Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB PSC: What are the CB recommended best practices for various Microsoft applications?

CB PSC: What are the CB recommended best practices for various Microsoft applications?

Environment

  • CB Defense PSC Sensor: All Versions
  • CB Defense PSC Backend: All Versions
  • Microsoft Windows: All Supported Versions
  • Microsoft Applications [Various]

Question

What are the CB recommended best practices for various Microsoft applications?

Answer

CB recommends reviewing the available guidelines from Microsoft and implementing exclusions based on your security posture and performance requirements in a stair step approach:
  1. Cert Whitelisting: Ensure properly signed and trusted applications have been whitelisted
  2. Hash Whitelisting: For unsigned files that are trusted within the environment
  3. IT_Tool: Helpful for SCCM deployments
  4. Allow and Log: Helpful for GPO or login scripts applications where extra visibility is required
  5. Allow: Helpful for noisy applications that change hash frequently
  6. API Bypass: Helpful for applications performing multiple operations
  7. Full Bypass: Helpful for backup or performance monitoring applications that touch large amounts of files or generate higher than average resource consumption

Additional Notes


Related Content


Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
5846
Contributors