- Jul 3, 2015
- 8,153
Most of us already know that we should use common sense, and keep our OS and software updated. Most also know they need to watch out for malicious exe files. Even something as simple as AVAST hardened mode/aggressive will help with this.
Slightly harder is to protect from malicious scripts. For this, you also need to monitor (or block) wscript.exe, which is the default Windows process for opening java script files.
EDIT: do the same with cscript.exe
Most default/deny apps do this.
Now let's get to the trickier stuff. This category includes exploits that operate only in memory, and DLL attacks.
For these, the common attack methods utilize powershell, powershell ISE, or cmd.exe. So these processes should be monitored/blocked, too. (Although rogue dlls can be loaded by various Windows processes, they first have to get downloaded, which typically means running a script or command.)
Question: what else needs to be done, to protect from exploits?
Slightly harder is to protect from malicious scripts. For this, you also need to monitor (or block) wscript.exe, which is the default Windows process for opening java script files.
EDIT: do the same with cscript.exe
Most default/deny apps do this.
Now let's get to the trickier stuff. This category includes exploits that operate only in memory, and DLL attacks.
For these, the common attack methods utilize powershell, powershell ISE, or cmd.exe. So these processes should be monitored/blocked, too. (Although rogue dlls can be loaded by various Windows processes, they first have to get downloaded, which typically means running a script or command.)
Question: what else needs to be done, to protect from exploits?
Last edited: