Applixure User Ideas
Our customers made these suggestions for improving Applixure, add yours too!
Our customers made these suggestions for improving Applixure, add yours too!
Our customers made these suggestions for improving Applixure, add yours too!
Hi! There's a thing called DMA attack available on Windows OS. We can protect it by using Group Policies and preventing certain types of devices of installing or accessing Firewire/Thunderbolt-ports. Here are 2 links about this case:
From the latter link the first sentence however states that:
"For Windows version 1803 and later versions, if your platform supports the new Kernel DMA Protection feature, we recommend that you leverage that feature to mitigate Thunderbolt DMA attacks. "
The info about OS supporting Kernel DMA protection can be found as easily as running System Information and on the System Summary page there's a flag for Kernel DMA Protection (On | Off)
This would help to see the status of the DMA Protection and could help to either evaluate the need of Group Policy or make a decission if a device can be excluded from the the Group Policy made for restricting DMA.
Guest
This is now available in the agent's security state data in new WindowsSecurity -subobject, along with number of other new attributes related to Windows -specific security features (App Control, App Guard, Memory Integrity etc.)
Thanks, that looks like the one that would be needed. The Powershell script referenced contains the actual API call.
Hi!
You mean like this? There's at least a Powershell way to check it.
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6878
Thank you for the suggestion.
While the information can be found from msinfo32 application for human consumption, in order to include this datapoint in Applixure device data we would need to find programmatic interface (API, WMI etc.) where Applixure could read that information. If such location is available, then having the information in the data could be added.