NIS File Check Settings

I'm curious about other users settings for NIS File Check or other Integrity checkers.

I'm checking the following extensions: exe, dll, ocx, vxd, sys, bat, js, vbs, and com

Additionally, I have added all files for my Firewall, Anti-Virus and Anti-trojan software to the list.

What else is good to check?

 

Hi LF,

That looks great!
I must admit that I haven't put the js, vbs, com files in it. Might indeed be a good idea, thanks!
Putting all the files of your firewall, AV and AT, is also a good idea; something similar have I done too.

If you are using the HOSTS file, you might put it in also.
I guess that you have seen that you have the possibility to put yourself files in the database manually.
Files > Add a File ...  and then browse to that file.
(BTW: the HOSTS file is a file without extension, but when you put it in the database that is not any problem!).

 

I found the Add a file option, I sure wish there was a add a directory option.   I did a lot of file browsing today!     I think now I have a really good baseline for my machine.  

I'm trying to think of what other types of files could contain  worms/virus/trojans.  When I come up with more I'll post them here.


 

 

Yes, "Add a Directory" would be a good extension.  Another suggestion I might make is an "Exclude a Directory" option.  Right now, there are no real wild-card exclusion options along these lines.  I don't think it would be a good idea to have any default exclusions for directories (that would almost be begging for trouble), but I suspect that all of us, individually, could readily identify our own directories that we would not desire to waste time scanning.  

When you run primarily on file extensions, NIS File Check actually has to check every file physically present on your machine, at least to find out if it's 'included' or 'excluded'.  That takes a lot of time (especially on slower machines, like mine).  There's so much diversity in different individuals' setups, that it's hard to generalize as to whether this general check takes more or less time than does the breadth of authentication specified.

But, your configuration looks pretty good to me, also.

One question:  Do you run 'on demand' or have you scheduled NIS File Check to run when you're fairly certain you won't be using the machine?

 

Good idea, will add 'js', 'vbs' and 'com' extentions to the defaults settings.

Busy to change the extentions routine (now 'jse' will also add 'js')

Will also add a exclusions list and a option to add a directory.

Albert

 

don't forget .hta and .wsh.

If you have office, you can be crippled by .doc, .dot, .xls, .xlt, .mdb, .mde and many others, better add them too.

or better yet: check all file types.