MMCexe是什么进程.docx
《MMCexe是什么进程.docx》由会员分享,可在线阅读,更多相关《MMCexe是什么进程.docx(8页珍藏版)》请在冰豆网上搜索。
MMCexe是什么进程
三一文库(XX)
〔MMC.exe是什么进程〕
*篇一:
禁止exe运行
禁止exe运行
%windir%\system32\cmd.exe\*.bat*
%windir%\system32\cmd.exe\*.cmd*
%windir%\system32\cmd.exe\*scconfig*
%windir%\system32\cmd.exe\*taskkill*
*\TemporaryInternetFiles\*.exe
*\attrib.exe
%windir%\system32\cscript.exe
%windir%\system32\wscript.exe
%windir%\system32\cmd.exe
*\debug.exe
*\user.exe
*\Cacls.exe
*\replace.exe
%windir%\system32\at.exe
%windir%\system32\tasklist.exe
%%windir%\system32\diskpart.exe
%windir%\system32\ftp.exe
%windir%\system32\telnet.exe
*\runas.exe
%windir%\system32\tftp.exe
%windir%\system32\schtasks.exe
%windir%\system32\doskey.exe
%windir%\system32\ntsd.exe
%windir%\system32\taskkill.exe
%windir%\system32\net.exe
%windir%\system32\net1.exe
%windir%\system32\netstat.exe
%windir%\system32\mmc.exe
%windir%\system32\msconfig.exe
非系统禁止执行
%windir%\*
%ProgramFiles%\CommonFiles\*.exe
%ProgramFiles%\*
COM调用控制
远程调用COM对象禁止
{4590F811-1D3A-11D0-891F-00AA004B2E24}
{4991D34B-80A1-4291-83B6-3328366B9097}
{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}
{69AD4AEE-51BE-439b-A92C-86AE490E8B30}
{75048700-EF1F-11D0-9888-006097DEACF9}
{8856F961-340A-11D0-A96B-00C04FD705A2}
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
{B69003B3-C55E-4B48-836C-BC5946FC3B28}
{ED8C108E-4349-11D2-91A4-00C04F7969E8}
{F81CD990-910B-4bbf-9CB3-6A77F3D697B3}
{FBF23B40-E3F0-101B-8488-00AA003E56F8}
库文件禁止加载
*\scrrun.dll
*\regsvc.dll
*\mstask.dll
*\wshom.ocx
白名单
%windir%\system32\msiexec.exe
%windir%\system32\*.exe
%windir%\explorer.exe
%windir%\winhelp.exe
%windir%\hh.exe
%windir%\winhlp32.exe
%windir%\*.dll
%windir%\regedit.exe
*\WindowsXP-KB*-x86-CHS.exe
注册表
仅禁止创建
*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
禁止的
*\ControlPanel\Desktop
HKEY_LOCAL_MACHINE\SYSTEM\*ControlSet*\Services\Tcpip\Parameters\DataBasePathHKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services\Tcpip\Parameters\Interfaces*
HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services\WinSock*
*\SOFTWARE\Microsoft\CommandProcessor*创建注册表,修改注册表
*\Software\Microsoft\Windows\CurrentVersion\GroupPolicy*
*\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad*
*\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\AeDebug\Debugger
*\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Drivers\*
*\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\run
*\Software\Microsoft\Windowsnt\Currentversion\Windows\load
*\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WOW\boot\shell
*\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WOW\NonWindowsApp
*\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WOW\standard
*\System\*ControlSet*\Control\SessionManager\BootRxecute
*\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\AppInit_DLLs
*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced*
*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe*
*\Software\Microsoft\Windows\CurrentVersion\Explorer\*ShellFolders\CommonStartup*\Software\Microsoft\Windows\CurrentVersion\Explorer\*ShellFolders\Startup
*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks*
*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler*
*\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\*\shell\*
*\Software\Microsoft\Windows\Currentversion\Explorer\Browserhelperobjects*
HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services\*\Parameters\ServiceDllHKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services\*\imagepath
HKEY_LOCAL_MACHINE\SYSTEM\*controlset*\Services\*[key]
*\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon*
*\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\ParseAutoexec
IE浏览器
*\Software\Microsoft\Internetexplorer\AboutURLs
*\Software\Microsoft\Internetexplorer\Advancedoptions*
*\Software\Microsoft\InternetExplorer\ExplorerBars*
*\Software\Microsoft\Internetexplorer\Search*
*\Software\Microsoft\Internetexplorer\Styles\stylesheet
*\Software\Microsoft\Internetexplorer\Toolbar\Locked[允许]就这一个特例
*\Software\Microsoft\Internetexplorer\Main\Default_Page_URL
*\Software\Microsoft\Internetexplorer\Urlsearchhooks*
*\Software\Microsoft\Internetexplorer\Search*
Default_Search_URL
HOMEOldSP
LocalPage
SearchBar
SearchPage
StartPage
StartPage_bak
UseCustomSearchURL
*\Software\Microsoft\Windows\Currentversion\Internetsettings\MinLevel
Security_RunActiveXControls
Security_RunScripts
SafetyWarningLevel
TrustWarningLevel
*\Software\Microsoft\Windows\Currentversion\Internetsettings\Zonemap\Ranges*
*\Software\Microsoft\Windows\Currentversion\URL\*
*\Software\Microsoft\Internetexplo