Dear Capture HPC owner: Hello!. My name is Yu. I admire very much about your outstanding work-Capture HPC. However, there are some problems i'm very confused about. Can I consult you with the problem? We use Capture 2.5.1 server& client programs. We set up clients on Windows XP SP2. Case 1:if we use Internet Explorer: Every time when we need the client to link to URL to download some file (ex:http://js.222233.com/StormII.js), a file download prompt window will appear to wait your confirmation. Thus it will leads to the result like timeout error or network error logs generated by the program. Case 2:if we use the firefox If we use the firefox to do the same task, no file download prompt will appear and it will open directly the file,(like notepad) without executing malicious code. Thus the registry modification result was similar to that of benign URL.
In case 1, the malicious URL will produce error logs. In case 2, almost erevy URL is malicious if the exclusion list was not set. However, if I add the exclusion list path, the malicious URL will produce benign result logs. How do I set the configuration of XP SP2 to solve these problems? That is, I hope the malicious URL will generate the malicious logs. Thank you very much for your help. _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
