Advanced: Use Attack Surface Analyzer Freeware To Secure Windows 7 And Find Suspicious Apps

Scanning Security Event Log_thumb4If you believe there are some suspicious applications on your Windows 7 PC, get Microsoft’s free Attack Surface Analyzer

Installing Dot Net 4.0!

attack-surface-analyzer Analyzing registry keys, memory information, threads, handles, ports, shares and more: The Attack Surface Analyzer

1. Step Before downloading the freeware tool make sure to install Dot Net 4.0 framework. Head over to filehippo one of our favorite download sites and grab a copy of dotnetfx45_full (download link)

After downloading, double-click the dotnetfx45_full_x86_x64.exe and install it – you have to close some apps
Installing Dot Net 4 0.Jpg

2. Step When you are done, head over to Microsoft’s blog at and download either Attack_Surface_Analyzer_x86.msi or Attack_Surface_Analyzer_x64.msi depending on your operating system. Not sure? Read our tutorial – what Windows version do I have 32-bit or 64-bit?

3. Step Installation of Net framework 4 might take a few minutes – patience – this will really take a few minutes so don’t worry if it hangs

4. Step If you did not successfully install Dot Net 4.0 you will get a warning like this

Attempting To Install Attack Surface Analyzer On A System Without Net 4.Jpg
Attempting To Install Attack Surface Analyzer On A System Without Net 4

5. Step The program will be listed under “All Programs” – start it

How you should use this tool now

The next step would be to generate a simple report BEFORE you install a suspicious program. And then run another report AFTER you installed the app. Then you can compare both using the option Generate standard surface attack report

The tool will generate a CAB file to store your report e.g. C:\Users\sOliver\Attack Surface Analyzer\

One of the cool things this tool does is to scan your Windows security event logs, but the most useful thing is that it can find out whether or not an app is opening ports, modifying ownership rights or modify your registry

Scanning Security Event Log

Summary: Intended Usage

  •  Generate report before installation
  •  Generate 2nd report after installation
  •  Select “Generate standard surface attack report” and select 1st report as your baseline cab and the 2nd as your product cab:
Generate standard surface attack report – allows you to compare two reports to find suspicious apps that modify your PC in a suspicious way

Baseline Cab And Product Cab

This tool is an advanced tool, so it’s mostly intended for admins and developers, but I believe some security enthusiasts might appreciate it.

We’ll try to explain this tool in more detail if there is any demand for this – so let us know if you want to learn more about this

5 of 5 0 (100%) 1 vote
- Cheers!

Written by:
Oliver is the founder and lead editor of this site. He is interested in finding new ways to break Windows, find common errors and help others to fix them. Aside from that, he loves to fully customize systems with Rainmeter and Dreamscene, find out more about ancient civilizations like the Chachapoya, sharpen his digital photography skills and create software with a small group of selected developers. If you would like to connect with him to discuss anything, send him a mail!

Learn More About.Me

Follow me on Twitter for daily updates:

Contact The Author:

Get Free Help

Connect With Our Site:



Need help? Ask a question at our QA site, click the red button to get started:
Want to support us? Great, simply buy your favorite games from G2A via our referral link ( and save money at the same time:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current day month ye@r *