can you use the exclusion list from the release file and try it again.
maybe there is a bug in the ones you are using.
---
Web: http://www.mcs.vuw.ac.ms/~cseifert
On Jul 25, 2007, at 2:51 PM, Steve Holdoway <[EMAIL PROTECTED]>
wrote:
The only things added to the event log are informational system
messages stating that the Capture Process and Registry Monitor
Services were sent a start command.
How can I debug this?
Steve
Now waaay beyond puzzled!
On Thu, 26 Jul 2007 09:23:27 +1200
Steve Holdoway <[EMAIL PROTECTED]> wrote:
I get hundreds of lines output when I start ie up on the client.
Also when starting from the server. The attached screenshot is from
the interrupted session instigated by the server...
On Wed, 25 Jul 2007 14:08:49 -0700
"Christian Seifert" <[EMAIL PROTECTED]> wrote:
sorry steve --- I am a bit puzzled myself.
lets try one more thing.
When you startup capture from the command line. Open IE and go to
www.google.com. Do you see any events output on the command line
window?
If not, that tells us that the exclusion lists are good and are
being loaded
(as the attached file suggested)
Then, try again via the server. If google is classified as
malicious, then
try to start the server and interrupt it during the retrieval of
the page
(that way the server wont reset the VM). This allows you to check
out the
window capture is running in. Maybe that will give us the pointers
that we
need to solve this...
Christian
On 7/25/07, Steve Holdoway <[EMAIL PROTECTED]> wrote:
I'm using the one posted earlier. I've tried creating c:\capture,
c:\capture\log and c:\capture\tmp , and copying capture.exe to c:
\capture,
as suggested may be necessary in this file.
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
