Advanced: Use Attack Surface Analyzer Freeware To Secure Windows 7 And Find Suspicious Apps

Oliver SK.

11 years ago

If you believe there are some suspicious applications on your Windows 7 PC, get Microsoft’s free Attack Surface Analyzer

Installing Dot Net 4.0!

Analyzing registry keys, memory information, threads, handles, ports, shares and more: The Attack Surface Analyzer

1. Step Before downloading the freeware tool make sure to install Dot Net 4.0 framework. Head over to filehippo one of our favorite download sites and grab a copy of dotnetfx45_full (download link)

After downloading, double-click the dotnetfx45_full_x86_x64.exe and install it – you have to close some apps

2. Step When you are done, head over to Microsoft’s blog at MSDN.com and download either Attack_Surface_Analyzer_x86.msi or Attack_Surface_Analyzer_x64.msi depending on your operating system. Not sure? Read our tutorial – what Windows version do I have 32-bit or 64-bit?

3. Step Installation of Net framework 4 might take a few minutes – patience – this will really take a few minutes so don’t worry if it hangs

4. Step If you did not successfully install Dot Net 4.0 you will get a warning like this

Attempting To Install Attack Surface Analyzer On A System Without Net 4

5. Step The program will be listed under “All Programs” – start it

How you should use this tool now

The next step would be to generate a simple report BEFORE you install a suspicious program. And then run another report AFTER you installed the app. Then you can compare both using the option Generate standard surface attack report

The tool will generate a CAB file to store your report e.g. C:\Users\sOliver\Attack Surface Analyzer\SOLIVER-PC_1.0.0_2012-09-04_23-29-49.cab

One of the cool things this tool does is to scan your Windows security event logs, but the most useful thing is that it can find out whether or not an app is opening ports, modifying ownership rights or modify your registry

Summary: Intended Usage

Generate report before installation
Generate 2nd report after installation
Select “Generate standard surface attack report” and select 1st report as your baseline cab and the 2nd as your product cab:

Generate standard surface attack report – allows you to compare two reports to find suspicious apps that modify your PC in a suspicious way

This tool is an advanced tool, so it’s mostly intended for admins and developers, but I believe some security enthusiasts might appreciate it.

We’ll try to explain this tool in more detail if there is any demand for this – so let us know if you want to learn more about this