To delete or not to delete
Thursday, June 6, 2019
We’ve often mentioned the fact that any operating system is packed with a huge number of applications that most people don't need. An entire array of utilities gets installed by default alongside an operating system, even though users never open them. Meanwhile, attackers often put these applications to good use.
Microsoft compiled and published an entire list of legitimate applications that can be misused by intruders.
According to Microsoft, the applications listed below should be blocked (unless you use them): addinprocess.exe addinprocess32.exe addinutil.exe bash.exe bginfo.exe cdb.exe csi.exe dbghost.exe dbgsvc.exe dnx.exe fsi.exe fsiAnyCpu.exe kd.exe ntkd.exe lxssmanager.dll msbuild.exe mshta.exe ntsd.exe rcsi.exe system.management.automation.dll windbg.exe wmic.exe
This list concerns Windows 10 and Windows Server 2016.
Understandably, most of us don't need programs like kd.exe, which is used to analyse memory dumps, or the debugger windbg.exe to perform daily tasks. So let's start blocking access to those applications.
It is also worth mentioning that permissions must be restricted for common user accounts. First, let's create a user account that we'll use for our daily routines and use the Parental Control to restrict the account's permissions.
Of course, we also need to determine whether the listed files are actually present in the system. For example, windbg.exe wasn't found on our machine.
-
Security Center
Click on the padlock icon to unlock the anti-virus settings.
-
Parental Control
Select the user account, and go to the “Files and Folders” tab.
Press the plus sign, and specify the file that mustn't be used. Add it to the list.
The Anti-virus Times recommends
With the anti-virus, you can block the operation of a system utility. However, the consequences of such actions can be unpredictable. That's why we don't recommend that users do that while they are working with important information, unless they know exactly what the application does in their system.
We would also like to remind you that all Dr.Web users can take advantage of our Configure Dr.Web project to learn how to fine-tune their Dr.Web software and easily manage their anti-virus security.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
razgen
00:28:52 2019-06-07
Шалтай Александр Болтай
21:58:01 2019-06-06
Toma
21:46:45 2019-06-06
Татьяна
19:07:31 2019-06-06
Masha
17:01:08 2019-06-06
Dmur
12:56:18 2019-06-06
EvgenyZ
10:57:28 2019-06-06
Неуёмный Обыватель
08:30:12 2019-06-06
Пaвeл
08:23:08 2019-06-06