Penetration Testing mailing list archives
RE: Determining Trojans, File & Print Sharing, Services running remotely on W2K
From: "Chris Shutters" <cshutters () polivec com>
Date: Fri, 10 May 2002 11:25:37 -0600
ObDisclaimer: I am the Chief Engineer for Polivec, Inc, so I may be a bit biased in my description of our product :-).
I will be performing a workstation audit on 300 W2k workstations across the network. I need to scan to see: 1. If there are any trojans running on these hosts. 2. Whether shares are activated on these hosts. 3. Whether anti-virus is installed.
Our company has a product that can provide much of the information you seek. Polivec Scanner is designed to perform remote audits of Windows {NT,2000,XP} systems. It retrieves information on a large number of security relevant parameters and presents them in an easy to understand format. It will also compare the retrieved settings against a specified security policy and flag those settings that are not in compliance. You can also use Scanner to change remote security settings! Polivec Scanner has been the primary tool used by our Professional Services team in performing audits of Windows systems for over a year. To specifically address your three points above: Scanner will not do item number one, as it is extremely difficult to maintain and update a comprehensive list of trojans in the wild. However, we could return a list of running processes and open network ports to look for suspicious processes... but we do not currently do so. I think I shall add a couple of requirements to the list for the next version of Scanner. The developers love me so... Scanner will do item two. It provides a full list of available shares on all audited systems. Scanner does not specifically do item three, but it does return information on all services running on the system. As most major anti-virus products today run as Windows services, this information should be sufficient to determine whether anti-virus software is running on the audited systems. Unfortunately, Polivec Scanner is not free, but a 15 day free trial is available. You can download it at http://polivec.com/polivecscanner.html. Cheers, Chris Shutters cshutters () polivec com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Determining Trojans, File & Print Sharing, Services running remotely on W2K Jason (May 10)
- RE: Determining Trojans, File & Print Sharing, Services running remotely on W2K Chris Shutters (May 13)
- Re: Determining Trojans, File & Print Sharing, Services running remotely on W2K Eric (May 13)