ObDisclaimer: I am the Chief Engineer for Polivec, Inc, so I may be a bit biased in my description of our product :-). > I will be performing a workstation audit on 300 W2k workstations > across the network. I need to scan to see: 1. If there are any > trojans running on these hosts. 2. Whether shares are activated > on these hosts. 3. Whether anti-virus is installed. Our company has a product that can provide much of the information you seek. Polivec Scanner is designed to perform remote audits of Windows {NT,2000,XP} systems. It retrieves information on a large number of security relevant parameters and presents them in an easy to understand format. It will also compare the retrieved settings against a specified security policy and flag those settings that are not in compliance. You can also use Scanner to change remote security settings! Polivec Scanner has been the primary tool used by our Professional Services team in performing audits of Windows systems for over a year. To specifically address your three points above: Scanner will not do item number one, as it is extremely difficult to maintain and update a comprehensive list of trojans in the wild. However, we could return a list of running processes and open network ports to look for suspicious processes... but we do not currently do so. I think I shall add a couple of requirements to the list for the next version of Scanner. The developers love me so... Scanner will do item two. It provides a full list of available shares on all audited systems. Scanner does not specifically do item three, but it does return information on all services running on the system. As most major anti-virus products today run as Windows services, this information should be sufficient to determine whether anti-virus software is running on the audited systems. Unfortunately, Polivec Scanner is not free, but a 15 day free trial is available. You can download it at http://polivec.com/polivecscanner.html. Cheers, Chris Shutters cshuttersat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon May 13 2002 - 12:20:10 PDT