BEST OF THE WEB

Microsoft Sysmon 14 Blocks the Creation of Malicious Executables

Microsoft’s latest Sysmon 14 provides a unique security feature that helps users block the creation of malicious executables.

Sysmon or System Monitor is a free Microsoft Sysinternals tool that can monitor systems for malicious activity and log events in the Windows Event Log.

The feature known as “FileBlockExecutable,” designed for system administrators, allows them to block the creation of executable files based on various data criteria such as the file path, whether they match certain hashes or are deleted from certain executable files.

The current Sysmon schema, which includes the ‘FileBlockExecutables’ configuration, is version 4.82. To prevent Microsoft Office applications from creating new executables, users are advised to check Olaf Hartong’s writeup on the latest version of Sysmon.

The writeup identify the rule needed to block executables. Users will need to execute the sysmon – 1 command and pass the configuration file’s name. Once started, Sysmon installs its driver and starts quietly gathering data in the background.

It is important to note that the security feature is not 100 per cent secure, as it has already been bypassed by security expert Adam Chester, so users are advised not to rely on it as their only protection.

To see how to use instructions to block malware, administrators can read the premade Sysmon configuration files from Florian Roth and SwiftOnSecurity.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web