I haven't heard of it being able to hit on just a filename and not a location, but it would be an interesting enhancement to NAC to allow the agent to query a file indexing service of some sort on the local PC.
Thanks
Jim
Jim Thomas
Area Networks, Inc.
CCIE Security #16674
CCSP,CCNP,CCDP
[email protected] <mailto:[email protected]>
Office: 650-242-8050
Cell: 916-342-2265
From: Cisco Clean Access Users and Administrators
[mailto:[email protected]] On Behalf Of Shaun Pillé
Sent: Tuesday, March 17, 2009 11:23 AM
To: [email protected]
Subject: File Existance Check with Wildcards
I am trying to create a custom check in Clean Access to check for the existence
of a rootkit. The filename seems to be random, but it always starts with
gaopdx. Is it possible to use a wildcard in the filename so that CCA could
detect these files?
Check Category - File Check
Check Type - File Existence
Check Name - DNS_Changer_Rootkit
File Path - \System_32\ gaopdx *.dll
Operator - Does Not Exist
Thanks,
Shaun Pillé
Network Manager
Campus Technologies, LLC
[email protected]
<<image001.gif>>
<<image002.gif>>
<<image003.jpg>>
<<image004.jpg>>
<<image005.png>>
