Batch scripting "Scanreg.exe" on W2K platform
From: Iheagwara, Charles (ciheagwara@finsys.com)Date: 10/03/01
- Previous message: netsecurity: ""Another" Newbie IDS Question"
- Next in thread: Greg Shipley: "Re: Batch scripting "Scanreg.exe" on W2K platform"
- Reply: Greg Shipley: "Re: Batch scripting "Scanreg.exe" on W2K platform"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <E5B3448D642AD311A5F0009027848F76875209@MAIL> From: "Iheagwara, Charles" <ciheagwara@finsys.com> To: "'FOCUS-IDS@SECURITYFOCUS.COM'" <FOCUS-IDS@SECURITYFOCUS.COM> Subject: Batch scripting "Scanreg.exe" on W2K platform Date: Wed, 3 Oct 2001 08:31:19 -0400
Ladies and Gentlemen:
I want to come up with a batch script using "Scanreg.exe" that can search for any strings or rogue files that are left in the registry after an
attack. The two possibilities I have considered include
1. Coming up with a script that can detect strings that don't match the registry. For example, in the script below I am searching for a specific
string "windows"
scanreg /s windows /r \lm /kvde
Pause
scanreg /s windows /r \cu /kvde
pause
scanreg /s windows /r \cr /kvde
pause
scanreg /s windows /r \us /kvde
pause
But in a Web production environment where the registry is constantly changing, this becomes a problem. It seems then that only a script that can
identify any string or filename that is incompatible with the registry will work.
2. Coming up with a script that will compare two registries: one standard, the other rogue. The problem here is how do I generate any of these
scripts.
Please help.
Thanks.
Charles
- Previous message: netsecurity: ""Another" Newbie IDS Question"
- Next in thread: Greg Shipley: "Re: Batch scripting "Scanreg.exe" on W2K platform"
- Reply: Greg Shipley: "Re: Batch scripting "Scanreg.exe" on W2K platform"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
