Microsoft Sysmon can now block malicious EXEs from being created


Windows Tools

Microsoft has released Sysmon 14 with a new ‘FileBlockExecutable’ option that lets you block the creation of malicious executables, such as EXE, DLL, and SYS files, for better protection against malware.

This feature is a powerful tool for system administrators as it allows them to block the creation of executables based on various criteria, such as the file path, whether they match specific hashes, or are dropped by certain executables.

For example, if you have a list of known malware hashes, you can configure Sysmon to block the creation of executables matching those hashes. Or, if you want to prevent malicious Office attachments from dropping malware, you can stop the creation of executables from Word or Excel.

Read more…