Remote"
"FileBlockWildcard_24"="**\\*.pif"
"FileBlockWhat_24"=dword:00150000
"FileBlockReport_24"=dword:00000001
"FileBlockRuleName_25"="禁止创建 autorun.inf 文件"
"FileBlockProcess_25"="*"
"FileBlockWildcard_25"="**\\autorun.inf"
"FileBlockWhat_25"=dword:00050000
"FileBlockReport_25"=dword:00000001
"FileBlockRuleName_26"="禁止在 Windows 文件夹中创建新文件 (任何文件)"
"FileBlockProcess_26"="*"
"FileBlockWildcard_26"="%windir%\\*.*"
"FileBlockWhat_26"=dword:00010000
"FileBlockReport_26"=dword:00000001
"FileBlockRuleName_27"="禁止ADS流"
"FileBlockProcess_27"="*"
"FileBlockWildcard_27"="%SystemDrive%**:*"
"FileBlockWhat_27"=dword:000d0000
"FileBlockReport_27"=dword:00000001
"FileBlockRuleName_28"="禁止在 System32 文件夹中创建新文件 (任何文件)"
"FileBlockProcess_28"="*"
"FileBlockWildcard_28"="%windir%\\system32\\*.*"
"FileBlockWhat_28"=dword:00010000
"FileBlockReport_28"=dword:00000001
"FileBlockRuleName_29"="禁止在WINDOWS创建SVCHOST.EXE仿冒垃圾"
"FileBlockProcess_29"="*"
"FileBlockWhat_29"=dword:000b0000
"FileBlockReport_29"=dword:00000001
"FileBlockRuleName_30"="禁止互联星空拨号安装程序自释放到TEMP"
"FileBlockProcess_30"="*"
"FileBlockWildcard_30"="**\\China*net\\**"
"FileBlockWhat_30"=dword:000f0000
"FileBlockReport_30"=dword:00000001
"FileBlockRuleName_31"="防止威金规则"
"FileBlockProcess_31"="*"
"FileBlockWhat_31"=dword:000f0000
"FileBlockReport_31"=dword:00000001
"FileBlockRuleName_32"="禁止安装3721,并阻止运行"
"FileBlockProcess_32"="*"
"FileBlockWildcard_32"="**\\3721\\**"
"FileBlockWhat_32"=dword:000f0000
"FileBlockReport_32"=dword:00000001
"FileBlockRuleName_33"="禁止安装YAHOO助手"
"FileBlockProcess_33"="*"
"FileBlockWildcard_33"="**\\Assistant\\**"
"FileBlockWhat_33"=dword:000f0000
"FileBlockReport_33"=dword:00000001
"FileBlockRuleName_34"="禁止中文上网安装"
"FileBlockProcess_34"="*"
"FileBlockWildcard_34"="**\\CNNIC\\**"
"FileBlockWhat_34"=dword:000f0000
"FileBlockReport_34"=dword:00000001
"FileBlockRuleName_35"="禁止安装一搜工具条"
"FileBlockProcess_35"="*"
"FileBlockWildcard_35"="**\\YiSou\\**"
"FileBlockWhat_35"=dword:000f0000
"FileBlockReport_35"=dword:00000001
"FileBlockRuleName_36"="禁止安装很棒小秘书"
"FileBlockProcess_36"="*"
"FileBlockWildcard_36"="**\\HBClient\\**"
"FileBlockWhat_36"=dword:000f0000
"FileBlockReport_36"=dword:00000001
"FileBlockRuleName_37"="防止威金病毒读取HOSTS"
"FileBlockProcess_37"="*"
"FileBlockWildcard_37"="%windir%\\system32\\drivers\\etc\\**"
"FileBlockWhat_37"=dword:00050000
"FileBlockReport_37"=dword:00000001
"FileBlockRuleName_38"="禁止U88财富快车工具条安装目录"
"FileBlockProcess_38"="*"
"FileBlockWildcard_38"="**\\Internet Explorer\\2052\\**"
"FileBlockWhat_38"=dword:000f0000
"FileBlockReport_38"=dword:00000001
"FileBlockRuleName_39"="禁止百度搜霸安装目录"
"FileBlockProcess_39"="*"
"FileBlockWildcard_39"="**\\Baidu\\**"
"FileBlockWhat_39"=dword:000f0000
"FileBlockReport_39"=dword:00000001
"FileBlockRuleName_40"="禁止YOK工具条安装目录"
"FileBlockProcess_40"="*"
"FileBlockWildcard_40"="**\\YOK.com\\**"
"FileBlockWhat_40"=dword:000f0000
"FileBlockReport_40"=dword:00000001
"FileBlockRuleName_41"="禁止搜狗安装目录"
"FileBlockProcess_41"="*"
"FileBlockWildcard_41"="**\\p4p\\**"
"FileBlockWhat_41"=dword:000f0000
"FileBlockReport_41"=dword:00000001
"FileBlockRuleName_42"="禁止dudu下载加速器安装目录"
"FileBlockProcess_42"="*"
"FileBlockWildcard_42"="**\\DuDu\\**"
"FileBlockWhat_42"=dword:000f0000
"FileBlockReport_42"=dword:00000001
"FileBlockRuleName_43"="禁止娱乐星空安装目录"
"FileBlockProcess_43"="*"
"FileBlockWildcard_43"="**\\yulexk\\**"
"FileBlockWhat_43"=dword:000f0000
"FileBlockReport_43"=dword:00000001
"FileBlockRuleName_44"="禁止易趣工具栏安装目录"
"FileBlockProcess_44"="*"
"FileBlockWildcard_44"="**\\*eBay*\\**"
"FileBlockWhat_44"=dword:000f0000
"FileBlockReport_44"=dword:00000001
"FileBlockRuleName_45"="禁止彩信通安装目录"
"FileBlockProcess_45"="*"
"FileBlockWildcard_45"="**\\MMSAssist\\**"
"FileBlockWhat_45"=dword:000f0000
"FileBlockReport_45"=dword:00000001
"FileBlockRuleName_46"="禁止划词搜索安装目录"
"FileBlockProcess_46"="*"
"FileBlockWildcard_46"="**\\wsearch\\**"
"FileBlockWhat_46"=dword:000f0000
"FileBlockReport_46"=dword:00000001
"FileBlockRuleName_47"="禁止网络猪安装目录"
"FileBlockProcess_47"="*"
"FileBlockWildcard_47"="**\\网络猪\\**"
"FileBlockWhat_47"=dword:000f0000
"FileBlockReport_47"=dword:00000001
"FileBlockRuleName_48"="禁止完美网译通安装目录"
"FileBlockProcess_48"="*"
"FileBlockWildcard_48"="**\\WORLD2\\**"
"FileBlockWhat_48"=dword:000f0000
"FileBlockReport_48"=dword:00000001
"FileBlockRuleName_49"="禁止百狗搜索安装目录"
"FileBlockProcess_49"="*"
"FileBlockWildcard_49"="**\\baigoo\\**"
"FileBlockWhat_49"=dword:000f0000
"FileBlockReport_49"=dword:00000001
"FileBlockRuleName_50"="禁止酷桌面安装目录"
"FileBlockProcess_50"="*"
"FileBlockWildcard_50"="**\\LetsCool\\**"
"FileBlockWhat_50"=dword:000f0000
"FileBlockReport_50"=dword:00000001
"FileBlockRuleName_51"="禁止MSIBM安装文件"
"FileBlockProcess_51"="*"
"FileBlockWildcard_51"="**\\spoolsv\\**"
"FileBlockWhat_51"=dword:000f0000
"FileBlockReport_51"=dword:00000001
"FileBlockRuleName_52"="禁止安装中搜工具条"
"FileBlockProcess_52"="*"
"FileBlockWildcard_52"="**\\ZhongSou\\**"
"FileBlockWhat_52"=dword:000f0000
"FileBlockReport_52"=dword:00000001
"FileBlockRuleName_53"="禁止安装IE-BAR"
"FileBlockProcess_53"="*"
"FileBlockWildcard_53"="**\\IE-Bar\\**"
"FileBlockWhat_53"=dword:000f0000
"FileBlockReport_53"=dword:00000001
"FileBlockRuleName_54"="禁止安装忆多多"
"FileBlockProcess_54"="*"
"FileBlockWildcard_54"="**\\忆多多\\**"
"FileBlockWhat_54"=dword:000f0000
"FileBlockReport_54"=dword:00000001
"FileBlockRuleName_55"="禁止安装多多Q表情"
"FileBlockProcess_55"="*"
"FileBlockWildcard_55"="**\\Common Files\\UPD*\\**"
"FileBlockWhat_55"=dword:000f0000
"FileBlockReport_55"=dword:00000001
"FileBlockRuleName_56"="禁止多多Q表情2"
"FileBlockProcess_56"="*"
"FileBlockWildcard_56"="**\\Common Files\\SAND\\**"
"FileBlockWhat_56"=dword:000f0000
"FileBlockReport_56"=dword:00000001
"FileBlockRuleName_57"="禁止唯刊VIKA阅读器"
"FileBlockProcess_57"="*"
"FileBlockWildcard_57"="**\\VIK\\**"
"FileBlockWhat_57"=dword:000f0000
"FileBlockReport_57"=dword:00000001
"FileBlockRuleName_58"="禁止流氓利用Downloaded Program Files"
"FileBlockProcess_58"="*"
"FileBlockWildcard_58"="**\\Downloaded Program Files\\**"
"FileBlockWhat_58"=dword:00050000
"FileBlockReport_58"=dword:00000001
"FileBlockRuleName_59"="禁止协和医院弹出广告"
"FileBlockProcess_59"="*"
"FileBlockWildcard_59"="**\\STDUP\\**"
"FileBlockWhat_59"=dword:000f0000
"FileBlockReport_59"=dword:00000001
"FileBlockRuleName_60"="禁止酷站导航"
"FileBlockProcess_60"="*"
"FileBlockWildcard_60"="**\\CoolWebsite\\**"
"FileBlockWhat_60"=dword:000f0000
"FileBlockReport_60"=dword:00000001
"FileBlockRuleName_61"="禁止珊瑚虫工具栏"
"FileBlockProcess_61"="*"
"FileBlockWildcard_61"="**\\Infofo Bar\\**"
"FileBlockWhat_61"=dword:000f0000
"FileBlockReport_61"=dword:00000001
"FileBlockRuleName_62"="禁止青娱乐"
"FileBlockProcess_62"="*"
"FileBlockWildcard_62"="**\\Qyule\\**"
"FileBlockWhat_62"=dword:000f0000
"FileBlockReport_62"=dword:00000001
"FileBlockRuleName_63"="禁止开心速递"
"FileBlockProcess_63"="*"
"FileBlockWildcard_63"="**\\SDAstro\\**"
"FileBlockWhat_63"=dword:000f0000
"FileBlockReport_63"=dword:00000001
"FileBlockRuleName_64"="禁止VVZ收藏夹"
"FileBlockProcess_64"="*"
"FileBlockWildcard_64"="**\\vvz\\**"
"FileBlockWhat_64"=dword:000f0000
"FileBlockReport_64"=dword:00000001
"FileBlockRuleName_65"="禁止Hotbar"
"FileBlockProcess_65"="*"
"FileBlockWildcard_65"="**\\Hotbar\\**"
"FileBlockWhat_65"=dword:000f0000
"FileBlockReport_65"=dword:00000001
"FileBlockRuleName_66"="禁止nb46工具栏"
"FileBlockProcess_66"="*"
"FileBlockWildcard_66"="**\\nb46.com\\**"
"FileBlockWhat_66"=dword:000f0000
"FileBlockReport_66"=dword:00000001
"FileBlockRuleName_67"="禁止DeskAdTop弹窗"
"FileBlockProcess_67"="*"
"FileBlockWildcard_67"="**\\DeskAdTop\\**"
"FileBlockWhat_67"=dword:000f0000
"FileBlockReport_67"=dword:00000001
"FileBlockRuleName_68"="禁止快搜"
"FileBlockProcess_68"="*"
"FileBlockWildcard_68"="**\\Micrsoft SearchBar\\**"
"FileBlockWhat_68"=dword:000f0000
"FileBlockReport_68"=dword:00000001
"FileBlockRuleName_69"="禁止网蜜"
"FileBlockProcess_69"="*"
"FileBlockWildcard_69"="**\\MySec\\**"
"FileBlockWhat_69"=dword:000f0000
"FileBlockReport_69"=dword:00000001
"FileBlockRuleName_70"="禁止划词搜索"
"FileBlockProcess_70"="*"
"FileBlockWildcard_70"="**\\HuaCi\\**"
"FileBlockWhat_70"=dword:000f0000
"FileBlockReport_70"=dword:00000001
"FileBlockRuleName_71"="禁止中搜的SearchNet"
"FileBlockProcess_71"="*"
"FileBlockWildcard_71"="**\\SearchNet\\**"
"FileBlockWhat_71"=dword:000f0000
"FileBlockReport_71"=dword:00000001
"FileBlockRuleName_72"=" 防止威金读取NET.NET1"
"FileBlockProcess_72"="*"
"FileBlockWhat_72"=dword:00050000
"FileBlockReport_72"=dword:00000001
"FileBlockRuleName_73"="禁止WINDOWS创建SERVER,SERVICES伪造"
"FileBlockProcess_73"="*"
"FileBlockWhat_73"=dword:000f0000
"FileBlockReport_73"=dword:00000001
"FileBlockRuleName_74"="禁止在WINDOWS目录的drivers\\下添加驱动"
"FileBlockProcess_74"="*"
"FileBlockWildcard_74"="%windir%\\system32\\drivers\\**"
"FileBlockWhat_74"=dword:00010000
"FileBlockReport_74"=dword:00000001
"FileBlockRuleName_75"="禁止windows创建SMSS"
"FileBlockProcess_75"="*"
"FileBlockWhat_75"=dword:000f0000
"FileBlockReport_75"=dword:00000001
"FileBlockRuleName_76"="禁止鸡毛信安装"
"FileBlockProcess_76"="*"
"FileBlockWildcard_76"="**\\temp\\IXP*.tmp\\TMP435*.TMP"
"FileBlockWhat_76"=dword:000f0000
"FileBlockReport_76"=dword:00000001
"FileBlockRuleName_77"="禁止流氓木马病毒修改userinit.exe"
"FileBlockProcess_77"="*"
"FileBlockWildcard_77"="%windir%\\system32\\**"
"FileBlockWhat_77"=dword:00040000
"FileBlockReport_77"=dword:00000001
"FileBlockRuleName_78"="禁止在Common Files生成流氓恶意病毒"
"FileBlockProcess_78"="*"
"FileBlockWildcard_78"="**\\Program Files\\Common Files\\*.*"
"FileBlockWhat_78"=dword:00010000
"FileBlockReport_78"=dword:00000001
"FileBlockRuleName_79"="禁止流氓病毒.硬盘炸弹利用BAT,封禁BAT.需要BAT,自行修改成cmd或COM"
"FileBlockProcess_79"="*"
"FileBlockWildcard_79"="**\\*.bat"
"FileBlockWhat_79"=dword:000a0000
"FileBlockReport_79"=dword:00000001
"FileBlockRuleName_80"="禁止硬盘炸弹利用FORMAT,格式化硬盘"
"FileBlockProcess_80"="*"
"FileBlockWildcard_80"="**\\format.*"
"FileBlockWhat_80"=dword:000a0000
"FileBlockReport_80"=dword:00000001
"FileBlockRuleName_81"="禁止在PROGRAM生成文件,但不影响安装程序创建目录"
"FileBlockProcess_81"="*"
"FileBlockWildcard_81"="**\\Program Files\\*.*"
"FileBlockWhat_81"=dword:000b0000
"FileBlockReport_81"=dword:00000001
"FileBlockRuleName_82"="禁止在Program Files下添加system,system32,systems文件夹"
"FileBlockProcess_82"="*"
"FileBlockWildcard_82"="**\\Program Files\\system*\\**"
"FileBlockWhat_82"=dword:000f0000
"FileBlockReport_82"=dword:00000001
"FileBlockRuleName_83"="禁止在Program Files下往WINNT或WINDOWS NT文件夹下添加垃圾"
"FileBlockProcess_83"="*"
"FileBlockWildcard_83"="**\\Program Files\\win*t\\**"
"FileBlockWhat_83"=dword:00050000
"FileBlockReport_83"=dword:00000001
"FileBlockRuleName_84"="禁止千橡播霸安装"
"FileBlockProcess_84"="*"
"FileBlockWildcard_84"="**\\pcast\\**"
"FileBlockWhat_84"=dword:000f0000
"FileBlockReport_84"=dword:00000001
"FileBlockRuleName_85"="禁止腾讯QQ的广告"
"FileBlockProcess_85"="*"
"FileBlockWildcard_85"="**\\adplus*\\**"
"FileBlockWhat_85"=dword:000f0000
"FileBlockReport_85"=dword:00000001
"FileBlockRuleName_86"="禁止在Common Files的创建Comm"
"FileBlockProcess_86"="*"
"FileBlockWildcard_86"="**\\Common Files\\Comm\\**"
"FileBlockWhat_86"=dword:000f0000
"FileBlockReport_86"=dword:00000001
"FileBlockRuleName_87"="禁止在All Users\\Application Data\\Microsoft\\UserData下乱创建文件"
"FileBlockProcess_87"="*"
"FileBlockWildcard_87"="**\\Application Data\\Microsoft\\UserData*\\**"
"FileBlockWhat_87"=dword:000f0000
"FileBlockReport_87"=dword:00000001
"FileBlockRuleName_88"="禁止WIN下创建LSASS.EXE"
"FileBlockProcess_88"="*"
"FileBlockWhat_88"=dword:000f0000
"FileBlockReport_88"=dword:00000001
"FileBlockRuleName_89"="禁止威金4"
"FileBlockProcess_89"="*"
"FileBlockWildcard_89"="%windir%\\*dll.dll"
"PortBlockDirection_0"=dword:00000001
"PortBlockRange_0"="25"
"PortBlockWhiteList_0"="amgrsrvc.exe,tomcat.exe,outlook.exe,msimn.exe,agent.exe,eudora.exe,nlnotes.exe,mozilla.exe,netscp.exe,opera.exe,winpm-32.exe,pine.exe,poco.exe,thebat.exe,thunderbird.exe,ntaskldr.exe,inetinfo.exe,nsmtp.exe,nrouter.exe,tomcat5.exe,tomcat5w.exe,ebs.exe,FireSvc.exe,modulewrapper.exe,MSKSrvr.exe,MSKDetct.exe,foxmail.exe,dreammail.exe,dm2005.exe"
"PortBlockEnabled_1"=dword:00000001
"PortBlockName_1"="禁止 IRC 通讯"
"PortBlockDirection_1"=dword:00000001
"PortBlockRange_1"="6666-6669"
"PortBlockWhiteList_1"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,VNNClient.exe,utorrent.exe"
"PortBlockEnabled_2"=dword:00000001
"PortBlockName_2"="禁止 IRC 通讯"
"PortBlockDirection_2"=dword:00000000
"PortBlockRange_2"="6666-6669"
"PortBlockWhiteList_2"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,VNNClient.exe,utorrent.exe"
"PortBlockEnabled_3"=dword:00000000
"PortBlockName_3"="禁止从万维网上下载"
"PortBlockDirection_3"=dword:00000001
"PortBlockRange_3"="80"
"PortBlockWhiteList_3"="outlook.exe,msimn.exe,iexplore.exe,mozilla.exe,netscp.exe,opera.exe,thunderbird.exe,msn6.exe,neo20.exe,mobsync.exe,waol.exe,nlnotes.exe"
"PortBlockEnabled_4"=dword:00000000
"PortBlockName_4"="禁止 FTP 入站通讯(阻止诸如 Nimda 等病毒传播)"
"PortBlockDirection_4"=dword:00000000
"PortBlockRange_4"="20-21"
"PortBlockWhiteList_4"=""
"PortBlockEnabled_5"=dword:00000000
"PortBlockName_5"="禁止 FTP 出站通讯(阻止病毒下载文件)"
"PortBlockDirection_5"=dword:00000001
"PortBlockRange_5"="20-21"
"PortBlockWhiteList_5"=" ftp.exe,iexplore.exe"
"PortBlockEnabled_6"=dword:00000001
"PortBlockName_6"="禁止波波入侵135"
"PortBlockDirection_6"=dword:00000000
"PortBlockRange_6"="135-135"
"PortBlockWhiteList_6"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,utorrent.exe"
"PortBlockEnabled_7"=dword:00000001
"PortBlockName_7"="禁止波波入侵445"
"PortBlockDirection_7"=dword:00000000
"PortBlockRange_7"="445-445"
"PortBlockWhiteList_7"="BitComet.exe,FunPlayer.exe,emule.exe,BitLord.exe,BitSpirit.exe,utorrent.exe"
"FileBlockRuleName_0"="禁止在windows下生成如SCVHOST,SCVh0ST这些仿冒伪劣垃圾"
"FileBlockProcess_0"="*"
"FileBlockWhat_0"=dword:000f0000
"FileBlockReport_0"=dword:00000001
"FileBlockRuleName_1"="禁止在windows下生成如smss仿冒伪劣垃圾"
"FileBlockProcess_1"="*"
"FileBlockWhat_1"=dword:000f0000
"FileBlockReport_1"=dword:00000001
"FileBlockRuleName_2"="禁止 Outlook 从 Temp 文件夹启动任何项目"
"FileBlockProcess_2"="outlook.exe"
"FileBlockWildcard_2"="**\\temp*\\**"
"FileBlockWhat_2"=dword:00080000
"FileBlockReport_2"=dword:00000001
"FileBlockRuleName_3"="禁止 Outlook Express 从 Temp 文件夹启动任何项目"
"FileBlockProcess_3"="msimn.exe"
"FileBlockWildcard_3"="**\\temp*\\**"
"FileBlockWhat_3"=dword:00080000
"FileBlockReport_3"=dword:00000001
"FileBlockRuleName_4"="禁止 从 Temp 文件夹安装SYS底层驱动"
"FileBlockProcess_4"="*"
"FileBlockWildcard_4"="**\\temp*\\*.sys"
"FileBlockWhat_4"=dword:00090000
"FileBlockReport_4"=dword:00000001
"FileBlockRuleName_5"="禁止Internet Explore文件夹安装SYS底层驱动"
"FileBlockProcess_5"="*"
"FileBlockWildcard_5"="**\\Internet Explorer\\**\\*.sys"
"FileBlockWhat_5"=dword:00090000
"FileBlockReport_5"=dword:00000001
"FileBlockRuleName_6"="禁止腾讯的SOSOBAR"
"FileBlockProcess_6"="*"
"FileBlockWildcard_6"="**\\Sosobar*\\**"
"FileBlockWhat_6"=dword:000b0000
"FileBlockReport_6"=dword:00000001
"FileBlockRuleName_7"="禁止从 Temp 文件夹执行脚本"
"FileBlockProcess_7"="?script.exe"
"FileBlockWildcard_7"="**\\temp*\\**"
"FileBlockWhat_7"=dword:00020000
"FileBlockReport_7"=dword:00000001
"FileBlockRuleName_8"="禁止在windows文件夹安装rundll32.exerunD1132.仿冒"
"FileBlockProcess_8"="*"
"FileBlockWildcard_8"="%windir%\\**\un**32.exe"
"FileBlockWhat_8"=dword:00050000
"FileBlockReport_8"=dword:00000001
"FileBlockRuleName_9"="禁止访问可疑的启动项目 (.exe)"
"FileBlockProcess_9"="*"
"FileBlockWildcard_9"="**\\startup\\**\\*.exe"
"FileBlockWhat_9"=dword:000f0000
"FileBlockReport_9"=dword:00000001
"FileBlockRuleName_10"="禁止访问可疑的启动项目 (.scr)"
"FileBlockProcess_10"="*"
"FileBlockWildcard_10"="**\\startup\\**\\*.scr"
"FileBlockWhat_10"=dword:000f0000
"FileBlockReport_10"=dword:00000001
"FileBlockRuleName_11"="禁止访问可疑的启动项目 (.hta)"
"FileBlockProcess_11"="*"
"FileBlockWildcard_11"="**\\startup\\**\\*.hta"
"FileBlockWhat_11"=dword:000f0000
"FileBlockReport_11"=dword:00000001
"FileBlockRuleName_12"="禁止访问可疑的启动项目 (.pif)"
"FileBlockProcess_12"="*"
"FileBlockWildcard_12"="**\\startup\\**\\*.pif"
"FileBlockWhat_12"=dword:000f0000
"FileBlockReport_12"=dword:00000001
"FileBlockRuleName_13"="禁止访问可疑的启动项目 (.com)"
"FileBlockProcess_13"="*"
"FileBlockWildcard_13"="**\\startup\\**\\*.com"
"FileBlockWhat_13"=dword:000f0000
"FileBlockReport_13"=dword:00000001
"FileBlockRuleName_14"="禁止远程修改文件 (.exe)"
"FileBlockProcess_14"="System:Remote"
"FileBlockWildcard_14"="**\\*.exe"
"FileBlockWhat_14"=dword:00040000
"FileBlockReport_14"=dword:00000001
"FileBlockRuleName_15"="禁止远程修改文件 (.scr)"
"FileBlockProcess_15"="System:Remote"
"FileBlockWildcard_15"="**\\*.scr"
"FileBlockWhat_15"=dword:00040000
"FileBlockReport_15"=dword:00000001
"FileBlockRuleName_16"="禁止远程修改文件 (.ocx)"
"FileBlockProcess_16"="System:Remote"
"FileBlockWildcard_16"="**\\*.ocx"
"FileBlockWhat_16"=dword:00040000
"FileBlockReport_16"=dword:00000001
"FileBlockRuleName_17"="禁止远程修改文件 (.dll)"
"FileBlockProcess_17"="System:Remote"
"FileBlockWildcard_17"="**\\*.dll"
"FileBlockWhat_17"=dword:00040000
"FileBlockReport_17"=dword:00000001
"FileBlockRuleName_18"="禁止远程创建/修改/删除 Windows 文件夹和子文件夹中的任何内容"
"FileBlockProcess_18"="System:Remote"
"FileBlockWildcard_18"="%windir%\\**\\*"
"FileBlockWhat_18"=dword:00150000
"FileBlockReport_18"=dword:00000001
"FileBlockRuleName_19"="禁止远程创建/修改/删除 Windows 文件夹和子文件夹中的文件 (.ini)"
"FileBlockProcess_19"="System:Remote"
"FileBlockWildcard_19"="%windir%\\**\\*.ini"
"FileBlockWhat_19"=dword:00150000
"FileBlockReport_19"=dword:00000001
"FileBlockRuleName_20"="禁止远程创建/修改/删除系统根目录中的任何内容"
"FileBlockProcess_20"="System:Remote"
"FileBlockWildcard_20"="%systemdrive%\\*"
"FileBlockWhat_20"=dword:00150000
"FileBlockReport_20"=dword:00000001
"FileBlockRuleName_21"="禁止远程创建/修改/删除文件 (.exe)"
"FileBlockProcess_21"="System:Remote"
"FileBlockWildcard_21"="**\\*.exe"
"FileBlockWhat_21"=dword:00150000
"FileBlockReport_21"=dword:00000001
"FileBlockRuleName_22"="禁止远程创建/修改/删除文件 (.scr)"
"FileBlockProcess_22"="System:Remote"
"FileBlockWildcard_22"="**\\*.scr"
"FileBlockWhat_22"=dword:00150000
"FileBlockReport_22"=dword:00000001
"FileBlockRuleName_23"="禁止远程创建/修改/删除文件 (.ocx)"
"FileBlockProcess_23"="System:Remote"
"FileBlockWildcard_23"="**\\*.ocx"
"FileBlockWhat_23"=dword:00150000
"FileBlockReport_23"=dword:00000001
"FileBlockRuleName_24"="禁止远程创建/修改/删除文件(.pif)"
"FileBlockProcess_24"="System:Remote"
"FileBlockWildcard_24"="**\\*.pif"
"FileBlockWhat_24"=dword:00150000
"FileBlockReport_24"=dword:00000001
"FileBlockRuleName_25"="禁止创建 autorun.inf 文件"
"FileBlockProcess_25"="*"
"FileBlockWildcard_25"="**\\autorun.inf"
"FileBlockWhat_25"=dword:00050000
"FileBlockReport_25"=dword:00000001
"FileBlockRuleName_26"="禁止在 Windows 文件夹中创建新文件 (任何文件)"
"FileBlockProcess_26"="*"
"FileBlockWildcard_26"="%windir%\\*.*"
"FileBlockWhat_26"=dword:00010000
"FileBlockReport_26"=dword:00000001
"FileBlockRuleName_27"="禁止ADS流"
"FileBlockProcess_27"="*"
"FileBlockWildcard_27"="%SystemDrive%**:*"
"FileBlockWhat_27"=dword:000d0000
"FileBlockReport_27"=dword:00000001
"FileBlockRuleName_28"="禁止在 System32 文件夹中创建新文件 (任何文件)"
"FileBlockProcess_28"="*"
"FileBlockWildcard_28"="%windir%\\system32\\*.*"
"FileBlockWhat_28"=dword:00010000
"FileBlockReport_28"=dword:00000001
"FileBlockRuleName_29"="禁止在WINDOWS创建SVCHOST.EXE仿冒垃圾"
"FileBlockProcess_29"="*"
"FileBlockWhat_29"=dword:000b0000
"FileBlockReport_29"=dword:00000001
"FileBlockRuleName_30"="禁止互联星空拨号安装程序自释放到TEMP"
"FileBlockProcess_30"="*"
"FileBlockWildcard_30"="**\\China*net\\**"
"FileBlockWhat_30"=dword:000f0000
"FileBlockReport_30"=dword:00000001
"FileBlockRuleName_31"="防止威金规则"
"FileBlockProcess_31"="*"
"FileBlockWhat_31"=dword:000f0000
"FileBlockReport_31"=dword:00000001
"FileBlockRuleName_32"="禁止安装3721,并阻止运行"
"FileBlockProcess_32"="*"
"FileBlockWildcard_32"="**\\3721\\**"
"FileBlockWhat_32"=dword:000f0000
"FileBlockReport_32"=dword:00000001
"FileBlockRuleName_33"="禁止安装YAHOO助手"
"FileBlockProcess_33"="*"
"FileBlockWildcard_33"="**\\Assistant\\**"
"FileBlockWhat_33"=dword:000f0000
"FileBlockReport_33"=dword:00000001
"FileBlockRuleName_34"="禁止中文上网安装"
"FileBlockProcess_34"="*"
"FileBlockWildcard_34"="**\\CNNIC\\**"
"FileBlockWhat_34"=dword:000f0000
"FileBlockReport_34"=dword:00000001
"FileBlockRuleName_35"="禁止安装一搜工具条"
"FileBlockProcess_35"="*"
"FileBlockWildcard_35"="**\\YiSou\\**"
"FileBlockWhat_35"=dword:000f0000
"FileBlockReport_35"=dword:00000001
"FileBlockRuleName_36"="禁止安装很棒小秘书"
"FileBlockProcess_36"="*"
"FileBlockWildcard_36"="**\\HBClient\\**"
"FileBlockWhat_36"=dword:000f0000
"FileBlockReport_36"=dword:00000001
"FileBlockRuleName_37"="防止威金病毒读取HOSTS"
"FileBlockProcess_37"="*"
"FileBlockWildcard_37"="%windir%\\system32\\drivers\\etc\\**"
"FileBlockWhat_37"=dword:00050000
"FileBlockReport_37"=dword:00000001
"FileBlockRuleName_38"="禁止U88财富快车工具条安装目录"
"FileBlockProcess_38"="*"
"FileBlockWildcard_38"="**\\Internet Explorer\\2052\\**"
"FileBlockWhat_38"=dword:000f0000
"FileBlockReport_38"=dword:00000001
"FileBlockRuleName_39"="禁止百度搜霸安装目录"
"FileBlockProcess_39"="*"
"FileBlockWildcard_39"="**\\Baidu\\**"
"FileBlockWhat_39"=dword:000f0000
"FileBlockReport_39"=dword:00000001
"FileBlockRuleName_40"="禁止YOK工具条安装目录"
"FileBlockProcess_40"="*"
"FileBlockWildcard_40"="**\\YOK.com\\**"
"FileBlockWhat_40"=dword:000f0000
"FileBlockReport_40"=dword:00000001
"FileBlockRuleName_41"="禁止搜狗安装目录"
"FileBlockProcess_41"="*"
"FileBlockWildcard_41"="**\\p4p\\**"
"FileBlockWhat_41"=dword:000f0000
"FileBlockReport_41"=dword:00000001
"FileBlockRuleName_42"="禁止dudu下载加速器安装目录"
"FileBlockProcess_42"="*"
"FileBlockWildcard_42"="**\\DuDu\\**"
"FileBlockWhat_42"=dword:000f0000
"FileBlockReport_42"=dword:00000001
"FileBlockRuleName_43"="禁止娱乐星空安装目录"
"FileBlockProcess_43"="*"
"FileBlockWildcard_43"="**\\yulexk\\**"
"FileBlockWhat_43"=dword:000f0000
"FileBlockReport_43"=dword:00000001
"FileBlockRuleName_44"="禁止易趣工具栏安装目录"
"FileBlockProcess_44"="*"
"FileBlockWildcard_44"="**\\*eBay*\\**"
"FileBlockWhat_44"=dword:000f0000
"FileBlockReport_44"=dword:00000001
"FileBlockRuleName_45"="禁止彩信通安装目录"
"FileBlockProcess_45"="*"
"FileBlockWildcard_45"="**\\MMSAssist\\**"
"FileBlockWhat_45"=dword:000f0000
"FileBlockReport_45"=dword:00000001
"FileBlockRuleName_46"="禁止划词搜索安装目录"
"FileBlockProcess_46"="*"
"FileBlockWildcard_46"="**\\wsearch\\**"
"FileBlockWhat_46"=dword:000f0000
"FileBlockReport_46"=dword:00000001
"FileBlockRuleName_47"="禁止网络猪安装目录"
"FileBlockProcess_47"="*"
"FileBlockWildcard_47"="**\\网络猪\\**"
"FileBlockWhat_47"=dword:000f0000
"FileBlockReport_47"=dword:00000001
"FileBlockRuleName_48"="禁止完美网译通安装目录"
"FileBlockProcess_48"="*"
"FileBlockWildcard_48"="**\\WORLD2\\**"
"FileBlockWhat_48"=dword:000f0000
"FileBlockReport_48"=dword:00000001
"FileBlockRuleName_49"="禁止百狗搜索安装目录"
"FileBlockProcess_49"="*"
"FileBlockWildcard_49"="**\\baigoo\\**"
"FileBlockWhat_49"=dword:000f0000
"FileBlockReport_49"=dword:00000001
"FileBlockRuleName_50"="禁止酷桌面安装目录"
"FileBlockProcess_50"="*"
"FileBlockWildcard_50"="**\\LetsCool\\**"
"FileBlockWhat_50"=dword:000f0000
"FileBlockReport_50"=dword:00000001
"FileBlockRuleName_51"="禁止MSIBM安装文件"
"FileBlockProcess_51"="*"
"FileBlockWildcard_51"="**\\spoolsv\\**"
"FileBlockWhat_51"=dword:000f0000
"FileBlockReport_51"=dword:00000001
"FileBlockRuleName_52"="禁止安装中搜工具条"
"FileBlockProcess_52"="*"
"FileBlockWildcard_52"="**\\ZhongSou\\**"
"FileBlockWhat_52"=dword:000f0000
"FileBlockReport_52"=dword:00000001
"FileBlockRuleName_53"="禁止安装IE-BAR"
"FileBlockProcess_53"="*"
"FileBlockWildcard_53"="**\\IE-Bar\\**"
"FileBlockWhat_53"=dword:000f0000
"FileBlockReport_53"=dword:00000001
"FileBlockRuleName_54"="禁止安装忆多多"
"FileBlockProcess_54"="*"
"FileBlockWildcard_54"="**\\忆多多\\**"
"FileBlockWhat_54"=dword:000f0000
"FileBlockReport_54"=dword:00000001
"FileBlockRuleName_55"="禁止安装多多Q表情"
"FileBlockProcess_55"="*"
"FileBlockWildcard_55"="**\\Common Files\\UPD*\\**"
"FileBlockWhat_55"=dword:000f0000
"FileBlockReport_55"=dword:00000001
"FileBlockRuleName_56"="禁止多多Q表情2"
"FileBlockProcess_56"="*"
"FileBlockWildcard_56"="**\\Common Files\\SAND\\**"
"FileBlockWhat_56"=dword:000f0000
"FileBlockReport_56"=dword:00000001
"FileBlockRuleName_57"="禁止唯刊VIKA阅读器"
"FileBlockProcess_57"="*"
"FileBlockWildcard_57"="**\\VIK\\**"
"FileBlockWhat_57"=dword:000f0000
"FileBlockReport_57"=dword:00000001
"FileBlockRuleName_58"="禁止流氓利用Downloaded Program Files"
"FileBlockProcess_58"="*"
"FileBlockWildcard_58"="**\\Downloaded Program Files\\**"
"FileBlockWhat_58"=dword:00050000
"FileBlockReport_58"=dword:00000001
"FileBlockRuleName_59"="禁止协和医院弹出广告"
"FileBlockProcess_59"="*"
"FileBlockWildcard_59"="**\\STDUP\\**"
"FileBlockWhat_59"=dword:000f0000
"FileBlockReport_59"=dword:00000001
"FileBlockRuleName_60"="禁止酷站导航"
"FileBlockProcess_60"="*"
"FileBlockWildcard_60"="**\\CoolWebsite\\**"
"FileBlockWhat_60"=dword:000f0000
"FileBlockReport_60"=dword:00000001
"FileBlockRuleName_61"="禁止珊瑚虫工具栏"
"FileBlockProcess_61"="*"
"FileBlockWildcard_61"="**\\Infofo Bar\\**"
"FileBlockWhat_61"=dword:000f0000
"FileBlockReport_61"=dword:00000001
"FileBlockRuleName_62"="禁止青娱乐"
"FileBlockProcess_62"="*"
"FileBlockWildcard_62"="**\\Qyule\\**"
"FileBlockWhat_62"=dword:000f0000
"FileBlockReport_62"=dword:00000001
"FileBlockRuleName_63"="禁止开心速递"
"FileBlockProcess_63"="*"
"FileBlockWildcard_63"="**\\SDAstro\\**"
"FileBlockWhat_63"=dword:000f0000
"FileBlockReport_63"=dword:00000001
"FileBlockRuleName_64"="禁止VVZ收藏夹"
"FileBlockProcess_64"="*"
"FileBlockWildcard_64"="**\\vvz\\**"
"FileBlockWhat_64"=dword:000f0000
"FileBlockReport_64"=dword:00000001
"FileBlockRuleName_65"="禁止Hotbar"
"FileBlockProcess_65"="*"
"FileBlockWildcard_65"="**\\Hotbar\\**"
"FileBlockWhat_65"=dword:000f0000
"FileBlockReport_65"=dword:00000001
"FileBlockRuleName_66"="禁止nb46工具栏"
"FileBlockProcess_66"="*"
"FileBlockWildcard_66"="**\\nb46.com\\**"
"FileBlockWhat_66"=dword:000f0000
"FileBlockReport_66"=dword:00000001
"FileBlockRuleName_67"="禁止DeskAdTop弹窗"
"FileBlockProcess_67"="*"
"FileBlockWildcard_67"="**\\DeskAdTop\\**"
"FileBlockWhat_67"=dword:000f0000
"FileBlockReport_67"=dword:00000001
"FileBlockRuleName_68"="禁止快搜"
"FileBlockProcess_68"="*"
"FileBlockWildcard_68"="**\\Micrsoft SearchBar\\**"
"FileBlockWhat_68"=dword:000f0000
"FileBlockReport_68"=dword:00000001
"FileBlockRuleName_69"="禁止网蜜"
"FileBlockProcess_69"="*"
"FileBlockWildcard_69"="**\\MySec\\**"
"FileBlockWhat_69"=dword:000f0000
"FileBlockReport_69"=dword:00000001
"FileBlockRuleName_70"="禁止划词搜索"
"FileBlockProcess_70"="*"
"FileBlockWildcard_70"="**\\HuaCi\\**"
"FileBlockWhat_70"=dword:000f0000
"FileBlockReport_70"=dword:00000001
"FileBlockRuleName_71"="禁止中搜的SearchNet"
"FileBlockProcess_71"="*"
"FileBlockWildcard_71"="**\\SearchNet\\**"
"FileBlockWhat_71"=dword:000f0000
"FileBlockReport_71"=dword:00000001
"FileBlockRuleName_72"=" 防止威金读取NET.NET1"
"FileBlockProcess_72"="*"
"FileBlockWhat_72"=dword:00050000
"FileBlockReport_72"=dword:00000001
"FileBlockRuleName_73"="禁止WINDOWS创建SERVER,SERVICES伪造"
"FileBlockProcess_73"="*"
"FileBlockWhat_73"=dword:000f0000
"FileBlockReport_73"=dword:00000001
"FileBlockRuleName_74"="禁止在WINDOWS目录的drivers\\下添加驱动"
"FileBlockProcess_74"="*"
"FileBlockWildcard_74"="%windir%\\system32\\drivers\\**"
"FileBlockWhat_74"=dword:00010000
"FileBlockReport_74"=dword:00000001
"FileBlockRuleName_75"="禁止windows创建SMSS"
"FileBlockProcess_75"="*"
"FileBlockWhat_75"=dword:000f0000
"FileBlockReport_75"=dword:00000001
"FileBlockRuleName_76"="禁止鸡毛信安装"
"FileBlockProcess_76"="*"
"FileBlockWildcard_76"="**\\temp\\IXP*.tmp\\TMP435*.TMP"
"FileBlockWhat_76"=dword:000f0000
"FileBlockReport_76"=dword:00000001
"FileBlockRuleName_77"="禁止流氓木马病毒修改userinit.exe"
"FileBlockProcess_77"="*"
"FileBlockWildcard_77"="%windir%\\system32\\**"
"FileBlockWhat_77"=dword:00040000
"FileBlockReport_77"=dword:00000001
"FileBlockRuleName_78"="禁止在Common Files生成流氓恶意病毒"
"FileBlockProcess_78"="*"
"FileBlockWildcard_78"="**\\Program Files\\Common Files\\*.*"
"FileBlockWhat_78"=dword:00010000
"FileBlockReport_78"=dword:00000001
"FileBlockRuleName_79"="禁止流氓病毒.硬盘炸弹利用BAT,封禁BAT.需要BAT,自行修改成cmd或COM"
"FileBlockProcess_79"="*"
"FileBlockWildcard_79"="**\\*.bat"
"FileBlockWhat_79"=dword:000a0000
"FileBlockReport_79"=dword:00000001
"FileBlockRuleName_80"="禁止硬盘炸弹利用FORMAT,格式化硬盘"
"FileBlockProcess_80"="*"
"FileBlockWildcard_80"="**\\format.*"
"FileBlockWhat_80"=dword:000a0000
"FileBlockReport_80"=dword:00000001
"FileBlockRuleName_81"="禁止在PROGRAM生成文件,但不影响安装程序创建目录"
"FileBlockProcess_81"="*"
"FileBlockWildcard_81"="**\\Program Files\\*.*"
"FileBlockWhat_81"=dword:000b0000
"FileBlockReport_81"=dword:00000001
"FileBlockRuleName_82"="禁止在Program Files下添加system,system32,systems文件夹"
"FileBlockProcess_82"="*"
"FileBlockWildcard_82"="**\\Program Files\\system*\\**"
"FileBlockWhat_82"=dword:000f0000
"FileBlockReport_82"=dword:00000001
"FileBlockRuleName_83"="禁止在Program Files下往WINNT或WINDOWS NT文件夹下添加垃圾"
"FileBlockProcess_83"="*"
"FileBlockWildcard_83"="**\\Program Files\\win*t\\**"
"FileBlockWhat_83"=dword:00050000
"FileBlockReport_83"=dword:00000001
"FileBlockRuleName_84"="禁止千橡播霸安装"
"FileBlockProcess_84"="*"
"FileBlockWildcard_84"="**\\pcast\\**"
"FileBlockWhat_84"=dword:000f0000
"FileBlockReport_84"=dword:00000001
"FileBlockRuleName_85"="禁止腾讯QQ的广告"
"FileBlockProcess_85"="*"
"FileBlockWildcard_85"="**\\adplus*\\**"
"FileBlockWhat_85"=dword:000f0000
"FileBlockReport_85"=dword:00000001
"FileBlockRuleName_86"="禁止在Common Files的创建Comm"
"FileBlockProcess_86"="*"
"FileBlockWildcard_86"="**\\Common Files\\Comm\\**"
"FileBlockWhat_86"=dword:000f0000
"FileBlockReport_86"=dword:00000001
"FileBlockRuleName_87"="禁止在All Users\\Application Data\\Microsoft\\UserData下乱创建文件"
"FileBlockProcess_87"="*"
"FileBlockWildcard_87"="**\\Application Data\\Microsoft\\UserData*\\**"
"FileBlockWhat_87"=dword:000f0000
"FileBlockReport_87"=dword:00000001
"FileBlockRuleName_88"="禁止WIN下创建LSASS.EXE"
"FileBlockProcess_88"="*"
"FileBlockWhat_88"=dword:000f0000
"FileBlockReport_88"=dword:00000001
"FileBlockRuleName_89"="禁止威金4"
"FileBlockProcess_89"="*"
"FileBlockWildcard_89"="%windir%\\*dll.dll"
1784
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
