File checker tool?

[Daniel at virturity.com (Daniel)]

Hi,

Not sure i got you 100% but what you are looking for might be Windows
AppLocker or Software Restrictions?
http://www.infoworld.com/d/security-central/application-whitelisting-in-wind
ows-7-and-windows-server-2008-r2-845?source=fssr
http://technet.microsoft.com/en-us/library/cc782792%28WS.10%29.aspx

Commercial products like Solidcore (McAfee App Control nowadays), Bit9
Parity, etc should provide similar functionality.
I think you are right on SMS/SCCM, it seem to check for version and filename
mainly. Can't see where it uses a hash.

Daniel



-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Michael Douglas
Sent: 20 March 2010 03:20
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] File checker tool?

I'm having a google fail moment...

Is there a tool that will examine the md5/sha1 checksums of files and
report if they're on a blacklist?  Does such a thing exist for Windows
Domains in enterprise sized environments?

For instance, say you want to stop someone from installing autocad (no
idea why I picked this... just first non-malware software example that
popped in my head) on a workstation.  You wouldn't use AV to prevent
it from being installed...

What tool would be the way to go about doing this?  SMS/WSUS/whatever
it's called now mainly uses filename as the ID right?


Thanks for helping a *nix guy learn his way in a Windows world
- Mick

"Help me Obi-Wan Kenobi, you're my only hope"
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com