We help IT Professionals succeed at work.

Screen capturing

onlyamir007
onlyamir007 asked
on
290 Views
Last Modified: 2010-03-19
Hi guys,

I need little information is there anyway to find out my system administrator capturing my screen or not how can I find out in my pc I can see there “epolicy agent mcAfee” in my pc.

Comment
Watch Question

CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
One thing you can do to prevent this is to install a firewall software and do not allow any exception for outbound unless you permit it. :)
Sysinternals toos are great.

Process explorer is the best. When you right click each process you can quickly do a search for it on goole. Most time you'll get a good hit that describes wha the process actualy does. The newer version also let you see what strings the program has in memory (toidentify the program easier) as well as a nifty thread/file locks/ip connections lists. You'll be able to get a pretty good idea what a program is doing with all this info.

Another tool from sysinternals is TCPmon. This little tool will tell you exact what processes have what connections open. You can quickly see if a screen capture program is listening for connections from a system admin remote capture client or such.

On a serious note though the audit programs I have used in the past record screen file/keyboard/p2p/msn/icq activity locally when a connection back to the reporting server/client can't be established. Then when you conenct it downloads it. So the IP signatures aren't always obvious and disconnecting isn't always a guarrantee against spying.

Still if you that aranoid. Killing any process that doesn't show obvious signatures either via google or in strings etc, can't hurt. Most system critical processes run under the sysem account and can't be terminated, even by local administrators. Unfortuantely most spy programs do operate at this level to prevent you from killing them off.

To get around this you'll need to spawn a cmd shell under the local SYSTEM user. Easiest way is to get the latest resource kit for your OS and use the Instsrv.exe and srvany.exe to create a system service that runs a cmd.exe prompt. You can then run process explorer from this or any other tool to kill unwanted processes.

Rob

Commented:
epolicy agent mcAfee is for virus updates.

your system administrator can also look at all the network traffic that is going to and from your computer.  So screenshots are not the only thing to worry about.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.