Mon. Jan 30th, 2023

Whitelisting approved binaries

Hopefully, you have anti-malware software installed on your servers. Generally, this will ensure that any file read from disk is checked for viruses, and any data is checked before being written back.

For most cases, this works just fine. However, there are circumstances where this isn’t ideal.

One use of servers is to provide virtualisation – this means having multiple virtual machines run within a single physical server. Each virtual machine is stored as a huge file, which is constantly being read from and written to. For this purpose, we may choose to exclude the emulation software and the VM files by whitelisting them. Of course, this means that any malicious alterations to the files would be missed, but in this example, it is a necessary action. Without it, the hosts CPU will be placed under a huge load purely from scanning the application and its data, before even beginning to process the VMs commands.