TDS-3 : Make your own scan scenario

Discussion in 'Trojan Defence Suite' started by FanJ, Mar 20, 2005.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Did you know that you can make your own scan scenario ?

    By default TDS-3 comes with three pre-configured scan scenarios:
    Full System Scan
    Normal Scan
    Quick Scan

    It is all explained in the TDS-3 Helpfile.
    Several quotes from the Helpfile will follow.

    Topics in the Helpfile:
    System Testing
    Full System Scan
    Scan Lists

    How to do it:
    "TDS-3 allows you to create your own scan lists that are then easily accessible through the menu system. A newly created list will appear under the default lists included with TDS (after reloading). These scan lists reside in the TDS-3\Config\Scans\ directory and are very easy to create. Simply make a list of the scans that you want included, and save the file, making sure it has a .txt extension."
    "Scan lists are very useful, you can create new lists and they will appear after you next reload TDS-3. Another good example of a scan list is one that scans your downloaded files directory such as C:\Downloads."


    The scans that can be included are:
    System Files CRC32
    Memory Mutexes
    Memory Objects
    Live Process Files
    Live Process Memory Space
    Registry & File Traces
    Services & Drivers (NT\2K)
    Scan All Logical Drives
    Scan In directory
    Scan File filename


    The Helpfile gives several examples.

    OK, here are two examples by me:

    Example-1
    I make a text file.
    I put in it (what is shown between the lines):

    ==========
    Live Process Memory Space
    Live Process Files
    Memory Objects
    Memory Mutexes
    Registry & File Traces
    Autostart Programs
    System Files CRC32
    Scan In C:\
    ==========

    I name that file:
    C Scan.txt

    I put the file in the sub-directory of my TDS-3 directory: Config\Scans

    Example-2
    I make another text file.
    I put in it (what is shown between the lines):

    ==========
    Live Process Files
    Memory Objects
    Memory Mutexes
    Registry & File Traces
    Autostart Programs
    System Files CRC32
    Scan In D:\
    Scan In E:\
    Scan In F:\
    Scan In G:\
    ==========

    I name that file:
    D E F G Scan.txt

    I put the file in the sub-directory of my TDS-3 directory: Config\Scans
     
  2. FanJ

    FanJ Guest

    I reload TDS-3

    And I see that those two new scan scenarios are indeed now showing in the menu System Testing.

    See screenshot.
     

    Attached Files:

  3. FanJ

    FanJ Guest

    Well, maybe you would like to be sure that those scan lists are not changed without your knowledge.

    So put them in your crcfiles.txt
    The CRC32 test of TDS-3 will then check whether they are changed.

    I add these lines in my crcfiles.txt :

    %TDSDIR%\Config\Scans\C Scan.txt
    %TDSDIR%\Config\Scans\D E F G Scan.txt
     
  4. FanJ

    FanJ Guest

    Hmmm...

    I decide to rename those two new scan scenarios :D

    C Scan.txt renamed into : Jooske.txt
    D E F G Scan.txt renamed into : Pilli.txt

    Does the CRC32 test work?
    Sure, it let me know that the original files does not exist:

    [CRC32] File doesn't exist: C:\<deleted by me>\Config\Scans\C Scan.txt
    [CRC32] File doesn't exist: C:\<deleted by me>\Config\Scans\D E F G Scan.txt


    And how, after reloading TDS-3, looks my System Testing Menu like.... :D
     

    Attached Files:

  5. FanJ

    FanJ Guest

    OK, that's it.

    Maybe you knew already about it from the Helpfile, but I wanted to tell about it for those who didn't know it.

    Cheers, Jan.
     
  6. frogfoot

    frogfoot Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    116
    Location:
    Yeovil UK
    This has been a very usefull thread, one of my frustrations with TDS was whan performing a full systems scan the scan would halt after 5 mins or so with PG prompting that the Mutex file had changed. Now by simply putting the memory mutex scan at the top of the list, the prompt occurs at the start of the scan and not in the middle, allowing me to set a scan going and then leave the room.
    Thanks again
    Tom
     
Thread Status:
Not open for further replies.