Thursday, August 7, 2008

[THIN] Re: Off topic: Make custom virus def

Hmm, that does make it more of a challenge doesn't it ;). When you say there are no DC's under your control, does that mean you don't have windows level administrative access to the machine in question?

I can't say much for Trend AV options, but the other ideas I have for trying to tackle this one...

Trust-no-Exe = http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm (pretty sure Jim K. linked this to the list a while back)

Or, another option on the software policy restrictions idea, would be using PSexec - http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx, to remotely run and configure gpedit.msc on the workstation, and setup software restriction policies that way.

But of course if you don't have administrative rights to the machine in question, both of these options are not gonna get you too far. . .

Good luck,

Lan



On Thu, Aug 7, 2008 at 2:20 PM, Greg Reese <gareese@gmail.com> wrote:
unfortunately that is not an option for me at the moment.  There are no domain controllers under my control.  We're converting networks from the old company to the new company.  I can't make any GPO changes until we're done converting.  But I do control the AV server which is why I am looking there first.


On Thu, Aug 7, 2008 at 4:11 PM, TSguy92 Lan <tsguy92@gmail.com> wrote:
Hi Greg,

Perhaps taking a look at setting up software restriction policies on the workstation may help with this.

http://technet.microsoft.com/en-us/library/bb457006.aspx

HTH

Lan



On Thu, Aug 7, 2008 at 1:49 PM, Greg Reese <gareese@gmail.com> wrote:
Sorry for the off topic.  I am trying to find a way to define a specific exe as a virus.  Does anyone know how to do this with Trend OfficeScan?

Seems like this should be possible.

I have a user loading a game from a thumb drive.  I want to define it as a virus to keep it off the computer and kill it from their thumb drive.

any ideas are greatly appreciated.

Thanks!

Greg



No comments: