RE: services running in windows domain (winXP clients)
From: Triantafyllidis Christos (ctria_at_physics.auth.gr)
Date: 12/15/04
- Previous message: Mark Burnett: "RE: services running in windows domain (winXP clients)"
- In reply to: Burak Bayoglu: "RE: services running in windows domain (winXP clients)"
- Next in thread: Tevfik Karagulle: "SV: services running in windows domain (winXP clients)"
- Reply: Tevfik Karagulle: "SV: services running in windows domain (winXP clients)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Dec 2004 20:12:05 +0200 (EET) To: Burak Bayoglu <bayoglu@uekae.tubitak.gov.tr>
As far as I know trojans copies themselves in c:\windows or its
subfolders. i don't think it is a good to set everyone - deny on
c:\windows. :)
restricting execution means that i should know the trojans... (i don't
know them all)
F-secure antivirus full updated didn't find the trojan.
Thanks for the help
Christos Triantafyllidis
On Wed, 15 Dec 2004, Burak Bayoglu wrote:
> As far as I know, DCs only list the services on itself and allows to
> configure the services policy for these ones. Another alternative is
> that if you know the exact path where the executable of the trojan is
> placed, you can use "File System" to give "everyone - deny" rights to
> the file. You may need to create a dummy file on DC to configure thsi
> setting. Or you can restrict the execution of this program using GP
> again. As a result the service will not be run by the client next time.
> As a better solution, you must use an effective anti-virus software to
> protect against well known trojan and virus programs.
>
>
> Burak BAYOGLU
> TUBITAK UEKAE
> Network Security
> Senior Researcher
> CISA, CISSP
>
>
> -----Original Message-----
> From: Christos Triantafyllidis [mailto:ctria@physics.auth.gr]
> Sent: Thursday, December 09, 2004 11:41 PM
> To: focus-ms@securityfocus.com
> Subject: services running in windows domain (winXP clients)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Is there any way to allow only specific services to run at win
> XP clients through domain group policy?
>
> The services rule in group policy allows configure only on the
> specified services.
>
> What if there is a Trojan (or any other unknown program for the
> server group policy) that adds a service in windows xp? can we
> possible disable all services except the ones we want to run?
>
> Thanks,
>
> Christos Triantafyllidis
>
> - --
> PGP key : http://tassadar.physics.auth.gr/~ctria/pgp_public_key.asc
> MD5sum : *b426d395137af5d2a42c88840e131a5e
> pgp_public_key.asc* -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBuMYsJmvANO7gN+YRAnZZAJ9G8ucOM6jNAXXHrKyP2tx04iky3gCeLe90
> /5QboRtTBNj5WOSr2xPyJHI=
> =0QDX
> -----END PGP SIGNATURE-----
>
>
> ----------------------------------------------------------------
> -----------
> ----------------------------------------------------------------
> -----------
>
>
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Mark Burnett: "RE: services running in windows domain (winXP clients)"
- In reply to: Burak Bayoglu: "RE: services running in windows domain (winXP clients)"
- Next in thread: Tevfik Karagulle: "SV: services running in windows domain (winXP clients)"
- Reply: Tevfik Karagulle: "SV: services running in windows domain (winXP clients)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
