Forum Discussion
Best Practice for secure HyperV configuration
Our design and deployment teams were having a debate on the most secure way to deploy HyperV, particularly with respect to Ransomware attacks and protecting from encryption. There seems to be two...
Given that stupid users that click on attachments and browser cocktails should not be impacting the HyperV host, and the user should not have access to the container I have not seen reports of HyperV hosts nailed by user initiated ransomware. While I've seen some reports of utilization of pass the hash/privilege escalation, I have not seen reports of ransomware nailing the hyperV host even when domain joined. As long as the admin patches themselves and uses appropriate run as admin/log in with appropriate creds etc etc.
Here is a nice spreadsheet of current best practices for preventing ransomware
https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml
Consider application whitelisting if you really want to go uber protection.