Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: services running in windows domain (winXP clients)

from [Triantafyllidis Christos] Network Security [Permanent Link]
Subject: RE: services running in windows domain (winXP clients)
Date: Wed, 15 Dec 2004 20:12:05 +0200 (EET)
As far as I know trojans copies themselves in c:\windows or its subfolders. i don't think it is a good to set everyone - deny on c:\windows. :)

restricting execution means that i should know the trojans... (i don't know them all)

F-secure antivirus full updated didn't find the trojan.

Thanks for the help

Christos Triantafyllidis

On Wed, 15 Dec 2004, Burak Bayoglu wrote:

As far as I know, DCs only list the services on itself and allows to
configure the services policy for these ones. Another alternative is
that if you know the exact path where the executable of the trojan is
placed, you can use "File System" to give "everyone - deny" rights to
the file. You may need to create a dummy file on DC to configure thsi
setting. Or you can restrict the execution of this program using GP
again. As a result the service will not be run by the client next time.
As a better solution, you must use an effective anti-virus software to
protect against well known trojan and virus programs.


Burak BAYOGLU
TUBITAK UEKAE
Network Security
Senior Researcher
CISA, CISSP


-----Original Message-----
From: Christos Triantafyllidis [mailto:ctria@physics.auth.gr]
Sent: Thursday, December 09, 2004 11:41 PM
To: focus-ms@securityfocus.com
Subject: services running in windows domain (winXP clients)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is there any way to allow only specific services to run at win
XP clients through domain group policy?

The services rule in group policy allows configure only on the
specified services.

What if there is a Trojan (or any other unknown program for the
server group policy) that adds a service in windows xp? can we
possible disable all services except the ones we want to run?

Thanks,

Christos Triantafyllidis

- --
PGP key : http://tassadar.physics.auth.gr/~ctria/pgp_public_key.asc
MD5sum  : *b426d395137af5d2a42c88840e131a5e
pgp_public_key.asc* -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBuMYsJmvANO7gN+YRAnZZAJ9G8ucOM6jNAXXHrKyP2tx04iky3gCeLe90
/5QboRtTBNj5WOSr2xPyJHI=
=0QDX
-----END PGP SIGNATURE-----


----------------------------------------------------------------
-----------
----------------------------------------------------------------
-----------




---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: services running in windows domain (winXP clients), Mark Burnett
Next by Date:  Subdomain security, Oren Held
Previous by Thread:  Re: services running in windows domain (winXP clients), Ansgar -59cobalt- Wiechers
Next by Thread:  SV: services running in windows domain (winXP clients), Tevfik Karagulle
Indexes:  [Date] [Thread] [Top] [All Lists]