Dear Christian, First of all, thank you for your quick answer and your reply is helpful.
>seung, if the browser would modify the system in a way that is not >excluded in the exclusion list, capture would classify the page as >malicious. >on a standard ie 6 sp2 installation, active x components are not >automatically downloaded and installed. As I understood, ActiveX component automatically are downloaded but not installed. doesn't it? If I wrong, inform me. >you can, however, configure ie to do so. if you make this >modification, you would have to modify the exclusion list to exclude >the state changes that result from an active x component install. >otherwise, as you state correctly, capture would classify the page >incorrectly as malicious. In that case, can capture-hpc distinquish the state changes that result from an ActiveX component install and the state changes that result from excutable file of attackers by modifying the exclusion list. I mean exclusion list can have that level of granularity. >hope this helps. >Christian --- Web: http://www.mcs.vuw.ac.nz/~cseifert On Apr 14, 2008, at 6:29 PM, "Seung Wook Jung" <seung-wook.jung at cns.ssu.ac.kr >> wrote: >> Dear all, >> >> I would like to know how the capture-hpc deals with the ActiveX. >> >> When an ActiveX is included in a web page and users access the web >> page, the ActiveX will be download from the web site without any >> interaction with users as I understood. In this case, the state of >> the PC will be changed so, I guess, the capture-hpc would decide the >> web page is malicious even if the ActiveX is not malicious. >> >> Best Regards, >> S. Jung >> _______________________________________________ > Capture-HPC mailing list > Capture-HPC at public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc