PaulDotCom mailing list archives

File checker tool?

From: k41zen at live.co.uk (k41zen)
Date: Sat, 20 Mar 2010 09:08:45 +0000

Mick,

Do you want to stop them installing apps or from executing apps already on a workstation like cmd.exe? If its the 
latter then what you're looking for is Microsoft Software Restriction Policies (SRP's) 
http://technet.microsoft.com/en-us/library/bb457006.aspx.

You can specify MD5 or SHA1. See clip:

"A hash rule is a cryptographic fingerprint that uniquely identifies a file regardless of where it is accessed or what 
it is named. An administrator may not want users to run a particular version of a program. This may be the case if the 
program has security or privacy bugs, or compromises system stability. With a hash rule, software can be renamed or 
moved into another location on a disk, but it will still match the hash rule because the rule is based on a 
cryptographic calculation involving file contents.
A hash rule consists of three pieces of data, separated by colons:

MD5 or SHA-1 hash value

File length

Hash algorithm ID"


Just so that this is balanced, HP sell a product called Appsense.

Personally after seeing both I'd go with option 1.

Regards,

k41zen
 

On 20 Mar 2010, at 03:20, Michael Douglas wrote:

I'm having a google fail moment...

Is there a tool that will examine the md5/sha1 checksums of files and
report if they're on a blacklist?  Does such a thing exist for Windows
Domains in enterprise sized environments?

For instance, say you want to stop someone from installing autocad (no
idea why I picked this... just first non-malware software example that
popped in my head) on a workstation.  You wouldn't use AV to prevent
it from being installed...

What tool would be the way to go about doing this?  SMS/WSUS/whatever
it's called now mainly uses filename as the ID right?


Thanks for helping a *nix guy learn his way in a Windows world
- Mick

"Help me Obi-Wan Kenobi, you're my only hope"
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100320/baad4e44/attachment.htm

Current thread:

File checker tool? Michael Douglas (Mar 19)
- File checker tool? Matt Nelson (Mar 19)
- File checker tool? k41zen (Mar 20)
- File checker tool? k41zen (Mar 20)
- File checker tool? Daniel (Mar 20)
- File checker tool? Jody & Jennifer McCluggage (Mar 20)
- <Possible follow-ups>
- File checker tool? Jorge A. Orchilles (Mar 21)