I have recently found a rootkit on my computer through AVG and am wondering how to get this thing off. I tried to get AVG to delete it but it said it cannot. I heard you can re-install windows vista and also restore default settings but I am not sure if that deletes everything and I'll have to get...

In our URLScan logs we get the following quite a bit - - - - - - - - - - - - - - - - - - - - - - - - #Software: Microsoft UrlScan 3.0 #Version: 1.0 #Date: 2008-09-04 01:01:20 - - - - - - - - - - - - - - - - - - - - - - - - Does anyone know if this means that UrlScan is recycling and we have a period...

Doing some testing, currently, and running into some issues with this. We've got a couple cases where things like 'cast' or 'open' are appropriate for our webpages. I've setup an AlwaysAllowedQueryStrings section: [AlwaysAllowedQueryStrings] branch=Openshaw branch=Newcastle+upon...

Hi Zhao, Thank you for your reply. I now understand how [AlwaysAllowedUrls] works and where the query string check is still performed on the allowed Urls. To clarify, here is what I would like to achieve. For instance, I would like the following 'url+query string' to be valid: http://www.domain...

I would like to allow a search page to accept all text in the query string. To do this I added the result page to the [AlwaysAllowedUrls]. One thing that is ambiguous from the documentation is if the [AlwaysAllowedUrls] settings also bypasses the custom rules and if the pages listed in [AlwaysAllowedUrls...

You need to capture the 'extensionless' requests by adding the . extension to the ApplliesTo section: [SQL Injection Raw] AppliesTo=.asp,.aspx ,. Yves

Rovastar, I can confirm that the workaround that KentZhou posted works. I have included below the contents of the RuleList section in the UrlScan.ini as I have it in my test box. After changing the rule though I issued an iisreset /restart command before I tested so the UrlScan.ini's settings were...