Dismiss this notice
Avast Premier Photo Caption - [Only registered and activated users can see links Click here to register]

Dismiss this notice
FastestVPN Accounts Giveaway - [Only registered and activated users can see links Click here to register]


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Microsoft recommended block rules
#1
Lightbulb 
Quote:
[Image: RE1Mu3b?ver=5c31]

Applies to

Windows 10
Windows Server 2016

Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control.

Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application whitelisting policies, including Windows Defender Application Control:

addinprocess.exe
addinprocess32.exe
addinutil.exe
bash.exe
bginfo.exe[1]
cdb.exe
csi.exe
dbghost.exe
dbgsvc.exe
dnx.exe
fsi.exe
fsiAnyCpu.exe
kd.exe
ntkd.exe
lxssmanager.dll
msbuild.exe[2]
mshta.exe
ntsd.exe
rcsi.exe
system.management.automation.dll
windbg.exe
wmic.exe

[1]A vulnerability in bginfo.exe has been fixed in the latest version 4.22. If you use BGInfo, for security, make sure to download and run the latest version here BGInfo 4.22. Note that BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.

[2]If you are using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you whitelist msbuild.exe in your code integrity policies. However, if your reference system is an end user device that is not being used in a development context, we recommend that you block msbuild.exe.

*Microsoft recognizes the efforts of those in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people:
[Only registered and activated users can see links Click here to register]
[-] The following 2 users Like harlan4096's post:
  • JM Safe, silversurfer
Reply
#2
That is a very good and useful article because blocking vulnerable applications and processes that can be used to make security attacks can significantly increase the security and reliability of a system. Thanks for the share harlan.
[-] The following 2 users Like JM Safe's post:
  • harlan4096, silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
Two years later, hackers are still breac...
Two years after ha...Toligo — 18:01
360 Total Security 10.6.0.1210
360 Total Security...harlan4096 — 15:34
Apple Officially Releases iOS 13 for iPh...
Apple has official...silversurfer — 11:21
These Are All Samsung Phones Getting And...
According to a lis...silversurfer — 11:17
Windows 10 With Chinese IME Installed C...
Microsoft Says the L...silversurfer — 11:12

[-]
Birthdays
Today's Birthdays
avatar (32)RicardoGoase
Upcoming Birthdays
avatar (32)fapedDow
avatar (42)pohudidere
avatar (32)eqiduseb
avatar (34)maskbSleew

[-]
Online Staff
There are no staff members currently online.

>