Find all Service that are not running under \System32 or the \Windows directory. For you environment you might need to add a few more exclusion for service such as AV, Exchange, MOM, etc. However be careful not to exclude too much as you may miss a Trojan or Virus hiding as a service within one of those directories.
SELECT v_GS_COMPUTER_SYSTEM.Name0 AS ‘PC Name’,
v_GS_COMPUTER_SYSTEM.UserName0 AS ‘User ID’,
v_GS_SERVICE.DisplayName0 AS ‘Service Name’,
v_GS_SERVICE.StartMode0 AS ‘Start Up’,
v_GS_SERVICE.StartName0 AS ‘Account’,
v_GS_SERVICE.State0 AS ‘State’,
v_GS_SERVICE.PathName0 as ‘Command line’
FROM v_GS_COMPUTER_SYSTEM v_GS_COMPUTER_SYSTEM,
v_GS_SERVICE v_GS_SERVICE
WHERE v_GS_SERVICE.ResourceID = v_GS_COMPUTER_SYSTEM.ResourceID
AND ((v_GS_SERVICE.PathName0 Not Like ‘%\System32%’) and (v_GS_SERVICE.PathName0 Not Like ‘%\Windows%’))
Recent Comments