[unisog] Anyone using Active Directory to detect spyware/adware?

BACHAND, Dave (Info. Tech. Services) BachandD at easternct.edu
Tue Nov 2 20:35:20 GMT 2004


Don't think Active Directory is capable of controlling spyware in and of
itself.  The keys that you can use to prohibit specific DLLs are only
valid if they are launched from Explorer, which would seem unlikely.

The only thing I could think of would be if you set up a product like
spybot to run at startup or login, which you could easily do with AD.

Dave

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of andy at umbc.edu
Sent: Tuesday, November 02, 2004 2:10 PM
To: UNIversity Security Operations Group
Subject: [unisog] Anyone using Active Directory to detect
spyware/adware?

I realize that this question is rather broad, but I've been asked to see
if anyone is making use of Active Directory to detect and/or control
Windows spyware remotely (as opposed to running Spybot S&D or something
similar on each PC).

Any thoughts appreciated.


- Andy Johnston

------------------------------------------------------------------------
---
** Andy Johnston (andy at umbc.edu)         *
**
** IT Security                           *PGP key:(afj2002)
4096/8448B056**
** Office of Information Technology, UMBC* 4A B4 96 64 D9 B6 EF E3 21 9A
**
** 410-455-2583 (v)/410-455-1065 (f)     * 46 1A 37 11 F5 6C 84 48 B0 56
**
------------------------------------------------------------------------
---




_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list