Questions about the basic configuration of TDS-3

Discussion in 'Trojan Defence Suite' started by FanJ, Aug 7, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    I have started this thread for questions about the basic configuration of TDS-3 as described in this thread:


    http://www.wilderssecurity.com/showthread.php?t=2871
     
  2. Loki

    Loki Registered Member

    Joined:
    May 26, 2002
    Posts:
    193
    Location:
    Lake Worth, Florida, USA
    Hi FanJ,
    I love TDS3, but I have one question can you scan a network drive?
    Thanks :D :D :D
     
  3. FanJ

    FanJ Guest

    Hi Loki,

    Since I myself don't have a network, I guess it would be better to leave that question to one of the others (hope you don't mind).
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi, yes you can, "scan all logical drives" option; it won't scan other memories on the network.
    I don't mind double testing, so i have in the generic testing also the "anti-worm\hostile scripts" and sensitivity on highest, everything checked except the "scan NTSF".
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    http://www.wilderssecurity.com/showthread.php?t=105;start=0

    See also this thread and especially not to forget the configurationscript, msagent aided :) for a swinging basic configuration!
     
  6. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Loki, scanning network drives\paths is easy - just point TDS at \\server\share, or \\server\share\path, or \\server\share\path\file ... :)
    If you have the path mapped, then just point TDS at "T:\" (or whichever drive you mapped it to)

    Best regards,
    Wayne
     
  7. Loki

    Loki Registered Member

    Joined:
    May 26, 2002
    Posts:
    193
    Location:
    Lake Worth, Florida, USA
    Hi,
    Thanks everyone for the help, I had been thinking there was a way but had little time until now to see. Then saw the post and thought I would ask those who know. :D :D. I have TDS3 set to scan everything. But I still got some good ideas from the post. :D Thanks again.
    Long Live The King ( TDS3 ). :D :D :D :D.
     
  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    i still think all tds tutorials shold be done like fan j tought me simple quick easy and straght to the point.

    i love to see more stuff like that for us tds newbys.

    compare fan j tutorial to tds read me and you will see a big difrence fan j example to geting started as a newby is the way to go.

    im new to computer so seeing fan j explain it like that is truely great thx fan j
     
  9. FanJ

    FanJ Guest

    :D

    You're quite welcome, Blaze ! Thanks to you too !!!
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Loki,
    in the Helpfile, there is the "configuration" and "my first scan" among others, which give very good initial and advanced explanation to know why you make your choices. I also have it set to scan everything on highest sensitivity and all logical drives from the network. If it's there, i like to use it :)
     
  11. FanJ

    FanJ Guest

    O BTW, at the bottom of the first screenshot that I posted, you might see something like this:

    [CRC32] File doesn't exist: C:\WINDOWS\System\wsock32.dll

    Don't worry about that line !

    In case you might be interested in what has caused this:
    I have put that file wsock32.dll (together with a lot of other files) in my TDS3-CRC-file to warn me in case it might have been changed.
    I'm using a free utility called SockLock to protect my winsock somehow.
    And while using SockLock, the TDS3-CRC-feature tells me that wsock32.dll doesn't exist. But it really does exist; it's only that the TDS3-CRC-feature is not able to "read" that file when SockLock is enabled..
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Ah! sounds good Jan, any idea where i can look at that piece? Wasn't that mentioned in the general parts of the forum here or ..?
     
  13. FanJ

    FanJ Guest

  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Jan, that "doesn't excist" on my system is because it's located in other area and without SockLock gives the same line in testing the CRC.

    If the file is help open by for instance SL, any scanner will tell "can't open file" or thing like that. So if you still want that file be opened for scanning, you'll have to close the process keeping it open.
     
  15. motdaugrnds

    motdaugrnds Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    46
    Location:
    USA
    Hello. Thank you Fan for your thorough ad clearly presented post on configuring TDS-3.

    I am running Windows ME with IE6. I also have Zone Alarm and AVG anti-virus running all the time. Should I turn ZA and AVG off while running TDS-3?
     
  16. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    hi motdaugrnds,
    NEVER turn off your firewall
    Dolf
     
  17. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Not necessary to turn of anti-virus/anti-trojan scanners nor firewalls when running TDS, should all be compatible.
    TDS-3 scans on demand and your other scanner is probably resident, while ZA/ZAPro protects also your email and is your firewall, which TDS is not.
    TDS would pick up intrusions and portscans, it would pick up the ones on the ports you told TDS to listen on, but then still it is no firewall.
    I would recommend though not to run a full system scan at the same time your anti-virus/anti-trojan is occupied with a full scan as those are the most heavy processes which can ask quite a lot of resources, so keep those apart.
    So there is no need to close TDS either while scanning though all your system with the other scanners.
    A firewall you only close when you really need space and when not online and during installing software (virus scanners too, btw for the space, not on or off when not online.)
     
  18. motdaugrnds

    motdaugrnds Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    46
    Location:
    USA
    Hello and sure am glad I found this forum. (Love the blue aesthetics by the way.)

    I used Jan's configuration suggestions and then ran TDS-3 full scan. I have some questions about the findings:

    1. Kept getting [CRC32] - ALERT - File has changed: C:\Windows\system.ini (Can anyone tell me what that means?)

    2. In the "Full System Scan.txt" when seen via Notepad, it shows "Live Process Memory Space" as one of the items. However, in followign Jan's instructions (and because I'm running Windows ME), I had NOT checked the "Process Memory Sp-ace". (Can anyone explain that to me?)

    3. While doing the configurations, I was doing the "Server Configuration" portion. My ISP is gamewood.net but I still do not know what to put there. And I don't know what port to put there; and I do not know what address, etc. This whole portion of the configuration is confusing to me. I will ask my ISP (Gamewood Data Systems) Monday.
     
  19. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Mot:
    Welcome to TDS.

    Your question re Server configurations, is NOT needed, only if you plan on using TDS as an SMTP email sender. [You can send emails from TDS]

    Check out my configuration. You just put your ISP, etc. into the fields, and with Port 80 [web] like mine but using YOUR ISP's name, etc. then hit Test email and you should get an email from yourself.
     

    Attached Files:

  20. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Mot:
    2. In the "Full System Scan.txt" when seen via Notepad, it shows "Live Process Memory Space" as one of the items. However, in followign Jan's instructions (and because I'm running Windows ME), I had NOT checked the "Process Memory Sp-ace". (Can anyone explain that to me?)

    OK. This Process memory space scan takes some time on start-up [when TDS starts up. Also I do not have it configured to auto start on computer reboot, I do that manually after rebooting to save some time], so most leave it unchecked. It still does a Memory scan, but not the full list of Processes you are running at the time of start-up.

    You can manually select it yourself and see how long it takes.
    If you also select a "FUll Systenm scan" [as you should do at least once a week] it does the FULL scan of ALL process, etc. [go take a coffee break, usually about 7-15 minutes depending on your system]

    see pic re my settings. [NT platform]
     

    Attached Files:

  21. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    and again: sorry about getting them back to front.

    1. Kept getting [CRC32] - ALERT - File has changed: C:\Windows\system.ini (Can anyone tell me what that means?)


    OK. this means a configuration has changed something in your windows system.ini file [obviously] but as to what changes, is anybodys guess. What you could do is to open it in Notepad [it will do that] save a copy of it somewhere else other than it 'home' [maybe desktop] then if it happens again, reopen it and compare what was changed.

    Personally I could not exactly tell you, but I and virtually everybody else inhere gets them ocassionally. I simply ignore it, as it sometimes might come up after installing a security patch/hotfix, etc. or installing a program.

    If Wayne/Gavin/Jason get to view this thread after their break they could answer in depth about it.

    Cheers
     
  22. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    That's a great work you did Tassie_!
    I have all options checked, so my (manual, after Windows reboot finished) TDS startup scans take a little longer. For my Full system Scan it needs really more time, win98se is really not toooo quick and especially not on my system, as i have all logical drives from the network scanned and all there is in all the scan options and highest sensitivity and server/clients editors, all there is but the NTFS parts which normally don't run on win98se without specific drivers installed for that part.

    The system.ini would be after some installs, security patches or a trojan could have climbed in the system, but keep it in the first place to other installs. But i would scan to the deepest if i knew not to have installed or patched anything nor changed any settings in my configuration.
    And i would look at PE for anything strange happening realtime and in the TDS > System Analysis > Process Lists for anything i'm unfamiliar with, in the netstat and autostart.
    After updating the Radius you will get an alert for that too, which makes me happy.
     
  23. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    I also get the system.ini change pretty regular, but I am one of the lucky ones who knows why it is happening on their system. I am worse than a child when it comes to desktop themes and screensavers and constantly change them. Well, the screensaver is listed in that file, and I get the warning everytime I change.

    Haven't seen anyone mention that, so I will add that to the conversation just in case you(or anyone else) happens to change savers frequently. Just one possibility for the change.
     
  24. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Vet:

    Yes, that indeed does enlighten me. I just did a change, exited/restarted TDS and up it came.

    That would explain why I get it sometimes, when I have not installed a patch/program but have within the last couple of days prior, played around with desktop.

    thanks for the input. :)
     
  25. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    Hi Tassie_Devils,

    Glad to have been able to help.
     
Thread Status:
Not open for further replies.