Scanning Security Event Log_thumb4If you believe there are some suspicious applications on your Windows 7 PC, get Microsoft’s free Attack Surface Analyzer

Installing Dot Net 4.0!

attack-surface-analyzer Analyzing registry keys, memory information, threads, handles, ports, shares and more: The Attack Surface Analyzer

Click here to join Ultra.io - Rare NFTs and Play-to-Earn Games or Read my review first!

1. Step Before downloading the freeware tool make sure to install Dot Net 4.0 framework. Head over to filehippo one of our favorite download sites and grab a copy of dotnetfx45_full (download link)

After downloading, double-click the dotnetfx45_full_x86_x64.exe and install it – you have to close some apps
Installing Dot Net 4 0.Jpg

2. Step When you are done, head over to Microsoft’s blog at MSDN.com and download either Attack_Surface_Analyzer_x86.msi or Attack_Surface_Analyzer_x64.msi depending on your operating system. Not sure? Read our tutorial – what Windows version do I have 32-bit or 64-bit?

3. Step Installation of Net framework 4 might take a few minutes – patience – this will really take a few minutes so don’t worry if it hangs

4. Step If you did not successfully install Dot Net 4.0 you will get a warning like this

Attempting To Install Attack Surface Analyzer On A System Without Net 4.Jpg
Attempting To Install Attack Surface Analyzer On A System Without Net 4

5. Step The program will be listed under “All Programs” – start it

How you should use this tool now

The next step would be to generate a simple report BEFORE you install a suspicious program. And then run another report AFTER you installed the app. Then you can compare both using the option Generate standard surface attack report

The tool will generate a CAB file to store your report e.g. C:\Users\sOliver\Attack Surface Analyzer\SOLIVER-PC_1.0.0_2012-09-04_23-29-49.cab

One of the cool things this tool does is to scan your Windows security event logs, but the most useful thing is that it can find out whether or not an app is opening ports, modifying ownership rights or modify your registry

Scanning Security Event Log

Summary: Intended Usage

  •  Generate report before installation
  •  Generate 2nd report after installation
  •  Select “Generate standard surface attack report” and select 1st report as your baseline cab and the 2nd as your product cab:
Generate standard surface attack report – allows you to compare two reports to find suspicious apps that modify your PC in a suspicious way

Baseline Cab And Product Cab

This tool is an advanced tool, so it’s mostly intended for admins and developers, but I believe some security enthusiasts might appreciate it.

We’ll try to explain this tool in more detail if there is any demand for this – so let us know if you want to learn more about this