ISS BlackICE PC Protection v3 6+KeyGen rar

BlackICE PC Protection Content Update 3.6.cqz - README ===================================================================== Last modified: 13 May 2008 © Copyright IBM Corporation 1998, 2008. All rights reserved worldwide. PLEASE READ THIS DOCUMENT IN ITS ENTIRETY. ===================================================================== CONTENTS ===================================================================== - Description - System requirements - Applying updates - Getting the latest related documentation - Customer Support - Known issues - New signatures added in this release --------------------------------------------------------------------- DESCRIPTION ===================================================================== This release contains 4 new event(s) and 2 new blocking response(s). SYSTEM REQUIREMENTS ===================================================================== - Hardware: Pentium class computer. - OS: Windows 98 (retail, SP1, Second Edition) Windows NT 4 (SP5, SP6, SP6a) Windows 2000 (SP1, SP2, SP3, SP4) Windows ME Windows XP Pro (SP1) / Home (SP1) Windows XP Pro (SP2) / Home (SP2) - Memory: Minimum: 16MB Recommended: 64MB - Disk space: A minimum of 10MB. This includes 2.5 MB allocated for logging trace files. - Other: System must be using the following: - Internet Explorer 5.0 or later. APPLYING UPDATES ===================================================================== Apply this update through the agent installation package GETTING THE LATEST RELATED DOCUMENTATION ===================================================================== Documentation for BlackICE PC Protection can be found at the following Web address: http://www.iss.net/support/documentation CUSTOMER SUPPORT ===================================================================== Support for this release is available by sending an email to: e-mail: [email protected] /* */ and follow the support email guidelines on the web page: http://blackice.iss.net/customer_support.php When submitting a support request via e-mail, in the subject heading of your e-mail put the category of the issue you are experiencing and your license key. For example: QUESTION: 0123456-RS-12345 You can use any one of the following categories: - CRASH : BlackICE is causing your system to crash or hang - QUESTION : ask a question - OPERATION : report an issue regarding one of BlackICE's functions or feature - NEW INSTALL : you are experiencing an install issue - UPDATE INSTALL: you are attempting to update your BlackICE installation and are experiencing difficulties doing so - FEATURE : to suggest features you would like to see in BlackICE - OTHER : to request support for an issue that doesn't fit any of the above categories Make sure to include the following files when requesting technical support: -attack-list.csv -blackd.log -blackd-old.log -blackice.ini -firewall.ini -sigs.ini -protect.ini -checksum.txt -actlcl.txt -filelock.txt -rapapp.log -rapapp-old.log -license.key To provide feedback on this readme, send an email to [email protected] /* */ KNOWN ISSUES ===================================================================== - Customers may see false positives with Excel_File_Import_Code_Exec. Profiling on the customers' traffic should be performed before enabling blocking. - XForce is investigating possible false alarms in HTML_URL_Unicode_Stack_Overflow. - The InstallShield installation of BlackICE PC Protection hangs at the end of the install on Windows XP SP1 and SP2. You may see the following error: An error occurred while launching the setup The remote procedure call failed In this case, you can use the Windows Task Manager to manually terminate the hung InstallShield process at the end of the install without any adverse affects. For more information, please see the following Knowledge Base article: https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3812 - When you update from 2.9 to 3.5 or 3.6, your preferences in the BlackICE Attacks and Intruders windows are not saved (i.e. the field and column width specifications). Also, your settings for the Preferences tab are not saved. Workaround: Please note your settings before updating your copy of BlackICE. - If you enabled ACPI power management, BlackICE does not let Windows 98/Me automatically go into hibernate mode, and on some systems even Standby mode. Work-Around: You can manually put your computer into Standby or Hibernate modes. We are working on a solution. - On Windows Me, restore points do not automatically occur. Work-Around: Periodically, manually set restore points. - For WinNT 4: Under certain situations, the floppy drive is inaccessible when the agent is installed. Work-around: Add the following line to blackice.ini: starting.i=101 After saving and closing blackice.ini, stop and start the Blackice service in the service list. - For Windows 98, using Dial Up Networking or when establishing a VPN connection: Under certain conditions, establishing the dial up or VPN connection fails. Work-around: Add the following line to blackice.ini: restart.whenDeviceChg = false - Under rare conditions, the agent may not detect your computer's network adapter(s). This means that although your computer can communicate on the network, BlackICE fails to see the network traffic and therefore fails to protect your system. Work-around: Add the following line to blackice.ini: adapter.override = true Save and close blackice.ini, then stop and start the BlackICE engine. - When using the Communications Control in the Advanced Application Protection Settings to terminate or block network access of a trusted application and that application uses a secondary trusted application to access the Internet, the secondary application will not be terminated or blocked. The workaround is to use the Applications Control and change the settings for the primary application from allow to terminate. The primary application will be terminated and cannot use the secondary application to access the Internet. - Using the Fast User Switching on XP the Application protection prompts only appear on the first user logged into the XP system if the unknown or modified application is launched by the second user. The workaround is to switch back to the first user and answer the Application Protection prompts. - Under rare conditions the baseline does not complete properly due to a virtual memory error. Work-around: Free up disk space on your computer and reboot the system so Windows can allocate the proper amount of virtual memory - When uninstalling on Windows 98 and Me, you may see one or more "Unknown Application" prompts referencing various InstallShield files such as isrt.dll and ikernel.exe. This may occur when uninstalling any application which uses InstallShield, not just BlackICE. As part of InstallShield's bootstrapping process, it unpacks and runs various files in a temporary directory. These files are not part of the file system baseline, so the Application Protection feature will trigger on them. The workaround is to put Application Protection into "Install Mode" using the button on the "Unknown Application" dialog. Or, just allow the triggered file to continue (do not terminate the file or your uninstall will also be terminated). - The agent is not compatible with VMware. Running this agent in a VMware environment could result in unpredictable system behavior. - On some notebook computers configured to go into standby when there is lack of computer activity (e.g. disk, keyboard, and mouse activity), the agent may prevent the system from going into standby because of it's own disk activity. - The agent may prevent certain PDA's from synchronizing. If this happens, stop the BlackICE engine. - Versions of Cookie Crusher earlier than Version 2.5 are incompatible with this agent. Removing Cookie Crusher fixes the problem. - If you are having difficulties performing SCANDISK or DEFRAG, stop the BlackICE engine. When your computer is busy receiving network traffic, so is BlackICE (busy, that is). As such, BlackICE is also busy logging information to your disk. SCANDISK or DEFRAG may not finish when your disk drive is in use. - Under certain situations, you may see the RED slash across the BlackICE system tray icon. These situations include: - You invoked BlackICE Engine/Stop BlackICE Engine. - The BlackICE engine is in startup delay. BlackICE has determined that for some reason, the system was abruptly or unexpectedly shutdown in a prior computer session. - BlackICE has detected a network device insertion event and is re-starting to accommodate the new device. In this case the red slash is temporary and will disappear after a few seconds. One example, if you access the Internet via a dialup modem, then it is very likely that you will see the red slash appear every time you connect to the Internet. If you don't want this to occur, consider adding the following line to the blackice.ini file: restart.whenDeviceChg = false startup.crashdelay = disabled - Your system has become busy to the point where the agent user interface is temporarily unable to communicate with the BlackICE engine. If this is the case, you will see the red slash for only a short period with no lapse in system protection from the BlackICE engine. - The BlackICE engine has terminated unexpectedly. - Applications that operate in a 16-bit environment may not be detected properly in Win98/WinMe. IBM ISS recommends that you avoid running these applications due to their inherent security weaknesses. 1. New Security Content For 3.6.cqz IssueID SecChkID ProductCheckName Event Type Risk Level ------- -------- -------------------------------------- --------------------------- ---------- 2110165 42088 HTML_URL_Unicode_Stack_Overflow Unauthorized Access Attempt High 2110166 42089 HTTP_Client_Converter_Null_Ptr_BO Unauthorized Access Attempt High 2122032 42102 RTF_Word_Drawing_Exec Unauthorized Access Attempt High 2122037 42108 PE_MS_Protection_Engine_DoS Denial of Service Low 2. Security Content Improvements in 3.6.cqz --------------------------------------------------------------- - A false positive has been corrected in Image_WMF_Generic_RecordSize_Overflow for certain STRETCHDIB records or when extra bytes are present after the EOF marker. 3. Event Blocking Notes --------------------------------------------------------------- 3.1 Blocking was added for the following events: SecChkID ProductCheckName ------------------------------ 38499 MDB_Jet_Engine_Stack_Overflow 42088 HTML_URL_Unicode_Stack_Overflow 3.2 Blocking was removed for the following events: SecChkID ProductCheckName ------------------------------- 4. Other Updates --------------------------------------------------------------- IBM ISS is planning to update the HTTP parser in the IPS Content Update scheduled for June 10, 2008. The HTTP parser changes will greatly increase the accuracy of HTTP signatures, decreasing false positives and false negatives. A detailed description of these changes will be in the readme for the June release. 5. Other Bug Fixes ---------------------------------------------------------------

udp://tracker.openbittorrent.com:80
udp://open.demonii.com:1337
udp://tracker.coppersurfer.tk:6969
udp://exodus.desync.com:6969