I'm not at my desk at the moment, but everything's installed in c:\, as per the 
instructions. I'll check everything tomorrow...

Steve

On Tue, 24 Jul 2007 14:19:12 +1200
"Ramon Steenson" <[EMAIL PROTECTED]> wrote:

> OK now it looks like we are getting somewhere. From what the log says
> it looks like the exclusion lists aren't loading up ... there should
> not be any read events if you used the exclusion lists I provided.
> What directory have you put the client in on the VM? The 1.1 version
> has a restriction in that you have to have Capture in c:\. The server
> runs the file C:\Capture.bat which in turn runs the client which is
> located at C:\Capture.exe
> 
> Cheers,
> Ramon.
> 
> On 7/24/07, Steve Holdoway <[EMAIL PROTECTED]> wrote:
> > OK, I've reverted to IE 6 now, and it still tells me that google is a 
> > mailcious site. I still get warnings about popups - are there other things 
> > that I should have installed, or configured?
> >
> > Here's my config.xml
> >
> > <?xml version="1.0"?>
> > <config>
> >
> > <server address="192.168.1.190" port="902" username="root" 
> > password="xxxxxxxx">
> >         <vm path="/home/vmware/Windows XP Professional/Windows XP 
> > Professional.vmx" username="chris" password="chris" />
> > </server>
> >
> > </config>
> >
> >
> > The XP Pro client is patched up to date, with the exception of IE7. The 
> > .exl files are as posted on this list yesterday. The attached log expands 
> > to just under 1mb, and apparently shows that google is malicious. I have 
> > *never* managed to mark a site as safe.
> >
> > Server is RHEL4. Client is happily being controlled/reset as expected.
> >
> > I've got about 250,000 sites to check if I can ever get it to work 
> > properly. What is wrong?
> >
> > Steve
> >
> > On Mon, 23 Jul 2007 16:21:00 -0700
> > "Christian Seifert" <[EMAIL PROTECTED]> wrote:
> >
> > > so IE just doesnt accept your settings...I really havent encountered this
> > > before.
> > > What if you turn on the phishing filter. Does it continue to prompt you
> > > then?
> > >
> > > Christian
> > >
> > >
> > > On 7/23/07, Steve Holdoway <[EMAIL PROTECTED]> wrote:
> > > >
> > > > On Mon, 23 Jul 2007 15:40:48 -0700
> > > > "Christian Seifert" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > Steve,
> > > > >
> > > > > I misread your initial email. It seems like the problem is not that
> > > > capture
> > > > > reports a site as malicious although it is not (in that case one would
> > > > have
> > > > > to edit the exclusion list), but rather you are just being prompted to
> > > > > enable the phishing filter each time IE7 is opened.
> > > > Correct - although just most of the time, not always.
> > > > >
> > > > > Did you take a snapshot of the VM after you disabled the phishing
> > > > filter?
> > > > > Once you disabled the phishing filter and restart IE, does it prompt 
> > > > > you
> > > > > again?
> > > > >
> > > > Yes.
> > > > > Christian
> > > > >
> > > > >
> > > > > On 7/23/07, Steve Holdoway <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > > On Mon, 23 Jul 2007 14:56:23 -0700
> > > > > > "Christian Seifert" <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > > > Steve,
> > > > > > >
> > > > > > > lets check one thing. When you state that you "disabled it", what
> > > > user
> > > > > > were
> > > > > > > you when you did so?  One thing to watch out for is that the
> > > > > > configuration
> > > > > > > options in IE need to be undertaken with the same user as in the
> > > > > > > config.xmlfile. If that is administrator, you explicitly need to
> > > > login
> > > > > > > as
> > > > > > > Administrator before making config adjustments in IE.
> > > > > > I was the same user that the server uses. I've told IE not to use 
> > > > > > it,
> > > > and
> > > > > > done through the internet security options, and disabled it there as
> > > > well. I
> > > > > > don't know of anywhere else to disable it... not that that's saying
> > > > much as
> > > > > > I look after linux servers for a living!
> > > > > > >
> > > > > > > If that wasnt the problem, I would recommend adding this option to
> > > > your
> > > > > > > exclusion list, so it is being ignored by Capture in its 
> > > > > > > assessment
> > > > to
> > > > > > the
> > > > > > > malicious nature of the site.
> > > > > > How? I'd normally read the relevant documentation, but I can't seem 
> > > > > > to
> > > > > > find any. I'd also expect this to be a part of a default install!
> > > > > > >
> > > > > > > Hope this helps -
> > > > > > > Christian
> > > > > > Cheers,
> > > > > >
> > > > > >
> > > > > > Steve
> > > > > > _______________________________________________
> > > > > > Capture-HPC mailing list
> > > > > > Capture-HPC@public.honeynet.org
> > > > > > https://public.honeynet.org/mailman/listinfo/capture-hpc
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > ----
> > > > > Web: http://www.mcs.vuw.ac.nz/~cseifert
> > > > >
> > > > > PGP key
> > > > > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt
> > > > > Primary key fingerprint:   E979 0D9A 9187 D821 F86F B712 C8DB 0583 
> > > > > B046
> > > > BAEF
> > > > >
> > > > _______________________________________________
> > > > Capture-HPC mailing list
> > > > Capture-HPC@public.honeynet.org
> > > > https://public.honeynet.org/mailman/listinfo/capture-hpc
> > > >
> > >
> > >
> > >
> > > --
> > > ----
> > > Web: http://www.mcs.vuw.ac.nz/~cseifert
> > >
> > > PGP key
> > > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt
> > > Primary key fingerprint:   E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 
> > > BAEF
> > >
> >
> > _______________________________________________
> > Capture-HPC mailing list
> > Capture-HPC@public.honeynet.org
> > https://public.honeynet.org/mailman/listinfo/capture-hpc
> >
> >
> >
> _______________________________________________
> Capture-HPC mailing list
> Capture-HPC@public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc

Reply via email to