RE: services running in windows domain (winXP clients)

From: Triantafyllidis Christos (ctria_at_physics.auth.gr)
Date: 12/15/04

  • Next message: Scott Mulcahy: "Corrupt Certificate information on local system"
    Date: Wed, 15 Dec 2004 20:12:05 +0200 (EET)
    To: Burak Bayoglu <bayoglu@uekae.tubitak.gov.tr>
    
    

    As far as I know trojans copies themselves in c:\windows or its
    subfolders. i don't think it is a good to set everyone - deny on
    c:\windows. :)

    restricting execution means that i should know the trojans... (i don't
    know them all)

    F-secure antivirus full updated didn't find the trojan.

    Thanks for the help

    Christos Triantafyllidis

    On Wed, 15 Dec 2004, Burak Bayoglu wrote:

    > As far as I know, DCs only list the services on itself and allows to
    > configure the services policy for these ones. Another alternative is
    > that if you know the exact path where the executable of the trojan is
    > placed, you can use "File System" to give "everyone - deny" rights to
    > the file. You may need to create a dummy file on DC to configure thsi
    > setting. Or you can restrict the execution of this program using GP
    > again. As a result the service will not be run by the client next time.
    > As a better solution, you must use an effective anti-virus software to
    > protect against well known trojan and virus programs.
    >
    >
    > Burak BAYOGLU
    > TUBITAK UEKAE
    > Network Security
    > Senior Researcher
    > CISA, CISSP
    >
    >
    > -----Original Message-----
    > From: Christos Triantafyllidis [mailto:ctria@physics.auth.gr]
    > Sent: Thursday, December 09, 2004 11:41 PM
    > To: focus-ms@securityfocus.com
    > Subject: services running in windows domain (winXP clients)
    >
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Is there any way to allow only specific services to run at win
    > XP clients through domain group policy?
    >
    > The services rule in group policy allows configure only on the
    > specified services.
    >
    > What if there is a Trojan (or any other unknown program for the
    > server group policy) that adds a service in windows xp? can we
    > possible disable all services except the ones we want to run?
    >
    > Thanks,
    >
    > Christos Triantafyllidis
    >
    > - --
    > PGP key : http://tassadar.physics.auth.gr/~ctria/pgp_public_key.asc
    > MD5sum : *b426d395137af5d2a42c88840e131a5e
    > pgp_public_key.asc* -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.2.6 (GNU/Linux)
    > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
    >
    > iD8DBQFBuMYsJmvANO7gN+YRAnZZAJ9G8ucOM6jNAXXHrKyP2tx04iky3gCeLe90
    > /5QboRtTBNj5WOSr2xPyJHI=
    > =0QDX
    > -----END PGP SIGNATURE-----
    >
    >
    > ----------------------------------------------------------------
    > -----------
    > ----------------------------------------------------------------
    > -----------
    >
    >
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Scott Mulcahy: "Corrupt Certificate information on local system"