Home / Networking / How to fight hidden malware on Windows networks – CSO Online

How to fight hidden malware on Windows networks – CSO Online

If I listed the names of services on your Windows systems, would you be able to determine which ones were real and which ones were fake? Attackers often use fake services designed to act and look like real Windows services but contain malicious files. Is Windows Updates a true Windows service, or is it called “Windows Update” on your computer? Have you taken the time to become aware of what services and processes are normal on the computers in your network?

Create a baseline of Windows services

If you don’t know, you need to create a baseline that shows which services should be in your network. The PowerShell command get-service is a quick and dirty way to get a list of running services on a system.

bradley hide malware 1 Susan Bradley

Attack surface reduction rules

When baselining a system, start with the basics. What services are expected to be running on your systems? On server systems in particular, have you taken the time to add monitoring services to alert you when a new service is added to a server system? While workstations may add new services on an irregular basis, services on servers tend not to change often. Monitoring a server for changes in services and critical root directories is a security process you’ll want to consider. You can add Sysmon, for example, to a server to monitor changes on a system.


Source link

Check Also

Coach Arians and His Staff Stress Networking at NFL-NCAA Coaches Academy Held in Tampa – Buccaneers.com

Official Site of the Tampa …

Leave a Reply

Your email address will not be published. Required fields are marked *