Microsoft’s Sysmon 14 Blocks Dangerous Malware
Free System Monitor Prevents Virus Payload
The hacking communities on the dark web are constantly evolving with cunning tricks on how to find new ways to enrich themselves by scamming others. Nowadays, Hackers are well-versed in computer programming and have always been busy creating new, and even more sophisticated malware that can easily infiltrate victims’ Android and IOS devices.
Microsoft is one of the main high-tech companies that have been actively implementing ways to interrupt the scamming campaigns of criminal hackers. Therefore, Microsoft introduced a new software in order to improve security against the distribution of hackers’ malware.
With Microsoft’s creation of Sysmon 14, the company published the new software, which comprises a new “FileBlockExecutable” option. This new addition added a new layer of security, in that, it enables tech users to block and prevent dangerous files from being generated on users’ tech gadgets. Some blocked executable files include extensions such as EXE, DLL, and SYS.
Now, system administrators have the perfect tool in their hands to restrict the generation of malicious executable programs. However, its success depends on a variety of factors, which includes the file path, as well as matched particular hashes. Also, whether the extension files have been discarded by other specific executables.
Blocks Malicious MS Office Attachments
The technical team behind the Sysmon program revealed that its creation is to prevent the deployment of executables. Notably, it is integrated with a list of some of the popular malware hashes utilized by criminal hackers. In addition, Sysmon allows tech owners to stop the development of executables on Word or Excel files. Thus, blocking the executable creation process in Sysmon; it prevents the maliciously coded Office attachments from distributing the criminal hackers’ harmful payloads.
Sysmon, which is also known as System Monitor is a free Microsoft utility that is built with the capability to monitor Android and IOS tech systems for malicious code. Next, with the detection of malware; its behavioral events are copied and logged into the Windows Event Log.
The new System Monitor can automatically records basic events such as the creation process and file time changes. In the software’s Event Viewer, Sysmon can easily monitor or blocks dangerous executable malware. However, users have the option to add additional customization to configured files.
Additionally, the Sysmon -s command found in the command line, allows tech gadget owners to read the Sysmon schema, which will familiarize them with the full list of the System Monitor directives.
According to Microsoft’s tech team, version 4.82 of the Sysmon schema supports the ‘FileBlockExecutable’ configuration option. Above all, its unique system option prevents the generation of executables depending on identifiers such as their path, name, hash, and the application that the hackers used to create their harmful executable files.
