How to fight hidden malware on Windows networks

Attackers are more clever about how they hide malicious files. Countering that starts with knowing what services belong on your network.

Windows security and protection [Windows logo/locks]
Thinkstock / Microsoft

If I listed the names of services on your Windows systems, would you be able to determine which ones were real and which ones were fake? Attackers often use fake services designed to act and look like real Windows services but contain malicious files. Is Windows Updates a true Windows service, or is it called “Windows Update” on your computer? Have you taken the time to become aware of what services and processes are normal on the computers in your network?

Create a baseline of Windows services

If you don’t know, you need to create a baseline that shows which services should be in your network. The PowerShell command get-service is a quick and dirty way to get a list of running services on a system.

bradley hide malware 1 Susan Bradley

Attack surface reduction rules

When baselining a system, start with the basics. What services are expected to be running on your systems? On server systems in particular, have you taken the time to add monitoring services to alert you when a new service is added to a server system? While workstations may add new services on an irregular basis, services on servers tend not to change often. Monitoring a server for changes in services and critical root directories is a security process you’ll want to consider. You can add Sysmon, for example, to a server to monitor changes on a system.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)