Environment
- CB Defense PSC Sensor: All Versions
- CB Defense PSC Backend: All Versions
- Microsoft Windows: All Supported Versions
- Microsoft Applications [Various]
Question
What are the CB recommended best practices for various Microsoft applications?
Answer
CB recommends reviewing the available guidelines from Microsoft and implementing exclusions based on your security posture and performance requirements in a stair step approach:
- Cert Whitelisting: Ensure properly signed and trusted applications have been whitelisted
- Hash Whitelisting: For unsigned files that are trusted within the environment
- IT_Tool: Helpful for SCCM deployments
- Allow and Log: Helpful for GPO or login scripts applications where extra visibility is required
- Allow: Helpful for noisy applications that change hash frequently
- API Bypass: Helpful for applications performing multiple operations
- Full Bypass: Helpful for backup or performance monitoring applications that touch large amounts of files or generate higher than average resource consumption
Additional Notes
Here are some resources from Microsoft / Technet:
Related Content