RE: Application sniffer-next step

From: Rohit Dube (rohit_dube_at_intersolutions.stpn.soft.net)
Date: 10/05/04

  • Next message: Michael Marshall: "RE: MS ISA activeX Filtering"
    To: <focus-ms@securityfocus.com>
    Date: Tue, 5 Oct 2004 12:09:05 +0530
    
    
    

    SMS from Microsoft also offers dynamic creation of groups based on a SQL
    queries. These queries can be for either hardware configuration of the
    system, software configuration or a combination of both.
    Additionally, SMS can be used for uninstallation of programs as well.
    Thanks
    Rohit Dube
     - http://www.prasar.org - come join the cause of silicosis victims,help
    them get justice -

    -----Original Message-----
    From: Jordan Wiseman [mailto:Jordan_Wiseman@Valleymed.org]
    Sent: Friday, October 01, 2004 4:33 AM
    To: James Baird; Mark Acker; focus-ms@securityfocus.com
    Subject: RE: Application sniffer-next step

    Not a bad solution...however, not all programs are actually required to
    register themselves in the same place in the registry. Although best
    practice states that programs SHOULD use certain parts of the registry
    for certain information, there is no real enforcement of this within the
    OS. The best case scenario would be if every program (according to MS
    anyway) used the MSI framework to install. Then you have a central
    location to query and control all the installed software...but as we all
    know, not everyone uses MSI.

    As for a system that can automatically detect and respond to specific
    changes in the software environment; I know of one that I have actually
    used: Inuit's Track-It! Deploy
    (http://itsolutions.intuit.com/Deploy.asp). This is a commercial
    application unfortunately, but it can do what you require.

    TIDeploy is (at first glace) a software distribution system but it has a
    unique ability (in my experience with software push technology) in that
    you can create "dynamic groups" of workstations based on some common
    elements (software, hardware, etc) that the machines will ADD THEMSELVES
    TO on the fly. Basically, it can do this:

    1) you create group based on existence of "bad" software
    2) machine checks in with server and sees new group
    3) machine add self to group
    4) group configured to receive "removal" app
    5) "bad" app removed
    6) machine no longer qualified for new group and removes self

    Anyway, aside from that, you could author a script that reads in a list
    of "bad" software from a configuration file and searches the machines
    for its presence...not necessarily quick or elegant if there is a big
    list, but free and doable;)

    Jordan

    -----Original Message-----
    From: James Baird [mailto:jbaird@rollins.com]
    Sent: Monday, September 27, 2004 12:32 PM
    To: 'Mark Acker'; focus-ms@securityfocus.com
    Subject: RE: Application sniffer-next step

      Windows XP has a feature to restore a system to the "previous"
    configuration...

      A while ago, I was part of a team to look for a product to replace SMS
    in a rather large, distributed Windoze environment, and we stumbled on
    Marimba, which makes a claim to do as you requested in your note. Of
    course, Marimba is a commercial product, and using that method with XP
    would be hard to manage over a large distributed environment...

      I just had this thought...although it might take a great deal of
    testing...You may be able to lock down that portion of the registry that
    is required to register new programs on a system. Set permissions to
    read-only for those local users (assuming that they are not using the
    Administrator account to log on).

    jb

    -----Original Message-----
    From: Mark Acker [mailto:markacker@yahoo.com]
    Sent: Wednesday, September 22, 2004 10:20 PM
    To: focus-ms@securityfocus.com
    Subject: RE: Application sniffer-next step

    Is there a way to take one of these tools and go a step farther? Say
    for example, one has a corporate image and installing other software is
    "frowned upon."
     Could one take one tool or another, use it to discover that rogue apps
    are installed, then automatically uninstall it? Essentially, establish
    baseline-->audit-->remove unauthorized software.
    Come on Harlan, there has to be a Perl script out there, eh? ;)

    --- Dennis Bauer <dbauer@Mines.EDU> wrote:

    > Here is one that I have used it will report anything that is installed

    > on the machine.
    >
    >
    http://www.knowledgeleader.com/iafreewebsite.nsf/content/InternalAuditto
    olsa
    > ndresources?OpenDocument
    >
    > -----Original Message-----
    > From: Schalk van der Merwe
    > [mailto:Schalk.vanderMerwe@saoutsourcing.com]
    > Sent: Monday, September 20, 2004 10:14 AM
    > To: focus-ms@securityfocus.com
    > Subject: Application sniffer
    >
    > Dear All;
    >
    > I am looking for a tool that could scan a network and give a report on

    > installed applications. We have a large developer wing and the guys
    > are installing all sorts of applications on the PC. Does anyone know
    > of something that can do this?
    >
    >
    >
    > Kind Regards
    > Schalk vd Merwe
    >
    > SA Outsourcing Pty.(Ltd)
    > Work: 011 506 8600
    > Fax: 011 506 8666
    >
    >
    >
    > SA Outsourcing (PTY) LTD
    > For support email support@saoutsourcing.com or call
    > 0861 7877678.
    > Disclaimer: This message contains information that may be privileged
    > or confidential and is the property of the SA Outsourcing (PTY) LTD.
    > It is only intended for the person to whom it is addressed. If you are

    > not the intended recipient, you are not authorized to read, print,
    > retain, copy disseminate, distribute, or use this message or any part
    > thereof.
    > If you receive this
    > message in error,please notify the sender immediately and delete all
    > copies of this message.
    >
    >
    ------------------------------------------------------------------------

    ---
    >
    ------------------------------------------------------------------------
    ---
    > 
    > 
    > 
    > 
    > 
    > 
    >
    ------------------------------------------------------------------------
    ---
    >
    ------------------------------------------------------------------------
    ---
    > 
    > 
    	
    		
    __________________________________
    Do you Yahoo!?
    New and Improved Yahoo! Mail - 100MB free storage!
    http://promotions.yahoo.com/new_mail 
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ---
    DISCLAIMER: 
    This message is confidential, intended only for the named recipient(s)
    and may contain information that is privileged or exempt from disclosure
    under applicable law.  If you are not the intended recipient(s), you are
    notified that the dissemination, distribution or copying of this
    information is strictly prohibited.  If you received this message in
    error, please notify the sender then delete this message.
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    
    

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Michael Marshall: "RE: MS ISA activeX Filtering"

    Relevant Pages

    • Re: Cannot backup SCCM 2007
      ... Aborting the backup operation. ... Please verify if the account running the SMS Backup has previliges to connect to the registry of the sql machine. ... Installation RootDir = E:\PROGRAM FILES\MICROSOFT CONFIGURATION MANAGER. ...
      (microsoft.public.sms.admin)
    • Re: script for installing application
      ... > installing an application with SMS, where the script will be used for ... > entries will be added to the registry. ... SMS can notify the user before installation takes place out of the box. ...
      (microsoft.public.sms.admin)
    • Re: Extracting Application Data From Registry?
      ... to reconfigure all the applications. ... Installing them isn't so bad, ... configuration data from the registry and then insert it in the new ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Starp up sequence
      ... >> RunServicesOnce ... >> User Profile Startup Folder ... >> the programs specified in the Computer Configuration setting just before ... >> AppInit_DLLs Registry value. ...
      (microsoft.public.windowsxp.customize)
    • RE: SBS 2003 Premium Sharepoint Services 3.0 update with SQL 2005
      ... Please contact Microsoft Customer Support Services to obtain the hotfix. ... Technologies Configuration Wizard." ... Installing Windows SharePoint Services 3.0 on a Server Running Windows ...
      (microsoft.public.windows.server.sbs)