NIS File Check Settings

Discussion in 'NIS File Check Forum' started by Liquid_Fish, Mar 6, 2002.

Thread Status:
Not open for further replies.
  1. Liquid_Fish

    Liquid_Fish Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    81
    I'm curious about other users settings for NIS File Check or other Integrity checkers.

    I'm checking the following extensions: exe, dll, ocx, vxd, sys, bat, js, vbs, and com

    Additionally, I have added all files for my Firewall, Anti-Virus and Anti-trojan software to the list.

    What else is good to check?
     
  2. FanJ

    FanJ Guest

    Hi LF,

    That looks great!
    I must admit that I haven't put the js, vbs, com files in it. Might indeed be a good idea, thanks!
    Putting all the files of your firewall, AV and AT, is also a good idea; something similar have I done too.

    If you are using the HOSTS file, you might put it in also.
    I guess that you have seen that you have the possibility to put yourself files in the database manually.
    Files > Add a File ...  and then browse to that file.
    (BTW: the HOSTS file is a file without extension, but when you put it in the database that is not any problem!).
     
  3. Liquid_Fish

    Liquid_Fish Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    81
    I found the Add a file option, I sure wish there was a add a directory option.   I did a lot of file browsing today!     I think now I have a really good baseline for my machine.  

    I'm trying to think of what other types of files could contain  worms/virus/trojans.  When I come up with more I'll post them here.


     
     
  4. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Yes, "Add a Directory" would be a good extension.  Another suggestion I might make is an "Exclude a Directory" option.  Right now, there are no real wild-card exclusion options along these lines.  I don't think it would be a good idea to have any default exclusions for directories (that would almost be begging for trouble), but I suspect that all of us, individually, could readily identify our own directories that we would not desire to waste time scanning.  

    When you run primarily on file extensions, NIS File Check actually has to check every file physically present on your machine, at least to find out if it's 'included' or 'excluded'.  That takes a lot of time (especially on slower machines, like mine).  There's so much diversity in different individuals' setups, that it's hard to generalize as to whether this general check takes more or less time than does the breadth of authentication specified.

    But, your configuration looks pretty good to me, also.

    One question:  Do you run 'on demand' or have you scheduled NIS File Check to run when you're fairly certain you won't be using the machine?
     
  5. albjan

    albjan Security Expert

    Joined:
    Feb 14, 2002
    Posts:
    7
    Location:
    Nijmegen
    Good idea, will add 'js', 'vbs' and 'com' extentions to the defaults settings.

    Busy to change the extentions routine (now 'jse' will also add 'js')

    Will also add a exclusions list and a option to add a directory.

    Albert
     
  6. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    don't forget .hta and .wsh.

    If you have office, you can be crippled by .doc, .dot, .xls, .xlt, .mdb, .mde and many others, better add them too.

    or better yet: check all file types.
     
Thread Status:
Not open for further replies.