OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Chris Shutters (cshutterspolivec.com)
Date: Fri May 10 2002 - 12:25:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ObDisclaimer: I am the Chief Engineer for Polivec, Inc, so I may be a bit
    biased in my description of our product :-).

    > I will be performing a workstation audit on 300 W2k workstations
    > across the network. I need to scan to see: 1. If there are any
    > trojans running on these hosts. 2. Whether shares are activated
    > on these hosts. 3. Whether anti-virus is installed.

    Our company has a product that can provide much of the information you seek.

    Polivec Scanner is designed to perform remote audits of Windows {NT,2000,XP}
    systems. It retrieves information on a large number of security relevant
    parameters and presents them in an easy to understand format. It will also
    compare the retrieved settings against a specified security policy and flag
    those settings that are not in compliance. You can also use Scanner to
    change remote security settings!

    Polivec Scanner has been the primary tool used by our Professional Services
    team in performing audits of Windows systems for over a year.

    To specifically address your three points above:

    Scanner will not do item number one, as it is extremely difficult to
    maintain and update a comprehensive list of trojans in the wild. However,
    we could return a list of running processes and open network ports to look
    for suspicious processes... but we do not currently do so. I think I shall
    add a couple of requirements to the list for the next version of Scanner.
    The developers love me so...

    Scanner will do item two. It provides a full list of available shares on
    all audited systems.

    Scanner does not specifically do item three, but it does return information
    on all services running on the system. As most major anti-virus products
    today run as Windows services, this information should be sufficient to
    determine whether anti-virus software is running on the audited systems.

    Unfortunately, Polivec Scanner is not free, but a 15 day free trial is
    available. You can download it at http://polivec.com/polivecscanner.html.

    Cheers,

    Chris Shutters
    cshutterspolivec.com

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/