What is Microsoft Security Compliance Manager ?

Managing security in a company is a complicated task. In Windows environment there is very nice feature known as Group Policy which you could take a control over managing your IT environment and you could set basic things like forcing user to change password every three months to more complicated tasks like block certain version of application from running or disabling certain settings in Windows. There is no doubt that Group Policy in Windows is very powerful, but many IT professionals are not sure how to configure it to compliance with best practices in security industry. If a company required to follow best practices in IT Security, they could achieve it with Group Policy, but they are not sure which policy should they set. In this case, they need to go through security best practices documents and figure out what each policy is all about and then open Group Policy and look for Group Policy Object and then set that specific policy there. This is time consuming and difficult process and for these reasons, many of IT professionals just setup basic security policies like the one for user account and then let it be like that. Hopefully, Microsoft released a tool which makes it a lot easier to adapt security best practices in Group Policy quickly and it called Security Compliance Manager. What it does is, it contains list of security best practices and map them to Group Policy Objects and it also has explanation like why we need each policy and why there are important. In this case, instead of look into guideline and figure out which policy must be set and where is it located in Group Policy, you will see all required policy and you will see why they needed and you could compare them with your current setting, the recommended one by Microsoft and recommended one by industry. In addition, you could simply sit with your managers and other IT Professional and discuss what changes you wanted to adapt into these policies and once you done, you could import it into your current IT environment and use it. You could also customized your own settings and share it with other branches. Security Compliance Manager is simple tool which makes great things. Make sure you use it and good news is, it is free of charge and you may download it from here.

The above link is the latest version and new version will be released regularly, make sure check out Microsoft website for the latest version.

 

Protect Yourself against 0-Days with EMET 5.5

Microsoft EMET 5.5 recently released to the public, it has been in beta version for a while and now it is finalized and is ready to use. So what is it and why we should use it?

EMET stands for Enhanced Mitigation Experience Toolkit, from the name itself you could see what it does. It improves protection against threats to your Windows. In the other word, it helps you to enhance protection in your system. Mainly it is additional protection layer to your PC which protects you against 0-days attacks. As a user, you could just download and install it and then select recommended setting and it stays there and protect you. However, if you are expert and you know how to work with applications and memory, then you could play around with settings in EMET. You could define application to be protected with EMET and protection that should be applied. If you are not sure what they are means, you could always refer to Microsoft TechNet website. For example if you are wonder what does DEP (Data Execution Prevention) means, you could search for it in Microsoft TechNet and learn more. Installing EMET could cause some sort of compatibility issues and crash application but the default setting would help you to protect yourself and application and protect against vulnerabilities.

Version 5.5 of EMET is the first final release of EMET which support Windows 10 and also Group Policy, so it is a good news for Windows 10 users and IT Administrators. You may download EMET 5.5 from Microsoft Download page.

 

 

What is Microsoft Advanced Threat Analytics?

Monitor cybercrime activities in your organization is a big challenge, it is hard to see what is really going on in your company in term of cybersecurity. Well, you could refer to event viewer and audit log files or setup alerts for certain events. However, it is better if we have a way to see a clear overview of what things which are going on in our company like seeing graphical representation of threats and seeing a clear picture of what actually going on something which is hard to understand just but look into log files. Recently it has been announced Microsoft Advanced Threat Analytics is available as preview. Which means it is available for you to try but it is not the complete version yet. This tools do exactly what you want to monitor overview of activities in area of cybersecurity in your company and it visualize it. So you don’t need to just look into log files but you will see what is going on. It is really cool if you are in charge of IT or IT security of your company and you want to present overview of security in your company to your managers. For many of IT professionals, it is difficult to explain such thing to people who are not from IT background and this graphical representation helps you a lot to present these.

There are limitations in this tools like it is using machine learning techniques and you should expect some misleading warning or missing some sort of attacks. Using machine learning itself is causing such issue for this product and other security products. But the good point which is its real time detection is showing the overall activities in real-time and you won’t get false alert or misleading information. It could help companies a lot especially when it comes to seeing an overview of threats across organization. I am strongly recommend you to have a look at this product and start by visiting its official website.

Malicious Software Removal Tool (MSRT) or Safety Scanner?

Malicious Software Removal Tool (MSRT) and Safety Scanner are two removal tools which could scan and remove malwares from your PC without interfere with your Anti-Malware product (because they are only scanner and not real time protection). Since both of them are Microsoft scanners, people sometimes get confused by which one should they use. The following are the main differences between Safety Scanner and MSRT:

  • MSRT only removes specific malwares (and NOT all malwares), they are usually famous malwares which distributed around the world or they are very high risk. However, Safety Scanner is capable of removing all known malwares at the time when you downloaded it. Therefore the file size of Safety Scanner is larger than MSRT, because Safety Scanner contains more detection and removal tools.

  • MSRT has been scanning your PC every month through Windows Update. In the other word, every month new families of malwares will be added to MSRT and when you update your PC, it will run a quick scan on your PC. However for Safety Scanner, there is no automatic download or monthly scanning and you only could scan your PC with it, if you visit the website and download it.

A question remains that which one should I use? It basically depends on your plan and requirements. For example, if you suspicious of malware in your PC but either it won’t be detected by your current Anti-Malware product or you don’t have any Anti-Malware software, then you have should use Safety Scanner which contains detection for all known malwares. However, there are cases when you might have a very slow internet and downloading Safety Scanner might takes a lot of time while you are in hurry and in this case, you may download MSRT and because size of file is smaller than Safety Scanner, it will be download faster and you may run scan and remove malwares (it won’t remove all) but this process could help you to remove dangerous malwares first and fix some issues for a while and then while you are doing this, download Safety Scanner. For example, consider a case which your PC is infected and you are unable to install Anti-Malware software or update it. You may use another PC to copy MSRT in a flash memory and run scan from your flash memory and remove malwares which block downloading Anti-Malware and then download Anti-Malware and update it and run a full system scan to remove all malwares.

In general it is always recommended to run Safety Scanner, because it contains malware signature for all known malware (and it also detects some unknown malwares based on their behaviors), however if you are in hurry and you don’t have time to wait to download a large file, then MSRT could be a temporary measurement but you need to use Safety Scanner later on.

If you want to download MSRT, you may refer to the following link:

http://www.microsoft.com/security/pc-security/malware-removal.aspx

For Safety Scanner, you may refer to the following link:

http://www.microsoft.com/security/scanner/en-us/default.aspx

For the Safety Scanner, it will be expired after 10 days, so when you download it you should use it immediately. This expiry feature is there to make sure you have the latest signature, every day when you download the Safety Scanner, it has new signatures which detects new malwares so need to download the latest version before perform scanning.

Scanner in Your Pocket

You might see PCs that are infected with Malware in public PCs and when you want to do run scan to remove those Malwares, you will notice that you login as standard user and you don’t have admin right. Administrator might not be around all the time and you will just give up or put a note for the administrator that please install updated version of Anti-Malware product on your PCs and the administrator might not care about it. In other scenarios, your friend might call you saying that their PC is infected and there is no way to remove Malware or there is a Malware that stop the PC from being boot up. If you are one the one that interest in security or you want help other people with Malware, it would be nice if you had a powerful Malware scanner in your pocket all the time. You could do that using Windows Defender Offline . It is very easy to create bootable scanner using this tools and you don’t need to be an expert to do that. Before creating Windows Defender Offline, you should remember these thing:

1.       It will completely format your USB/External Harddisk, therefore make sure you are using External Harddisk or flash memory that is empty or backup all of data from there because it will deleted.

2.       It will convert format of your flash memory to NTFS and create a name for it. You could reformat it to any type or rename it later on by right click on the device and click format

3.       It is recommend that only use the external device for scanning and don’t use to store personal data.

In order to create the scanner, you will need an USB Drive/CD/DVD with at least 250MB and you have to insert it into your PC and then visit Windows Defender Offline Website and download the tools in your PC and run it and you will see screen like below:

 Create Windows Defender Offline  

Read instruction to learn more about it and then press Next > it will show license agreement and you should it read and press I accept , then it will ask you about creating tools and you have to choose whether you want to create in CD/DVD or USB flash drive or create ISO and burn it to DVD later. Once you done these steps it will create it and it is ready to go. Let say if you create it into a USB drive, you could always have it in your pocket and if you face issues such as infected PC that couldn’t boot up or a Malware that already take over operating system and won’t let Anti-Malware to run, just insert your USB and run a full system scan and it will remove it. You should update this tools regularly and you could do that using the same tool which you create it and just insert USB and run the tools that you downloaded from the website to create it and it will guide you through update process. Now, you have a scanner on your pocket and you could use that to save infected PCs anytime.

 

 

Microsoft Safety Scanner

Sometimes a PC might get infected and you could not download Anti-Virus software to remove Malwares. There are Malwares (Virus, Worm, Trojan, Spyware…) which would prevent Anti-Virus software from being install. In other case, you suspect whether your PC is infected with Malware or not and you just want to run simple checking, in these cases, you could try Microsoft Safety Scanner .

It is a free Malware Scanner Tools, which could detect Viruses, Worms, Trojan, Spyware, Adware and other Malwares in your PC and remove them for you. In some cases, a PC infected with a Malware that won’t allow you to visit websites for Anti-Virus software or online scanner. One good thing about this tool is when you face such an issue that Malware block your access to the scanner website, you could use a PC that is NOT infected and copies this tool into a removable media such as flash memory and then inserts it into the infected PC and run scan. Before this tool, Microsoft introduced another free online scanner, known as Windows Live OneCare Online Scanner. The tool would run several tasks, including check PC and see if it runs latest update, scan for Malware and remove them, check for defragment and let you know if you should run defragment and clean unnecessary files and registry from your PC. The tool ran on browser and used Active X. If your PC infected with Malware that blocked the website, then you would have problem with running the scanner. OneCare Online Scanner discontinued and replaced with Microsoft Safety Scanner. It is browser independent, which means you don’t need to run Active X to be able to run it and in case that a Malware block your access to the scanner website, you could use different PC and download it in a removable media and then run scan with it in infected system.

In this scanner, you don’t have feature for defragment, disk clean up and windows update checking. But you don’t need to be worry, defragment and disk clean up are features that build into Windows Operating System and whenever you want to use them, you just have to run them and you don’t need any internet connection do to that. In case of update and other security issues, you could refer to Windows Security Center in Windows XP and Action Center in Windows Vista and Windows 7 to check your security status and if you haven’t run update for a while, you will receive a warning from Security Center or Action Center by default.  

One important thing that you should remember is that Microsoft Safety Scanner is NOT replacement for your Anti-Virus Software and you need a real-time Anti-Virus software to protect yourself. It is just a tool to help your PC from a deep infection and if you unable to run Anti-Virus software due to Malware, it will help you to remove it. It is a tool to detect and remove Malware for you and if you want to keep protected and prevent other Malwares from infecting your PC, you must use real-time protection Anti-Virus such as Microsoft Security Essentials which will prevent Malwares from infecting your PC and remove them and keep protecting your PC against Malware in real-time.

In case that you face any problem when you run Microsoft Safety Scanner , you could take a look at How to troubleshoot an error when you run the Microsoft Safety Scanner. In addition, when Safety Scanner detects any Malwares, it is good idea to take a note of name of Malwares and look into their descriptions online. For some Malware, you might have to take some additional steps to remove them or you should do some manual repairs which been explained in details Malwares if applicable.

Boot Windows for Scan

There are cases that your system been infected with Malware (Virus, Worm, Trojan…) and Anti-Virus software could not remove them or you system might not be able to boot. In order to remove Malware, many of users try to boot into system and run full system scan and it is a recommended solution. However, let say you system is not able to boot at all or you run a full scan with updated Anti-Virus and Malware remains there. In situation like this, many of people will just reformat their system and reinstall Windows. But is that the only solution?

Malware could get deep into your system and as it been said, in some cases Malware could prevent your system from boot up. This means that you are not able to see you desktop or Windows logo and system keep getting errors. Note that this behavior could be due to many things such as hardware or software failures. What is being discussed here is a case that Malware is the cause of this behavior. When your system is not able to boot, there is a solution before reinstall and format your Windows and it is to scan your system before boot into your system. There are many tools in market that doing this , user is able to create them inside CD,DVD or Removable Devices and then boot system with them and then run full system scan and remove Malware and bad system to normal state. There is a good tool from Microsoft that gives you this functionality and it is easy to use, it called Windows Defender Offline Beta. It is under beta at this moment but you could download it for free and it is easy to use. A tool like this was been around in Microsoft for many years as part of commercial product for enterprise and companies. It was a Malware removal tool and some other troubleshooting tools that would run in booting and it called Microsoft Diagnostics and Recovery Toolset, to learn more about this tool you could visit:

http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/mdop/dart.aspx

The Windows Defender Offline Beta is for personal use and in case that you are not able to boot into your system due to Malware or in case that your system is infected with Malware that couldn’t be removing by doing full scan with updated scanner. In order to use this tool you could follow these steps:

 

1)  Download the tool from official website; make sure read the instruction in the website before download it. (If you could not boot into your system, use different PC to download the tool), you could download it from:

http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

 

2) Check ways that you could boot your PC with CD/DVD or removable devices such as flash memory. Depend on your PC’s motherboard there could be different key to boot using CD/DVD or USB. It is good idea to check your Motherboard or PC’s manufacture’s website for more detail about how to do it.

 

3) Once you find out about the method that you could boot into your system run the tool and follow steps and create CD/DVD or USB. The steps are easy and once you follow steps you could create the tool in the DVD/CD or Removable Devices.

 

4) Boot into your PC using CD/DVD or USB, depend on whether you create CD/DVD booting or USB booting and then follow steps to run full system scan.

 

I also suggest that take a look at:

http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq

 

This tools is still in beta and for final release, there would be many improvements. This tool is easy to use and could save your time in troubleshoot problems in system due to Malware.