[unisog] Anyone using Active Directory to detect spyware/adware?

Butler, Kevin D butlerkevind at uams.edu
Wed Nov 3 03:07:26 GMT 2004


The only use of AD for spyware control we have had success with has been with Server 2k3/WinXPPro Software Restrictions policies. The policy restrictions work well, but the only problem is that we can only block those exe's, reg keys, and folders that our techs have identified as spyware. We also leverage Spybot and Adaware logs to help in this as well. Of course, the downside is that someone (ME!) has to type all this into the policy, so I am quite sure that there is a lot we are missing. Also, the Software Restrictions Policy only works under Server 2k3/WinXPPro. There isn't any love for 2k, though it would be nice if Micro$oft added it to SP5, if and when it shows up on the radar. Hope this helps some. If you would like to get a copy of our policy, drop me a line direct to my email

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of andy at umbc.edu
Sent: Tuesday, November 02, 2004 2:10 PM
To: UNIversity Security Operations Group
Subject: [unisog] Anyone using Active Directory to detect
spyware/adware?

I realize that this question is rather broad, but I've been asked to see
if anyone is making use of Active Directory to detect and/or control
Windows spyware remotely (as opposed to running Spybot S&D or something
similar on each PC).

Any thoughts appreciated.


- Andy Johnston

------------------------------------------------------------------------
---
** Andy Johnston (andy at umbc.edu)         *
**
** IT Security                           *PGP key:(afj2002)
4096/8448B056**
** Office of Information Technology, UMBC* 4A B4 96 64 D9 B6 EF E3 21 9A
**
** 410-455-2583 (v)/410-455-1065 (f)     * 46 1A 37 11 F5 6C 84 48 B0 56
**
------------------------------------------------------------------------
---




_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 5141 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20041102/476f0a08/attachment-0002.bin


More information about the unisog mailing list