Hi, Not sure i got you 100% but what you are looking for might be Windows AppLocker or Software Restrictions? http://www.infoworld.com/d/security-central/application-whitelisting-in-wind ows-7-and-windows-server-2008-r2-845?source=fssr http://technet.microsoft.com/en-us/library/cc782792%28WS.10%29.aspx
Commercial products like Solidcore (McAfee App Control nowadays), Bit9 Parity, etc should provide similar functionality. I think you are right on SMS/SCCM, it seem to check for version and filename mainly. Can't see where it uses a hash. Daniel -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Douglas Sent: 20 March 2010 03:20 To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] File checker tool? I'm having a google fail moment... Is there a tool that will examine the md5/sha1 checksums of files and report if they're on a blacklist? Does such a thing exist for Windows Domains in enterprise sized environments? For instance, say you want to stop someone from installing autocad (no idea why I picked this... just first non-malware software example that popped in my head) on a workstation. You wouldn't use AV to prevent it from being installed... What tool would be the way to go about doing this? SMS/WSUS/whatever it's called now mainly uses filename as the ID right? Thanks for helping a *nix guy learn his way in a Windows world - Mick "Help me Obi-Wan Kenobi, you're my only hope" _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
