How to detect security threats using Attack Surface Analyzer

Hello everyone,
In today's post I will describe the functionality of a very useful tool that Microsoft has provided for us. The tool is called Attack Surface Analyzer and is used to detect any security attack on your system. First download the software from Microsoft's website: . Choose a version that corresponds with your configuration (x86 or x64). You can also read a little description here:
"Attack Surface Analyzer is developed by the Trustworthy Computing Security group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software.

Attack Surface Analyzer takes a snapshot of your system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface.

This allows:
- Developers to view changes in the attack surface resulting from the introduction of their code on to the Windows platform
- IT Professionals to assess the aggregate Attack Surface change by the installation of an organization's line of business applications
- IT Security Auditors evaluate the risk of a particular piece of software installed on the Windows platform during threat risk reviews
- IT Security Incident Responders to gain a better understanding of the state of a systems security during investigations (if a baseline scan was taken of the system during the deployment phase)"

After you have downloaded the software double click it. Follow the instruction and install the software to a desired location. After the software was installed execute it.
Attack Surface Analyzer

When the program opened select a location where you want to store the .CAB file (this file will be generated when the program will finish testing) by pressing the "Browse" button:
Attack Surface Analyzer Installation

There are two types of scans that this program can do, they are both explained there.
Now click the " Run Scan" button and wait for the test to finish. The program will display a message when the test will be done:
Attack Surface Analyzer

After this phase is complete simply open the file and see the results. I use this tool to find vulnerabilities to my workstations. I hope it will help you too, that's it for now, have a nice day.


  1. Great Post!!! One can use SSL Certificates so as to solve security threats for a website. SSL certificates helps in securing the website from unauthorized access. For more information how to include ssl certificates, visit:

    1. Thank you very much for the appreciation!