seung, if the browser would modify the system in a way that is not
excluded in the exclusion list, capture would classify the page as
malicious.
on a standard ie 6 sp2 installation, active x components are not
automatically downloaded and installed.
you can, however, configure ie to do so. if you make this
modification, you would have to modify the exclusion list to exclude
the state changes that result from an active x component install.
otherwise, as you state correctly, capture would classify the page
incorrectly as malicious.
hope this helps.
Christian
---
Web: http://www.mcs.vuw.ac.nz/~cseifert
On Apr 14, 2008, at 6:29 PM, "Seung Wook Jung" <[EMAIL PROTECTED]
> wrote:
Dear all,
I would like to know how the capture-hpc deals with the ActiveX.
When an ActiveX is included in a web page and users access the web
page, the ActiveX will be download from the web site without any
interaction with users as I understood. In this case, the state of
the PC will be changed so, I guess, the capture-hpc would decide the
web page is malicious even if the ActiveX is not malicious.
Best Regards,
S. Jung
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc