Network Discovery and Malware Detection?
sometimes a beer in a pub is the best source for new ideas. I was meeting with a former HP colleague in a pub in Herrenberg (Google if you want to know where it is 🙂 and we were talking what we have been doing since we left HP. I was talking about JDisc and what we did within the last five years and he told me about a pretty interesting niche thing he was doing. He developed a cool tool called „PE Studio“ and you find it on http://winitor.com/.
PE Studio is static malware detection software that scans executables for „bad smells“. It detects anomalies and shows them in a user friendly manner. In addition to that, the tool can operate in a console mode where it generates a XML file containing the scan results.
So far so good :-). The idea that comes immediately into your mind is: If you can run the tool on one system, then you can also run the tool a automatically triggered by JDisc Discovery on all or a subset of all Windows computers that we are scanning. The result might be a security assessment where we scan computers and flag the security issues that arise…
What do you think about that? Would that be interesting? Do you think, your virus scan can do it all?
Looking forward receiving your feedback!