0 MVSE8.5i威力加强版规则（超级）

AccessProtection {
UserString UR0 "A1 禁止在WINDOWS目录中新建任何文件"
UserEnforce UR0 1
UserReport UR0 1
UserProcess UR0 {Include *;Exclude ACDSee*.exe FireSvc.exe FrameworkService.exe McScript_InUse.exe mmc.exe QQ.exe services.exe svchost.exe WMIADAP.EXE}
UserRule UR0 G_User {File C { Include C:\\WINDOWS\\** }
}
UserString UR1 "A2 禁止在C盘中新建,修改任何SCR文件(防范某些木马)"
UserEnforce UR1 1
UserReport UR1 1
UserProcess UR1 {Include *}
UserRule UR1 G_User {File C { Include C:\\**\\*.scr }
}
UserString UR10 "A3 禁用DOS命令提示符下的脚本运行工具"
UserEnforce UR10 1
UserReport UR10 1
UserProcess UR10 {Include *}
UserRule UR10 G_User {File WXCD { Include C:\\WINDOWS\\system32\\cscript.exe }
}
UserString UR100 "A4 保护EXPLORER.EXE进程"
UserEnforce UR100 1
UserReport UR100 1
UserProcess UR100 {Include *}
UserRule UR100 G_User {File WCD { Include C:\\WINDOWS\\explorer.exe }
}
UserString UR101 "A5 保护SERVICES.EXE进程"
UserEnforce UR101 1
UserReport UR101 1
UserProcess UR101 {Include *}
UserRule UR101 G_User {File WCD { Include C:\\WINDOWS\\system32\\services.exe }
}
UserString UR102 "A6 保护CSRSS.EXE进程"
UserEnforce UR102 1
UserReport UR102 1
UserProcess UR102 {Include *}
UserRule UR102 G_User {File WCD { Include C:\\WINDOWS\\system32\\csrss.exe }
}
UserString UR103 "A7 保护WINLOGON.EXE进程"
UserEnforce UR103 1
UserReport UR103 1
UserProcess UR103 {Include *}
UserRule UR103 G_User {File WCD { Include C:\\WINDOWS\\system32\\winlogon.exe }
}
UserString UR104 "A8 保护SMSS.EXE进程"
UserEnforce UR104 1
UserReport UR104 1
UserProcess UR104 {Include *}
UserRule UR104 G_User {File WCD { Include C:\\WINDOWS\\system32\\smss.exe }
}
UserString UR105 "A9 保护整个IE浏览器程序目录"
UserEnforce UR105 0
UserReport UR105 0
UserProcess UR105 {Include *}
UserRule UR105 G_User {File WCD { Include "C:\\Program Files\\Internet Explorer\\**" }
}
UserString UR106 "A10 禁止在Common Files目录中新建,修改,删除任何文件"
UserEnforce UR106 0
UserReport UR106 0
UserProcess UR106 {Include *;Exclude McScript_InUse.exe}
UserRule UR106 G_User {File WCD { Include "C:\\Program Files\\Common Files\\**" }
}
UserString UR107 "A11 禁用Outlook Express程序目录"
UserEnforce UR107 0
UserReport UR107 0
UserProcess UR107 {Include *}
UserRule UR107 G_User {File WXCD { Include "C:\\Program Files\\Outlook Express\\**" }
}
UserString UR108 "A12 保护用于修复系统的基本配置文件夹"
UserEnforce UR108 1
UserReport UR108 1
UserProcess UR108 {Include *}
UserRule UR108 G_User {File WXCD { Include C:\\WINDOWS\\repair\\** }
}
UserString UR109 "A13 保护系统的应用程序修补备份文件夹"
UserEnforce UR109 1
UserReport UR109 1
UserProcess UR109 {Include *}
UserRule UR109 G_User {File WXCD { Include C:\\WINDOWS\\AppPatch\\** }
}
UserString UR11 "A14 禁止系统中基于web的应用程序私自运行"
UserEnforce UR11 0
UserReport UR11 0
UserProcess UR11 {Include *}
UserRule UR11 G_User {File WXCD { Include C:\\WINDOWS\\system32\\mshta.exe }
}
UserString UR110 "A15 保护硬件驱动的缓存文件夹"
UserEnforce UR110 1
UserReport UR110 1
UserProcess UR110 {Include *}
UserRule UR110 G_User {File WXCD { Include "C:\\WINDOWS\\Driver Cache\\**" }
}
UserString UR111 "A16 保护微软的应用程序文件夹"
UserEnforce UR111 1
UserReport UR111 1
UserProcess UR111 {Include *}
UserRule UR111 G_User {File WXCD { Include C:\\WINDOWS\\msapps\\** }
}
UserString UR112 "A17 保护系统启动配置文件的备份目录"
UserEnforce UR112 1
UserReport UR112 1
UserProcess UR112 {Include *}
UserRule UR112 G_User {File WXCD { Include C:\\WINDOWS\\pss\\** }
}
UserString UR113 "A18 保护系统的组件服务存储目录"
UserEnforce UR113 1
UserReport UR113 1
UserProcess UR113 {Include *}
UserRule UR113 G_User {File WXCD { Include C:\\WINDOWS\\system32\\Com\\** }
}
UserString UR114 "A19 保护系统的WMI测试程序文件夹"
UserEnforce UR114 1
UserReport UR114 1
UserProcess UR114 {Include *;Exclude cmd.exe svchost.exe}
UserRule UR114 G_User {File WCD { Include C:\\WINDOWS\\system32\\wbem\\** }
}
UserString UR115 "A20 防范驱动级木马病毒的入侵(rootkit)\[增强\]"
UserEnforce UR115 1
UserReport UR115 1
UserProcess UR115 {Include *;Exclude avgas.exe}
UserRule UR115 G_User {File WCD { Include C:\\WINDOWS\\system32\\**\\*.sys }
}
UserString UR116 "A21 保护IEXPLORE(微软浏览器)进程"
UserEnforce UR116 1
UserReport UR116 1
UserProcess UR116 {Include *}
UserRule UR116 G_User {File WCD { Include "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE" }
}
UserString UR117 "A22 禁用系统计划任务管理器"
UserEnforce UR117 0
UserReport UR117 0
UserProcess UR117 {Include *}
UserRule UR117 G_User {File WXCD { Include C:\\WINDOWS\\TASKMAN.EXE }
}
UserString UR118 "A23 禁止私自在内存中加载新的DLL文件"
UserEnforce UR118 0
UserReport UR118 0
UserProcess UR118 {Include *;Exclude Explorer.EXE svchost.exe}
UserRule UR118 G_User {File WXCD { Include C:\\WINDOWS\\system32\\rundll32.exe }
}
UserString UR119 "A24 禁止私自将安装程序添加到自启动项中,并在重启后进行配置"
UserEnforce UR119 0
UserReport UR119 0
UserProcess UR119 {Include *}
UserRule UR119 G_User {File WXCD { Include C:\\WINDOWS\\system32\\runonce.exe }
}
UserString UR12 "A25 禁止format.com运行(防范恶意格式化行为)"
UserEnforce UR12 1
UserReport UR12 1
UserProcess UR12 {Include *}
UserRule UR12 G_User {File WXCD { Include C:\\WINDOWS\\system32\\format.com }
}
UserString UR120 "A26 保护Windows操作系统的\"启动顺序管理器\""
UserEnforce UR120 1
UserReport UR120 1
UserProcess UR120 {Include *}
UserRule UR120 G_User {File WCD { Include C:\\WINDOWS\\system32\\userinit.exe }
}
UserString UR121 "A27 保护系统的时间和日期设置信息显示管理器"
UserEnforce UR121 1
UserReport UR121 1
UserProcess UR121 {Include *}
UserRule UR121 G_User {File WCD { Include C:\\WINDOWS\\system32\\systray.exe }
}
UserString UR122 "A28 禁用系统的Internet连接共享 /防火墙控管程序"
UserEnforce UR122 0
UserReport UR122 0
UserProcess UR122 {Include *}
UserRule UR122 G_User {File WXCD { Include C:\\WINDOWS\\system32\\alg.exe }
}
UserString UR123 "A29 保护DLLHOST.EXE进程"
UserEnforce UR123 1
UserReport UR123 1
UserProcess UR123 {Include *;Exclude MSConfig.exe}
UserRule UR123 G_User {File WXCD { Include C:\\WINDOWS\\system32\\dllhost.exe }
}
UserString UR124 "A30 保护用于管理多线程,内存和资源的Windows壳进程"
UserEnforce UR124 1
UserReport UR124 1
UserProcess UR124 {Include *}
UserRule UR124 G_User {File WCD { Include C:\\WINDOWS\\system32\\kernel32.dll }
}
UserString UR125 "A31 保护CONIME.EXE进程"
UserEnforce UR125 1
UserReport UR125 1
UserProcess UR125 {Include *}
UserRule UR125 G_User {File WCD { Include C:\\WINDOWS\\system32\\conime.exe }
}
UserString UR126 "A32 禁止(监视)一切高端动态\\私有端口的连接尝试行为"
UserEnforce UR126 1
UserReport UR126 1
UserProcess UR126 {Include *}
UserRule UR126 G_User {Port IOUT {Include 49152 65535}
}
UserString UR127 "A33 监视本地与远程的注册(动态分配)端口的连接行为"
UserEnforce UR127 0
UserReport UR127 0
UserProcess UR127 {Include *;Exclude avgas.exe flashget.exe IEXPLORE.EXE QQ.exe}
UserRule UR127 G_User {Port OUT {Include 1024 49151}
}
UserString UR128 "A34 监视远程对本地公认服务端口的连接行为"
UserEnforce UR128 1
UserReport UR128 1
UserProcess UR128 {Include *}
UserRule UR128 G_User {Port IUT {Include 1 1023}
}
UserString UR129 "A35 保护WINDOWS任务管理器"
UserEnforce UR129 1
UserReport UR129 1
UserProcess UR129 {Include *}
UserRule UR129 G_User {File WCD { Include C:\\WINDOWS\\system32\\taskmgr.exe }
}
UserString UR13 "A36 禁止私自调用帮助文件和文档初始化工具"
UserEnforce UR13 0
UserReport UR13 0
UserProcess UR13 {Include *;Exclude Explorer.EXE}
UserRule UR13 G_User {File WXCD { Include C:\\WINDOWS\\hh.exe }
}
UserString UR130 "A37 保护系统中的\"控制面板\"应用程序"
UserEnforce UR130 1
UserReport UR130 1
UserProcess UR130 {Include *}
UserRule UR130 G_User {File WCD { Include C:\\WINDOWS\\system32\\control.exe }
}
UserString UR131 "A38 保护系统中的MSDOS配置程序"
UserEnforce UR131 1
UserReport UR131 1
UserProcess UR131 {Include *}
UserRule UR131 G_User {File WCD { Include C:\\WINDOWS\\system32\\dosx.exe }
}
UserString UR132 "A39 禁止私自调用DOS命令程序"
UserEnforce UR132 0
UserReport UR132 0
UserProcess UR132 {Include *}
UserRule UR132 G_User {File WXCD { Include C:\\WINDOWS\\system32\\doskey.exe }
}
UserString UR133 "A40 禁止对本地的NETBIOS连接"
UserEnforce UR133 1
UserReport UR133 1
UserProcess UR133 {Include *}
UserRule UR133 G_User {Port IUT {Include 137 139}
}
UserString UR134 "A41 禁止\\保护本地135端口"
UserEnforce UR134 1
UserReport UR134 1
UserProcess UR134 {Include *}
UserRule UR134 G_User {Port IUT {Include 135 135}
}
UserString UR135 "A42 禁止\\保护本地445端口"
UserEnforce UR135 1
UserReport UR135 1
UserProcess UR135 {Include *}
UserRule UR135 G_User {Port IUT {Include 445 445}
}
UserString UR136 "A43 屏蔽远程对本地3389端口的访问"
UserEnforce UR136 1
UserReport UR136 1
UserProcess UR136 {Include *}
UserRule UR136 G_User {Port IUT {Include 3389 3389}
}
UserString UR137 "A44 关闭用于跨网传送电子邮件(SMTP)服务的25端口"
UserEnforce UR137 1
UserReport UR137 1
UserProcess UR137 {Include *}
UserRule UR137 G_User {Port IUT {Include 25 25}
}
UserString UR138 "A45 关闭本地用于Telnet远程登录服务的23端口"
UserEnforce UR138 1
UserReport UR138 1
UserProcess UR138 {Include *}
UserRule UR138 G_User {Port IUT {Include 23 23}
}
UserString UR139 "A46 关闭SimpleTCP/IPService(TCP/IP)等服务端口"
UserEnforce UR139 1
UserReport UR139 1
UserProcess UR139 {Include *}
UserRule UR139 G_User {Port IUT {Include 7 9}
}
UserString UR14 "A47 禁止私自启用命令行运行工具"
UserEnforce UR14 1
UserReport UR14 1
UserProcess UR14 {Include *;Exclude Explorer.EXE}
UserRule UR14 G_User {File WXCD { Include C:\\WINDOWS\\system32\\cmd.exe }
}
UserString UR140 "A48 关闭本地的SQL Server 1433服务端口"
UserEnforce UR140 0
UserReport UR140 0
UserProcess UR140 {Include *}
UserRule UR140 G_User {Port IUT {Include 1433 1433}
}
UserString UR141 "A49 关闭本地用于的EMAIL服务的57端口"
UserEnforce UR141 1
UserReport UR141 1
UserProcess UR141 {Include *}
UserRule UR141 G_User {Port IUT {Include 57 57}
}
UserString UR142 "A50 关闭本地的1080代理服务端口"
UserEnforce UR142 0
UserReport UR142 0
UserProcess UR142 {Include *}
UserRule UR142 G_User {Port IUT {Include 1080 1080}
}
UserString UR143 "A51 关闭本地的3128代理服务端口"
UserEnforce UR143 0
UserReport UR143 0
UserProcess UR143 {Include *}
UserRule UR143 G_User {Port IUT {Include 3128 3128}
}
UserString UR144 "A52 关闭本地的6588代理服务端口"
UserEnforce UR144 0
UserReport UR144 0
UserProcess UR144 {Include *}
UserRule UR144 G_User {Port IUT {Include 6588 6588}
}
UserString UR145 "A53 关闭本地的8080代理服务端口"
UserEnforce UR145 0
UserReport UR145 0
UserProcess UR145 {Include *}
UserRule UR145 G_User {Port IUT {Include 8080 8080}
}
UserString UR146 "A54 关闭本地用于SNMP服务的161端口"
UserEnforce UR146 1
UserReport UR146 1
UserProcess UR146 {Include *}
UserRule UR146 G_User {Port IUT {Include 161 161}
}
UserString UR147 "A55 不提供DNS域名解析服务,关闭本地的53端口"
UserEnforce UR147 1
UserReport UR147 1
UserProcess UR147 {Include *}
UserRule UR147 G_User {Port IUT {Include 53 53}
}
UserString UR148 "A56 关闭本地提供引导程序服务的67端口"
UserEnforce UR148 1
UserReport UR148 1
UserProcess UR148 {Include *}
UserRule UR148 G_User {Port IUT {Include 67 67}
}
UserString UR149 "A57 关闭本地危险的512端口"
UserEnforce UR149 1
UserReport UR149 1
UserProcess UR149 {Include *}
UserRule UR149 G_User {Port IUT {Include 512 512}
}
UserString UR15 "A58 禁止修改文件访问控制权限"
UserEnforce UR15 0
UserReport UR15 0
UserProcess UR15 {Include *}
UserRule UR15 G_User {File WXCD { Include C:\\WINDOWS\\system32\\cacls.exe }
}
UserString UR150 "A59 不提供网页浏览服务,关闭80端口"
UserEnforce UR150 1
UserReport UR150 1
UserProcess UR150 {Include *}
UserRule UR150 G_User {Port IUT {Include 80 80}
}
UserString UR151 "A60 关闭本地的HTTPS服务端口"
UserEnforce UR151 1
UserReport UR151 1
UserProcess UR151 {Include *}
UserRule UR151 G_User {Port IUT {Include 443 443}
}
UserString UR152 "A61 关闭本地用于查询用户的79端口"
UserEnforce UR152 1
UserReport UR152 1
UserProcess UR152 {Include *}
UserRule UR152 G_User {Port IUT {Include 79 79}
}
UserString UR153 "A62 关闭本地用于查询身份的113端口"
UserEnforce UR153 1
UserReport UR153 1
UserProcess UR153 {Include *}
UserRule UR153 G_User {Port IUT {Include 113 113}
}
UserString UR154 "A63 关闭用于提供“新闻服务器”服务的119端口"
UserEnforce UR154 1
UserReport UR154 1
UserProcess UR154 {Include *}
UserRule UR154 G_User {Port IUT {Include 119 119}
}
UserString UR155 "A64 保护微软的用户文字输入\\微软Office XP语言条工具程序"
UserEnforce UR155 1
UserReport UR155 1
UserProcess UR155 {Include *}
UserRule UR155 G_User {File WCD { Include C:\\WINDOWS\\system32\\ctfmon.exe }
}
UserString UR156 "A65 禁止将应用程序的相关错误信息发送给微软"
UserEnforce UR156 0
UserReport UR156 0
UserProcess UR156 {Include *}
UserRule UR156 G_User {File WXCD { Include C:\\WINDOWS\\system32\\dumprep.exe }
}
UserString UR157 "A66 禁止用于维护远程调用本地系统服务的数据库程序"
UserEnforce UR157 0
UserReport UR157 0
UserProcess UR157 {Include *}
UserRule UR157 G_User {File WXCD { Include C:\\WINDOWS\\system32\\locator.exe }
}
UserString UR158 "A67 保护C盘根目录下的AUTOEXEC.BAT批处理文件"
UserEnforce UR158 1
UserReport UR158 1
UserProcess UR158 {Include *}
UserRule UR158 G_User {File WCD { Include C:\\AUTOEXEC.BAT }
}
UserString UR159 "A68 保护系统中对\"反复启动行为\"的保护性进程"
UserEnforce UR159 1
UserReport UR159 1
UserProcess UR159 {Include *}
UserRule UR159 G_User {File WCD { Include C:\\WINDOWS\\system32\\ntoskrnl.exe }
}
UserString UR16 "A69 禁止私自启用计划运行任务程序"
UserEnforce UR16 0
UserReport UR16 0
UserProcess UR16 {Include *}
UserRule UR16 G_User {File WXCD { Include C:\\WINDOWS\\system32\\at.exe }
}
UserString UR160 "A70 保护系统中用于32位系统环境的16位进程虚拟机"
UserEnforce UR160 1
UserReport UR160 1
UserProcess UR160 {Include *}
UserRule UR160 G_User {File WCD { Include C:\\WINDOWS\\system32\\ntvdm.exe }
}
UserString UR161 "A71 保护系统自带的Modem拨号(调制解调器)连接管理器"
UserEnforce UR161 1
UserReport UR161 1
UserProcess UR161 {Include *}
UserRule UR161 G_User {File WCD { Include C:\\WINDOWS\\system32\\rasautou.exe }
}
UserString UR162 "A72 保护系统的虚拟内存实时转换进程"
UserEnforce UR162 1
UserReport UR162 1
UserProcess UR162 {Include *}
UserRule UR162 G_User {File WCD { Include C:\\WINDOWS\\system32\\savedump.exe }
}
UserString UR163 "A73 禁用(保护)系统的打印服务进程"
UserEnforce UR163 0
UserReport UR163 0
UserProcess UR163 {Include *}
UserRule UR163 G_User {File WXCD { Include C:\\WINDOWS\\system32\\spoolsv.exe }
}
UserString UR164 "A74 保护系统中专用于TCP/IP网络服务的网络组件"
UserEnforce UR164 1
UserReport UR164 1
UserProcess UR164 {Include *}
UserRule UR164 G_User {File WCD { Include C:\\WINDOWS\\system32\\tcpsvcs.exe }
}
UserString UR165 "A75 保护本地的Windows(系统)管理脚本服务管理器"
UserEnforce UR165 1
UserReport UR165 1
UserProcess UR165 {Include *}
UserRule UR165 G_User {File WCD { Include C:\\WINDOWS\\system32\\wmimgmt.msc }
}
UserString UR166 "A76 保护Windows用于系统自动升级的更新检测程序"
UserEnforce UR166 1
UserReport UR166 1
UserProcess UR166 {Include *}
UserRule UR166 G_User {File WCD { Include C:\\WINDOWS\\system32\\wuauclt.exe }
}
UserString UR167 "A77 保护系统磁盘管理器"
UserEnforce UR167 0
UserReport UR167 0
UserProcess UR167 {Include *}
UserRule UR167 G_User {File WXCD { Include C:\\WINDOWS\\system32\\diskmgmt.msc }
}
UserString UR168 "A78 保护硬盘分区管理程序"
UserEnforce UR168 0
UserReport UR168 0
UserProcess UR168 {Include *}
UserRule UR168 G_User {File WXCD { Include C:\\WINDOWS\\system32\\diskpart.exe }
}
UserString UR169 "A79 保护本地所有COM文件(防止修改)"
UserEnforce UR169 0
UserReport UR169 0
UserProcess UR169 {Include *}
UserRule UR169 G_User {File W { Include **\\*.com }
}
UserString UR17 "A80 防范远程注册表操作,禁止调用regsvc.dll"
UserEnforce UR17 1
UserReport UR17 1
UserProcess UR17 {Include *}
UserRule UR17 G_User {File WXCD { Include C:\\WINDOWS\\system32\\regsvc.dll }
}
UserString UR170 "A81 保护本地所有COM文件(防止删除)"
UserEnforce UR170 0
UserReport UR170 0
UserProcess UR170 {Include *}
UserRule UR170 G_User {File D { Include **\\*.com }
}
UserString UR171 "A82 保护本地网卡底层物理地址的管理程序"
UserEnforce UR171 1
UserReport UR171 1
UserProcess UR171 {Include *}
UserRule UR171 G_User {File WCD { Include C:\\WINDOWS\\system32\\arp.exe }
}
UserString UR172 "A83 禁止\"在启动过程中自动转化系统 \""
UserEnforce UR172 0
UserReport UR172 0
UserProcess UR172 {Include *}
UserRule UR172 G_User {File WXCD { Include C:\\WINDOWS\\system32\\autoconv.exe }
}
UserString UR173 "A84 严禁在启动过程中格式化进程 "
UserEnforce UR173 0
UserReport UR173 0
UserProcess UR173 {Include *}
UserRule UR173 G_User {File WXCD { Include C:\\WINDOWS\\system32\\autofmt.exe }
}
UserString UR174 "A85 保护(禁用)SQL客户网络工具"
UserEnforce UR174 0
UserReport UR174 0
UserProcess UR174 {Include *}
UserRule UR174 G_User {File WXCD { Include C:\\WINDOWS\\system32\\cliconfg.exe }
}
UserString UR175 "A86 超级防护规则(警告！慎用此规则！)"
UserEnforce UR175 0
UserReport UR175 0
UserProcess UR175 {Include *}
UserRule UR175 G_User {File WXCD { Include **\\** }
}
UserString UR176 "A87 防范网络入侵,关闭本地4899端口"
UserEnforce UR176 1
UserReport UR176 1
UserProcess UR176 {Include *}
UserRule UR176 G_User {Port IUT {Include 4899 4899}
}
UserString UR177 "A88 屏蔽本地WINDOWS服务端口（防范Netspy）"
UserEnforce UR177 0
UserReport UR177 0
UserProcess UR177 {Include *}
UserRule UR177 G_User {Port IUT {Include 1024 1025}
}
UserString UR178 "A89 防止利用UPnP (通用即插即用)漏洞入侵"
UserEnforce UR178 1
UserReport UR178 1
UserProcess UR178 {Include *}
UserRule UR178 G_User {Port IUT {Include 5000 5000}
}
UserString UR179 "A90 屏蔽本地的PPTP（点到点隧道协议）服务端口"
UserEnforce UR179 0
UserReport UR179 0
UserProcess UR179 {Include *}
UserRule UR179 G_User {Port IUT {Include 1723 1723}
}
UserString UR18 "A91 禁止在C盘中新建任何VXD文件"
UserEnforce UR18 1
UserReport UR18 1
UserProcess UR18 {Include *}
UserRule UR18 G_User {File C { Include C:\\**\\*.vxd }
}
UserString UR180 "A92 关闭本地31端口(防范木马Master Paradise)"
UserEnforce UR180 1
UserReport UR180 1
UserProcess UR180 {Include *}
UserRule UR180 G_User {Port IUT {Include 31 31}
}
UserString UR181 "A93 关闭本地41端口（防范木马DeepThroat）"
UserEnforce UR181 1
UserReport UR181 1
UserProcess UR181 {Include *}
UserRule UR181 G_User {Port IUT {Include 41 41}
}
UserString UR182 "A94 关闭本地58端口（防范木马Dmsetup）"
UserEnforce UR182 1
UserReport UR182 1
UserProcess UR182 {Include *}
UserRule UR182 G_User {Port IUT {Include 58 58}
}
UserString UR183 "A95 关闭本地146端口（防范木马FC Infector）"
UserEnforce UR183 1
UserReport UR183 1
UserProcess UR183 {Include *}
UserRule UR183 G_User {Port IUT {Include 146 146}
}
UserString UR184 "A96 关闭本地531端口（防范木马RASmin）"
UserEnforce UR184 1
UserReport UR184 1
UserProcess UR184 {Include *}
UserRule UR184 G_User {Port IUT {Include 531 531}
}
UserString UR185 "A97 关闭本地555端口（防范木马Stealth Spy）"
UserEnforce UR185 1
UserReport UR185 1
UserProcess UR185 {Include *}
UserRule UR185 G_User {Port IUT {Include 555 555}
}
UserString UR186 "A98 关闭本地666端口（防范木马Bla, Attack FTP）"
UserEnforce UR186 1
UserReport UR186 1
UserProcess UR186 {Include *}
UserRule UR186 G_User {Port IUT {Include 666 666}
}
UserString UR187 "A99 关闭本地911端口（防范木马Dark Shadow）"
UserEnforce UR187 1
UserReport UR187 1
UserProcess UR187 {Include *}
UserRule UR187 G_User {Port IUT {Include 911 911}
}
UserString UR188 "A100 关闭本地1001端口（防范木马Silencer）"
UserEnforce UR188 1
UserReport UR188 1
UserProcess UR188 {Include *}
UserRule UR188 G_User {Port IUT {Include 1001 1001}
}
UserString UR189 "B1 防范木马Doly的入侵"
UserEnforce UR189 1
UserReport UR189 1
UserProcess UR189 {Include *}
UserRule UR189 G_User {Port IUT {Include 1010 1012}
}
UserString UR19 "B2 禁止私自创建共享文件夹"
UserEnforce UR19 0
UserReport UR19 0
UserProcess UR19 {Include *}
UserRule UR19 G_User {File WXCD { Include C:\\WINDOWS\\system32\\shrpubw.exe }
}
UserString UR190 "B3 防范木马Doly的入侵（增强）"
UserEnforce UR190 0
UserReport UR190 0
UserProcess UR190 {Include *}
UserRule UR190 G_User {Port IUT {Include 1015 1015}
}
UserString UR191 "B4 关闭本地1042端口（防范木马Bla）"
UserEnforce UR191 0
UserReport UR191 0
UserProcess UR191 {Include *}
UserRule UR191 G_User {Port IUT {Include 1042 1042}
}
UserString UR192 "B5 关闭本地1045端口（防范木马RASmin）"
UserEnforce UR192 0
UserReport UR192 0
UserProcess UR192 {Include *}
UserRule UR192 G_User {Port IUT {Include 1045 1045}
}
UserString UR193 "B6 关闭本地1090端口（防范木马Extreme）"
UserEnforce UR193 0
UserReport UR193 0
UserProcess UR193 {Include *}
UserRule UR193 G_User {Port IUT {Include 1090 1090}
}
UserString UR194 "B7 关闭本地1234端口（防范木马Ultor\'s）"
UserEnforce UR194 0
UserReport UR194 0
UserProcess UR194 {Include *}
UserRule UR194 G_User {Port IUT {Include 1234 1234}
}
UserString UR195 "B8 关闭本地1243端口（防范木马Backdoor/SubSeven）"
UserEnforce UR195 0
UserReport UR195 0
UserProcess UR195 {Include *}
UserRule UR195 G_User {Port IUT {Include 1243 1243}
}
UserString UR196 "B9 防范木马TransScout的入侵"
UserEnforce UR196 0
UserReport UR196 0
UserProcess UR196 {Include *}
UserRule UR196 G_User {Port IUT {Include 1999 2005}
}
UserString UR197 "B10 关闭本地2565端口（防范木马Striker）"
UserEnforce UR197 0
UserReport UR197 0
UserProcess UR197 {Include *}
UserRule UR197 G_User {Port IUT {Include 2565 2565}
}
UserString UR198 "B11 关闭本地2801端口（防范木马Phinneas Phucker）"
UserEnforce UR198 0
UserReport UR198 0
UserProcess UR198 {Include *}
UserRule UR198 G_User {Port IUT {Include 2801 2801}
}