Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: Microsoft XP Change Analysis Diagnostic Tool



http://isc.sans.org/diary.html?storyid=2525

Microsoft XP Change Analysis Diagnostic Tool
Published: 2007-03-28,
Last Updated: 2007-03-28 04:07:49 UTC
by Scott Fendley (Version: 1)
Earlier today I came across a new tool that might be useful to InfoSec
professionals.  Though it is not a "security" tool, it can be used by
support people to help better understand the modifications that may have
occurred to a particular system.  Once installed the tool will scan the
computer looking for specific types of changes to the computer
including....

    * Software Programs which are listed in the Add/Remove Program
control panel
    * Operating System Components including Hotfixes or updates from
Microsoft Update
    * Browser Helper Objects and other COM components loaded in Internet
Explorer
    * Drivers
    * ActiveX Controls   and
    * Other Auto-Start Extensibility Points

It creates a nice little XML file that you can use for a variety of
purposes.

However in my testing on my laptop, I have found that some software
packages appear to make changes in more places then I even knew was
occurring. For example,  Symantec Antivirus Corporate Edition changes
the path to certain driver files with virus definition updates.  These
will be reported as:

    Changed from
"\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070326.020\navex15.sys" to
"\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070327.019\navex15.sys"

Adobe Acrobat apparently also makes regular modifications to the startup
folder for its Speed Launcher program.

Even with these items that may need to be ignored depending on the
support issue at hand, the tool may be very useful for determining what
end users may have done to their computer.  This eliminates the user's
need to accurately articulate the changes to you, if they actually admit
to changing something.  For more information on the tool, please see KB
Article 924732 at support.microsoft.com. 




 




Copyright © Lexa Software, 1996-2009.