Your browser is obsolete!

The page may not load correctly.

Configure it!

Настрой-ка!

Other issues in this category (40)
  • add to favourites
    Add to Bookmarks

To delete or not to delete

Read: 20614 Comments: 9 Rating: 16

Thursday, June 6, 2019

We’ve often mentioned the fact that any operating system is packed with a huge number of applications that most people don't need. An entire array of utilities gets installed by default alongside an operating system, even though users never open them. Meanwhile, attackers often put these applications to good use.

Microsoft compiled and published an entire list of legitimate applications that can be misused by intruders.

According to Microsoft, the applications listed below should be blocked (unless you use them): addinprocess.exe addinprocess32.exe addinutil.exe bash.exe bginfo.exe cdb.exe csi.exe dbghost.exe dbgsvc.exe dnx.exe fsi.exe fsiAnyCpu.exe kd.exe ntkd.exe lxssmanager.dll msbuild.exe mshta.exe ntsd.exe rcsi.exe system.management.automation.dll windbg.exe wmic.exe

Source

This list concerns Windows 10 and Windows Server 2016.

Understandably, most of us don't need programs like kd.exe, which is used to analyse memory dumps, or the debugger windbg.exe to perform daily tasks. So let's start blocking access to those applications.

It is also worth mentioning that permissions must be restricted for common user accounts. First, let's create a user account that we'll use for our daily routines and use the Parental Control to restrict the account's permissions.

Of course, we also need to determine whether the listed files are actually present in the system. For example, windbg.exe wasn't found on our machine.

  • Security Center

    #drweb

    Click on the padlock icon to unlock the anti-virus settings.

  • Parental Control

    #drweb

    Select the user account, and go to the “Files and Folders” tab.

    #drweb

    Press the plus sign, and specify the file that mustn't be used. Add it to the list.

#Windows #Data_Loss_Prevention #Parental_Control

The Anti-virus Times recommends

With the anti-virus, you can block the operation of a system utility. However, the consequences of such actions can be unpredictable. That's why we don't recommend that users do that while they are working with important information, unless they know exactly what the application does in their system.

We would also like to remind you that all Dr.Web users can take advantage of our Configure Dr.Web project to learn how to fine-tune their Dr.Web software and easily manage their anti-virus security.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments