I'm not at my desk at the moment, but everything's installed in c:\, as per the instructions. I'll check everything tomorrow...
Steve On Tue, 24 Jul 2007 14:19:12 +1200 "Ramon Steenson" <[EMAIL PROTECTED]> wrote: > OK now it looks like we are getting somewhere. From what the log says > it looks like the exclusion lists aren't loading up ... there should > not be any read events if you used the exclusion lists I provided. > What directory have you put the client in on the VM? The 1.1 version > has a restriction in that you have to have Capture in c:\. The server > runs the file C:\Capture.bat which in turn runs the client which is > located at C:\Capture.exe > > Cheers, > Ramon. > > On 7/24/07, Steve Holdoway <[EMAIL PROTECTED]> wrote: > > OK, I've reverted to IE 6 now, and it still tells me that google is a > > mailcious site. I still get warnings about popups - are there other things > > that I should have installed, or configured? > > > > Here's my config.xml > > > > <?xml version="1.0"?> > > <config> > > > > <server address="192.168.1.190" port="902" username="root" > > password="xxxxxxxx"> > > <vm path="/home/vmware/Windows XP Professional/Windows XP > > Professional.vmx" username="chris" password="chris" /> > > </server> > > > > </config> > > > > > > The XP Pro client is patched up to date, with the exception of IE7. The > > .exl files are as posted on this list yesterday. The attached log expands > > to just under 1mb, and apparently shows that google is malicious. I have > > *never* managed to mark a site as safe. > > > > Server is RHEL4. Client is happily being controlled/reset as expected. > > > > I've got about 250,000 sites to check if I can ever get it to work > > properly. What is wrong? > > > > Steve > > > > On Mon, 23 Jul 2007 16:21:00 -0700 > > "Christian Seifert" <[EMAIL PROTECTED]> wrote: > > > > > so IE just doesnt accept your settings...I really havent encountered this > > > before. > > > What if you turn on the phishing filter. Does it continue to prompt you > > > then? > > > > > > Christian > > > > > > > > > On 7/23/07, Steve Holdoway <[EMAIL PROTECTED]> wrote: > > > > > > > > On Mon, 23 Jul 2007 15:40:48 -0700 > > > > "Christian Seifert" <[EMAIL PROTECTED]> wrote: > > > > > > > > > Steve, > > > > > > > > > > I misread your initial email. It seems like the problem is not that > > > > capture > > > > > reports a site as malicious although it is not (in that case one would > > > > have > > > > > to edit the exclusion list), but rather you are just being prompted to > > > > > enable the phishing filter each time IE7 is opened. > > > > Correct - although just most of the time, not always. > > > > > > > > > > Did you take a snapshot of the VM after you disabled the phishing > > > > filter? > > > > > Once you disabled the phishing filter and restart IE, does it prompt > > > > > you > > > > > again? > > > > > > > > > Yes. > > > > > Christian > > > > > > > > > > > > > > > On 7/23/07, Steve Holdoway <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > On Mon, 23 Jul 2007 14:56:23 -0700 > > > > > > "Christian Seifert" <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > Steve, > > > > > > > > > > > > > > lets check one thing. When you state that you "disabled it", what > > > > user > > > > > > were > > > > > > > you when you did so? One thing to watch out for is that the > > > > > > configuration > > > > > > > options in IE need to be undertaken with the same user as in the > > > > > > > config.xmlfile. If that is administrator, you explicitly need to > > > > login > > > > > > > as > > > > > > > Administrator before making config adjustments in IE. > > > > > > I was the same user that the server uses. I've told IE not to use > > > > > > it, > > > > and > > > > > > done through the internet security options, and disabled it there as > > > > well. I > > > > > > don't know of anywhere else to disable it... not that that's saying > > > > much as > > > > > > I look after linux servers for a living! > > > > > > > > > > > > > > If that wasnt the problem, I would recommend adding this option to > > > > your > > > > > > > exclusion list, so it is being ignored by Capture in its > > > > > > > assessment > > > > to > > > > > > the > > > > > > > malicious nature of the site. > > > > > > How? I'd normally read the relevant documentation, but I can't seem > > > > > > to > > > > > > find any. I'd also expect this to be a part of a default install! > > > > > > > > > > > > > > Hope this helps - > > > > > > > Christian > > > > > > Cheers, > > > > > > > > > > > > > > > > > > Steve > > > > > > _______________________________________________ > > > > > > Capture-HPC mailing list > > > > > > Capture-HPC@public.honeynet.org > > > > > > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > ---- > > > > > Web: http://www.mcs.vuw.ac.nz/~cseifert > > > > > > > > > > PGP key > > > > > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt > > > > > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 > > > > > B046 > > > > BAEF > > > > > > > > > _______________________________________________ > > > > Capture-HPC mailing list > > > > Capture-HPC@public.honeynet.org > > > > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > > > > > > > > > > > > -- > > > ---- > > > Web: http://www.mcs.vuw.ac.nz/~cseifert > > > > > > PGP key > > > http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt > > > Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 > > > BAEF > > > > > > > _______________________________________________ > > Capture-HPC mailing list > > Capture-HPC@public.honeynet.org > > https://public.honeynet.org/mailman/listinfo/capture-hpc > > > > > > > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc