Sign In with your
Trend Micro Account
需要協助?
需要協助?

若您需要技術支援,請 按此建立案件。

Information about detection type identified as Policy by ATTK

    • 更新於:
    • 9 Mar 2020
    • 產品/版本:
    • Support Tools
    • 作業系統:
概要

When using ATTK, you may see the detection type: Policy. This type of detection indicates that ATTK found Windows Settings suspiciously changed, possibly modified by malware. One good example is some malware that disable Task Manager to prevent the user from killing the malware process. The modified Task Manager settings can be detected by ATTK as Policy.

ATTK Detection Policy

詳情
Public
PolicyTypeDescription
SCRNSAVE.EXEDesktopSet screen saver value to Blank
BackupWallpaperDesktopEnable the predefined backup wallpaper of the OS
NoSetActiveDesktopDesktopDisable Active Desktop
WallpaperDesktopEnable the predefined wallpaper of the OS
NoChangingWallpaperDesktopDisable the changing of wallpapers
NoActiveDesktopChangesDesktopDisable changing of Active Desktop
Start PageInternet ExplorerSet start page value of Internet Explorer to "about:blank"
Home PageInternet ExplorerEnable user to change the HomePage Address in the Internet Options of IE
Window TitleInternet ExplorerDelete value to be shown in the Menu Bar of IE
AntivirusDisableNotifySecurityUsers will be notified that Antivirus Software is Disabled
AntivirusOverrideSecurityEnable Antivirus Monitoring
FirewallDisableNotifySecurityUsers will be notified that the Firewall is Disabled
FirewallOverrideSecurityEnable 3rd Party Firewall Monitoring
UpdatesDisableNotitySecurityUsers will be notified that Updates are available
DisableWindowsUpdateAccessSecurityAccess to Windows Updates is Enabled
AUOptionsSecurityEnable "Download updates for me but let me choose when to install them"
NoAutoUpdateSecurityEnable Windows Automatic Updates
EnableDCOMSecurityLaunching of servers and connecting to objects by remote clients is allowed on a per-class basis according to the value
DoNotAllowXPSP2SecurityWindows XP Service Pack 2 will be shown in Windows Update
RestrictAnonymousSecurityAllow anonymous users
AutoShareServerSecurityAdmin$ shares will not be available (on a server machine)
AutoShareWksSecurityAdmin$ shares will not be avialable (on a workstation machine)
MessengerSecuritySet Net Send Service startup type to Automatic
RemoteRegistrySecuritySet Remote Registry accessible service startup type to Automatic
EnableFirewallSecurityEnable WIndows XP Firewall
TIntSvrSecuritySet TIntSvr Service startup type to Manual
wscsvcSecuritySet wscsvc service startup type to Automatic
wuauservSecuritySet wuauserv service startup type to Automatic
DisableRegeditSystemDelete value of HKCU\Software\Microsoft\WIndows\CurrentVersion\Policies\System DisableRegedit and HKLM\Software\Microsoft\WIndows\CurrentVersion\Policies\System DisableRegedit
DisableRegistryToolsSystemAllows users to run registry editor
DisableTaskMgrSystemAllows users to run Task Manager
DisableCMDSystemEnable command prompt and batch files
DisableConfigSystemSystem Restore will be configurable in the "System Properties" a.k.a. WIndows + Break
DisableSRSystemSystem Restore will be shown in the "System Properties" a.k.a Windows + Break
DisableMSISystemSet value for Windows Installer is enabled for all applications. All install operations are allowed
HiddenExplorerEnable "Show Hidden Files"
HideFileExtExplorerEnable "Always show extensions of Known File Types"
ShowSuperHiddenExplorerEnable "Show System Files"
DisallowCplExplorerThe system displays the icons of all Control Panel Item
DisallowRunExplorerUsers can run all installed Windows Programs
NoCloseExplorerShut Down appears on the Start Menu and in the Windows Security dialog box
NoControlPanelExplorerAllow to access Control Panel
NoDesktopExplorerShow Desktop Items
NoDrivesExplorerAll Drives will show
NoFindExplorerFind features operate normally
NoFolderOptionsExplorerAllow "Folder Options" in Windows Explorer will be accessible
NoLogOffExplorerShow "Log Off" on "Shut Down Windows" menu
NoRecentDocsMenuExplorerShow "My Recent Documents" and "Customize Start Menu" in the Start Menu
NoRunExplorerShow Run command
NoSetFoldersExplorerControl Panel, Printers, and Network and Dial-up connections can run
NoSetTaskBarExplorerUsers can use the Taskbar and Start Menu Properties dialog box
NoTrayContextMenuExplorerContext-sensitive menus appear when you right-click the taskbar or right-click items on the taskbar
CheckedValueExplorerThe values for Hidden files and Folders will be interchangeable
NoDriveAutoRunExplorerDisables AutoPlay on all kinds of Drives
NoDriveTypeAutoRunExplorerDisables Autorun on all kinds of Drives

ATTK fixes the policy by restoring the registry value to the default.

For example:

ATTK Detection Policy

Policy: Wuauserv Detects HKLM\SYSTEM\CurrentControlSet\Services\wuauserv Start=3

ATTK Detection Policy

After the fix, it should return to the default value, which is 2.

ATTK Detection Policy

Premium
Internal
Partner
評價:
分類:
Remove a Malware / Virus
解決方案ID:
000246139
評定這個解決方案
本文是否幫助解決您的問題?

感謝您的意見!

請留下您的Email方便進一步的聯繫,協助我們改進文章內容:
我們不會透過以上Email寄送任何可能騷擾您的垃圾信.

本意見調查系統為自動運作,將不會回覆如銷售、技術、產品等一般問題.

若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.