Re: Using CCA to detect P2P software

Sun, 10 May 2009 12:37:44 -0700

After some research I found the following registry keys to determine if a p2p app is installed Cain-Check, Registry Check [\HKEY_CURRENT_USER\Software\Cain\ exists ] Ares-Check, Registry Check [\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Ares\Ares.exe contains Ares.exe] Vuze-Check, Registry Check [\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Vuze\Vuze.exe contains Vuze.exe] btDNA-Check, Registry Check [\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\DNA\btdna.exe contains btdna.exe] BearShare-Check, Registry Check [\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\BearShare Applications\BearShare\BearShare.exe contains BearShare.exe] bittorrent-check, Registry Check [\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\BitTorrent\bittorrent.exe contains bittorrent.exe] Filetopia-Check, Registry Check [\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Filetopia3\Filetopia.exe contains Filetopia.exe] LimeWire-Check, Registry Check [\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\LimeWire\LimeWire.exe contains LimeWire.exe] Regards, Chris Perkins Consulting Engineer, Security INX, Inc. | Southwest Region Office: 505.256.9047 Fax: 505.256.9091 www.inxi.com 
Cain-Check, Registry Check [\HKEY_CURRENT_USER\Software\Cain\ exists ]
Ares-Check, Registry Check 
[\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
 Files\Ares\Ares.exe contains Ares.exe]
Vuze-Check, Registry Check 
[\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
 Files\Vuze\Vuze.exe contains Vuze.exe]
btDNA-Check, Registry Check 
[\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
 Files\DNA\btdna.exe contains btdna.exe]
BearShare-Check, Registry Check 
[\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
 Files\BearShare Applications\BearShare\BearShare.exe contains BearShare.exe]
bittorrent-check, Registry Check 
[\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
 Files\BitTorrent\bittorrent.exe contains bittorrent.exe]
Filetopia-Check, Registry Check 
[\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
 Files\Filetopia3\Filetopia.exe contains Filetopia.exe]
LimeWire-Check, Registry Check 
[\HKEY_LOCAL_MACHINE\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program
 Files\LimeWire\LimeWire.exe contains LimeWire.exe]

Reply via email to