Protecting our computers when we surf the net is something very important and that we must take into account at all times. There are many programs and tools that we can use in all types of operating systems. In this article we echo the launch of Sysmon 13 by Microsoft. This is a new security feature for Windows that helps detect possible malicious processes that have been modified.
Sysmon 13, the new Windows security feature
There is no doubt that Windows 10 is today the most used operating system in the world when we talk about desktop computers. This means that when functions or characteristics of this type arise, they can help many users when it comes to protecting themselves on the Internet.
The goal of this new feature is to detect if a process has been tampered with . Hackers, in order to go unnoticed, inject malicious code into Windows processes. In this way, the antivirus could not detect it and thus be able to attack the victim.
Thanks to this tactic, they could run the malware and appear in the task manager as just another Windows process. A process that, according to the antivirus, would not pose any threat. However, we would really be facing an attack. That’s where Sysmon 13 comes in, the new security feature Microsoft has launched.
This process is known as process dump . This occurs when malicious software starts a legitimate process in a suspended state and replaces the legitimate code in that process with a malicious one.
There are many types of malware that are based on this technique. We can talk, for example, about Mailto / defray777, TrickBot or BazarBackdoor ransomware. They are types of malicious software that can seriously compromise our system.
How to use Sysmon 13
In order to use Sysmon 13 and benefit from the new feature, it must be installed. It is a software from Sysinternals. We have to go to the website and look for the program there and install it.
When we have it installed we will have to add the ProcessTampering configuration option to a configuration file. When we have it installed it will begin to collect data and work in the background.
By having the ProcessTampering function enabled, Sysmon 13 will alert in case it detects a process that could be dangerous. We can see all the documentation on the Microsoft website. There we will find everything we need about how this feature works.
In short, Sysmon 13 is a new function that allows you to detect malicious processes in Windows. One more tool that we can use in our day to day in order to properly protect our equipment and thus avoid problems that compromise our security and privacy. We already know that they are very important factors and that we must maintain at all times.
Microsoft has its own antivirus that is integrated into the operating system itself. We leave you a tutorial on how to optimize Windows Defender. The objective is to ensure that it protects us correctly and that it acts effectively against any threat that could damage the proper functioning.
