Attack Surface Analyzer 2.0 Available for Checking Software Installs

Microsoft this week described Attack Surface Analyzer 2.0, an updated tool for checking software installations that's now built using open source code.

Attack Surface Analyzer 2.0, released about a week ago, can be used by IT security auditors to evaluate the risk of "third-party software" (software from non-Microsoft vendors). It can also be used by DevOps engineers to see the system changes made by software additions, per Microsoft's GitHub description. It's an open source tool, built using .NET Core, that runs on Linux, macOS and Windows systems.

The tool is needed, Microsoft's announcement explained, "because most installation processes require elevated privileges, which can lead to undesired system configuration changes." 

Users of Attack Surface Analyzer 2.0 perform an initial system scan. They then install an application and perform yet another system scan. The tool will then show what changed based on certain criteria.

Currently, the criteria that can be selected include:

  • File System
  • User Accounts
  • System Services
  • Network Ports (listeners)
  • System Certificate Stores
  • Windows Registry

Other criteria may get added to the tool in the near future. Microsoft is considering adding code signing information, drivers, firewall settings, redistributable installations, network traffic, registry and some "requested features which existed in the original Attack Surface Analyzer," the GitHub page explained.

Attack Surface Analyzer 2.0 is deemed as being the replacement for the original Attack Surface Analyzer tool that Microsoft released back in 2012, which is still available here.

One catch to using Attack Surface Analyzer 2.0 is that installation files currently aren't available. Just a bunch of compressed files can be accessed from the GitHub code repository. An early tester encountered an odd roadblock, according to this Twitter post.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Previews New Edge Browser on Windows 7 and Windows 8.1

    Microsoft announced this week that it has released previews of its Chromium-based Microsoft Edge Web browsers for use on Windows 7, Windows 8 and Windows 8.1 systems.

  • Exchange Server June Cumulative Updates Arrive, But with Red Tape

    Microsoft released its quarterly cumulative updates (CUs) for Exchange Server 2013, 2016 and 2019 products this week, but added an extra step for IT pros to consider before installing them.

  • Moving an Old VM to a New Hyper-V Host

    So you want to know whether a Hyper-V virtual machine built on a legacy host will be supported by a newer server? There's a PowerShell command for that.

  • AI-Driven Solution Tracks Packets Through the Datacenter

    Datacenter solutions vendor Kaloom this week unveiled a new offering the company says will enable the development of "self-driving" datacenter networks.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.