RE: Determining Trojans, File & Print Sharing, Services running remotely on W2K

From: Chris Shutters (cshutters@polivec.com)
Date: Fri May 10 2002 - 13:25:37 EDT

• Next message: CMichal@oracular.com: "Serial Connection Password Cracker."
• Previous message: Jens Knoell: "Info about ConcentricHost...?"
• In reply to: Jason: "Determining Trojans, File & Print Sharing, Services running remotely on W2K"
• Next in thread: Eric: "Re: Determining Trojans, File & Print Sharing, Services running remotely on W2K"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

ObDisclaimer: I am the Chief Engineer for Polivec, Inc, so I may be a bit
biased in my description of our product :-).

> I will be performing a workstation audit on 300 W2k workstations
> across the network. I need to scan to see: 1. If there are any
> trojans running on these hosts. 2. Whether shares are activated
> on these hosts. 3. Whether anti-virus is installed.

Our company has a product that can provide much of the information you seek.

Polivec Scanner is designed to perform remote audits of Windows {NT,2000,XP}
systems. It retrieves information on a large number of security relevant
parameters and presents them in an easy to understand format. It will also
compare the retrieved settings against a specified security policy and flag
those settings that are not in compliance. You can also use Scanner to
change remote security settings!

Polivec Scanner has been the primary tool used by our Professional Services
team in performing audits of Windows systems for over a year.

To specifically address your three points above:

Scanner will not do item number one, as it is extremely difficult to
maintain and update a comprehensive list of trojans in the wild. However,
we could return a list of running processes and open network ports to look
for suspicious processes... but we do not currently do so. I think I shall
add a couple of requirements to the list for the next version of Scanner.
The developers love me so...

Scanner will do item two. It provides a full list of available shares on
all audited systems.

Scanner does not specifically do item three, but it does return information
on all services running on the system. As most major anti-virus products
today run as Windows services, this information should be sufficient to
determine whether anti-virus software is running on the audited systems.

Unfortunately, Polivec Scanner is not free, but a 15 day free trial is
available. You can download it at http://polivec.com/polivecscanner.html.

Cheers,

Chris Shutters
cshutters@polivec.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: CMichal@oracular.com: "Serial Connection Password Cracker."
• Previous message: Jens Knoell: "Info about ConcentricHost...?"
• In reply to: Jason: "Determining Trojans, File & Print Sharing, Services running remotely on W2K"
• Next in thread: Eric: "Re: Determining Trojans, File & Print Sharing, Services running remotely on W2K"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:21 EDT