I'm not entirely sure what the issue is. There are
several ways to go about this.
One is to simply connect to the Registry of each
machine and modify the settings for all services.
Another is to have a startup script that checks the
running services and disables all except for the ones
you want.
> Maybe it wasn't clear as i wrote it. What i want is
> not to disable some
> services. What i want is to allow only specific
> services to run. To
> apply software restriction i must know the name or
> the hash of the
> software i want to restrict. Today it is trojan A
> tomorrow it may be
> trojan B. if i there is a way to disable all
> services except the ones
> that i approve i would be protected against both A
> and B trojan without
> even know their name or hash or anything about them.
>
> (Trojans A and B are just examples)
>
> Christos Triantaffyllidis
>
> ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s
I'm not entirely sure what the issue is. There are
several ways to go about this.
One is to simply connect to the Registry of each
machine and modify the settings for all services.
Another is to have a startup script that checks the
running services and disables all except for the ones
you want.
Hope that helps,
Harlan
--- Christos Triantafyllidis <ctria (at) physics.auth (dot) gr [email concealed]>
wrote:
> Maybe it wasn't clear as i wrote it. What i want is
> not to disable some
> services. What i want is to allow only specific
> services to run. To
> apply software restriction i must know the name or
> the hash of the
> software i want to restrict. Today it is trojan A
> tomorrow it may be
> trojan B. if i there is a way to disable all
> services except the ones
> that i approve i would be protected against both A
> and B trojan without
> even know their name or hash or anything about them.
>
> (Trojans A and B are just examples)
>
> Christos Triantaffyllidis
>
> ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s
=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]