seung, if the browser would modify the system in a way that is not excluded in the exclusion list, capture would classify the page as malicious.

on a standard ie 6 sp2 installation, active x components are not automatically downloaded and installed.

you can, however, configure ie to do so. if you make this modification, you would have to modify the exclusion list to exclude the state changes that result from an active x component install. otherwise, as you state correctly, capture would classify the page incorrectly as malicious.

hope this helps.
Christian

---
Web: http://www.mcs.vuw.ac.nz/~cseifert


On Apr 14, 2008, at 6:29 PM, "Seung Wook Jung" <[EMAIL PROTECTED] > wrote:

Dear all,

I would like to know how the capture-hpc deals with the ActiveX.

When an ActiveX is included in a web page and users access the web page, the ActiveX will be download from the web site without any interaction with users as I understood. In this case, the state of the PC will be changed so, I guess, the capture-hpc would decide the web page is malicious even if the ActiveX is not malicious.

Best Regards,
S. Jung
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc

Reply via email to