If you run or support Windows systems, you are missing a bet if you do not use the suite of Sysinternals tools by Mark Russinovich.
He just released a new version of a tool called Sigcheck. So simple! Sigcheck reports on the file version number, timestamp information, and digital signature details, including certificate chains. You can also check a file’s status on VirusTotal, and upload a file for scanning there. It runs at the command line and is a self-contained EXE, so it’s portable as soon as you get it.
How obvious a sanity check is this? Run this against the Windows directory and establish a baseline when you install fresh, or immediately pinpoint anything suspicious to investigate further should there be a possible compromise.
Another one of the easy things you can do to be sure you have a clean system.
Jacques
Ugh. Can’t I have an OS that’s secure do that for me?
David Frier
Put it in a scheduled task. Daily? Hourly?
Send the output to your logger.
Trigger on anomalies.
This is not advanced stuff anymore 🙂