Attack Surface Analyzer 2.0 Available for Checking Software Installs

Microsoft this week described Attack Surface Analyzer 2.0, an updated tool for checking software installations that's now built using open source code.

Attack Surface Analyzer 2.0, released about a week ago, can be used by IT security auditors to evaluate the risk of "third-party software" (software from non-Microsoft vendors). It can also be used by DevOps engineers to see the system changes made by software additions, per Microsoft's GitHub description. It's an open source tool, built using .NET Core, that runs on Linux, macOS and Windows systems.

The tool is needed, Microsoft's announcement explained, "because most installation processes require elevated privileges, which can lead to undesired system configuration changes." 

Users of Attack Surface Analyzer 2.0 perform an initial system scan. They then install an application and perform yet another system scan. The tool will then show what changed based on certain criteria.

Currently, the criteria that can be selected include:

  • File System
  • User Accounts
  • System Services
  • Network Ports (listeners)
  • System Certificate Stores
  • Windows Registry

Other criteria may get added to the tool in the near future. Microsoft is considering adding code signing information, drivers, firewall settings, redistributable installations, network traffic, registry and some "requested features which existed in the original Attack Surface Analyzer," the GitHub page explained.

Attack Surface Analyzer 2.0 is deemed as being the replacement for the original Attack Surface Analyzer tool that Microsoft released back in 2012, which is still available here.

One catch to using Attack Surface Analyzer 2.0 is that installation files currently aren't available. Just a bunch of compressed files can be accessed from the GitHub code repository. An early tester encountered an odd roadblock, according to this Twitter post.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Windows 10 Preview Adds Windows Subsystem for Linux 2 on ARM64 Devices

    Microsoft's latest Windows 10 preview release for testers (build 18980), announced on Wednesday, includes support for version 2 of the Windows Subsystem for Linux, plus ARM64 device support for WSL 2.

  • Microsoft Defender Advanced Threat Protection Evaluation Lab Now Available

    The Microsoft Defender Advanced Threat Protection (ATP) Evaluation Lab is now ready for use by organizations.

  • How Organizations Can Adapt to SharePoint's 'Modern' Shift

    In a September interview, SharePoint expert Asif Rehmani described how users, developers and organizations are dealing with SharePoint Online's so-called "modern" innovations.

  • Microsoft Urges LDAP Workaround Fix for Windows Systems

    Microsoft updated an August security advisory this week to urge organizations using the Lightweight Directory Access Protocol in supported Windows systems to implement some configuration changes manually.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.