I note that fltmgr.sys as defined in the delivered version of fltmgr.inf is at version DriverVer=07/01/2001,5.1.2600.2180, whereas the current installed version is at version DriverVer=06/01/2007,5.1.2600.2978 ( date's just a guess ).
will this have any effect? On Thu, 26 Jul 2007 10:12:39 +1200 Steve Holdoway <[EMAIL PROTECTED]> wrote: > Removed all files > Removed c:\capture > Installed http://www.nz-honeynet.org/Capture-Client-1.1.0-5324.zip in c:\ > Made snapshot > tested http://www.google.com > > No change. Here's the server log. > > On Wed, 25 Jul 2007 14:59:42 -0700 > Christian Seifert <[EMAIL PROTECTED]> wrote: > > > can you use the exclusion list from the release file and try it again. > > maybe there is a bug in the ones you are using. > > > > --- > > Web: http://www.mcs.vuw.ac.ms/~cseifert > > > > > > On Jul 25, 2007, at 2:51 PM, Steve Holdoway <[EMAIL PROTECTED]> > > wrote: > > > > > The only things added to the event log are informational system > > > messages stating that the Capture Process and Registry Monitor > > > Services were sent a start command. > > > > > > How can I debug this? > > > > > > > > > Steve > > > Now waaay beyond puzzled! > > > > > > On Thu, 26 Jul 2007 09:23:27 +1200 > > > Steve Holdoway <[EMAIL PROTECTED]> wrote: > > > > > >> I get hundreds of lines output when I start ie up on the client. > > >> Also when starting from the server. The attached screenshot is from > > >> the interrupted session instigated by the server... > > >> > > >> On Wed, 25 Jul 2007 14:08:49 -0700 > > >> "Christian Seifert" <[EMAIL PROTECTED]> wrote: > > >> > > >>> sorry steve --- I am a bit puzzled myself. > > >>> > > >>> lets try one more thing. > > >>> > > >>> When you startup capture from the command line. Open IE and go to > > >>> www.google.com. Do you see any events output on the command line > > >>> window? > > >>> If not, that tells us that the exclusion lists are good and are > > >>> being loaded > > >>> (as the attached file suggested) > > >>> > > >>> Then, try again via the server. If google is classified as > > >>> malicious, then > > >>> try to start the server and interrupt it during the retrieval of > > >>> the page > > >>> (that way the server wont reset the VM). This allows you to check > > >>> out the > > >>> window capture is running in. Maybe that will give us the pointers > > >>> that we > > >>> need to solve this... > > >>> > > >>> Christian > > >>> > > >>> > > >>> On 7/25/07, Steve Holdoway <[EMAIL PROTECTED]> wrote: > > >>>> > > >>>> I'm using the one posted earlier. I've tried creating c:\capture, > > >>>> c:\capture\log and c:\capture\tmp , and copying capture.exe to c: > > >>>> \capture, > > >>>> as suggested may be necessary in this file. > > >>>> > > _______________________________________________ > > Capture-HPC mailing list > > Capture-HPC@public.honeynet.org > > https://public.honeynet.org/mailman/listinfo/capture-hpc > _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
