Additional Windows security recommendations

We all know how great Xcitium Client Security is, especially the containment. Can you recommend any further changes we should make to Windows to enhance endpoint security to reduce the impact of an attack by a malicious actor.

Remove admin rights for users and enable DLL monitoring while blocking unknown DLLs to ensure complete protection. Without blocking unknown DLLs, attackers may exploit available options to bypass Xcitium containment during targeted attacks.

2 Likes

We already do this.

This creates too many False Positives.

I was referring more to Windows configuration. What are everyone’s go-to restrictions apart from removing admin rights to improve security, without impeding the users’ ability to work?

You’re correct that enabling a complete lockdown on unknown DLLs may lead to a significant number of false positives, especially if clients are using software not signed by trusted authorities. However, there are certain weaknesses in Xcitium’s containment technology that can be exploited in targeted attacks. Without enforcing a strict block on unknown DLLs, the system may not provide comprehensive protection. Additionally, without containment, Xcitium’s security effectiveness falls short compared to solutions like CrowdStrike, SentinelOne, or Cortex.

To further enhance security, you can implement the CIS Benchmark to harden the system and reduce vulnerabilities. This approach ensures a more robust security posture while complementing Xcitium’s capabilities.