RE: Application sniffer-next step
From: James Baird (jbaird_at_rollins.com)
Date: 09/27/04
- Previous message: Thor: "Re: Items within XP SP2 and Win2003"
- Maybe in reply to: Mark Acker: "RE: Application sniffer-next step"
- Next in thread: Chris_Campbell_at_fpl.com: "Re: Application sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: 'Mark Acker' <markacker@yahoo.com>, focus-ms@securityfocus.com Date: Mon, 27 Sep 2004 15:32:06 -0400
Windows XP has a feature to restore a system to the "previous"
configuration...
A while ago, I was part of a team to look for a product to replace SMS in
a rather large, distributed Windoze environment, and we stumbled on Marimba,
which makes a claim to do as you requested in your note. Of course, Marimba
is a commercial product, and using that method with XP would be hard to
manage over a large distributed environment...
I just had this thought...although it might take a great deal of
testing...You may be able to lock down that portion of the registry that is
required to register new programs on a system. Set permissions to read-only
for those local users (assuming that they are not using the Administrator
account to log on).
jb
-----Original Message-----
From: Mark Acker [mailto:markacker@yahoo.com]
Sent: Wednesday, September 22, 2004 10:20 PM
To: focus-ms@securityfocus.com
Subject: RE: Application sniffer-next step
Is there a way to take one of these tools and go a step farther? Say for
example, one has a corporate image and installing other software is "frowned
upon."
Could one take one tool or another, use it to discover that rogue apps are
installed, then automatically uninstall it? Essentially, establish
baseline-->audit-->remove unauthorized software.
Come on Harlan, there has to be a Perl script out there, eh? ;)
--- Dennis Bauer <dbauer@Mines.EDU> wrote:
> Here is one that I have used it will report anything that is installed
> on the machine.
>
>
http://www.knowledgeleader.com/iafreewebsite.nsf/content/InternalAudittoolsa
> ndresources?OpenDocument
>
> -----Original Message-----
> From: Schalk van der Merwe
> [mailto:Schalk.vanderMerwe@saoutsourcing.com]
> Sent: Monday, September 20, 2004 10:14 AM
> To: focus-ms@securityfocus.com
> Subject: Application sniffer
>
> Dear All;
>
> I am looking for a tool that could scan a network and give a report on
> installed applications. We have a large developer wing and the guys
> are installing all sorts of applications on the PC. Does anyone know
> of something that can do this?
>
>
>
> Kind Regards
> Schalk vd Merwe
>
> SA Outsourcing Pty.(Ltd)
> Work: 011 506 8600
> Fax: 011 506 8666
>
>
>
> SA Outsourcing (PTY) LTD
> For support email support@saoutsourcing.com or call
> 0861 7877678.
> Disclaimer: This message contains information that
> may be privileged or
> confidential and is the property of the SA
> Outsourcing (PTY) LTD. It is only
> intended for the person to whom it is addressed. If
> you are not the intended
> recipient, you are not authorized to read, print,
> retain, copy disseminate,
> distribute, or use this message or any part thereof.
> If you receive this
> message in error,please notify the sender
> immediately and delete all copies
> of this message.
>
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
>
>
>
>
>
>
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
>
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Thor: "Re: Items within XP SP2 and Win2003"
- Maybe in reply to: Mark Acker: "RE: Application sniffer-next step"
- Next in thread: Chris_Campbell_at_fpl.com: "Re: Application sniffer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
