Re: services running in windows domain (winXP clients)

From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 12/22/04

  • Next message: Mike Lyman: "Re: services running in windows domain (winXP clients)" 
    Date: Wed, 22 Dec 2004 12:01:34 -0800 (PST)
To: Christos Triantafyllidis <ctria@physics.auth.gr>, Haralambos Mavromatidis <Haralambos@msn.com>

    Christos,

    I'm not entirely sure what the issue is. There are
    several ways to go about this.

    One is to simply connect to the Registry of each
    machine and modify the settings for all services.
    Another is to have a startup script that checks the
    running services and disables all except for the ones
    you want.

    Hope that helps,

    Harlan

    --- Christos Triantafyllidis <ctria@physics.auth.gr>
    wrote:

    > Maybe it wasn't clear as i wrote it. What i want is
    > not to disable some
    > services. What i want is to allow only specific
    > services to run. To
    > apply software restriction i must know the name or
    > the hash of the
    > software i want to restrict. Today it is trojan A
    > tomorrow it may be
    > trojan B. if i there is a way to disable all
    > services except the ones
    > that i approve i would be protected against both A
    > and B trojan without
    > even know their name or hash or anything about them.
    >
    > (Trojans A and B are just examples)
    >
    > Christos Triantaffyllidis
    >

    > ATTACHMENT part 2 application/x-pkcs7-signature
    name=smime.p7s

    =====
    ------------------------------------------
    Harlan Carvey, CISSP
    "Windows Forensics and Incident Recovery"
    http://www.windows-ir.com
    http://windowsir.blogspot.com
    ------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Mike Lyman: "Re: services running in windows domain (winXP clients)"

    Relevant Pages

    • Re: services running in windows domain (winXP clients)
      ... Today it is trojan A tomorrow it may be ... > without even know their name or hash or anything about them. ... Software restriction policies work both in the "allow all but..." ...
      (Focus-Microsoft)
    • Re: services running in windows domain (winXP clients)
      ... apply software restriction i must know the name or the hash of the ... Today it is trojan A tomorrow it may be ... even know their name or hash or anything about them. ... Christos Triantaffyllidis ...
      (Focus-Microsoft)
    • Re: Nutty idea?
      ... I think I saw a description of at least one Trojan backdoor ... that disables the pop software firewalls as well. ... But the Trojan can defeat your heuristic detection ...
      (comp.security.firewalls)
    • Re: An exploit that is really a trojan!
      ... Hash: SHA1 ... > An exploit *supposedly* written by Michael Zalewski ... ... > trojan ... ...
      (comp.os.linux.security)
    • RE: Right Mouse Button Stopped Working
      ... Some where I saw an article regarding a Trojan that disables right mouse ... Considering you downloaded 10 programs, if any were share ware, any ... "Jeff S" wrote: ...
      (microsoft.public.windowsxp.general)