https://koosjanse.com/tags/service-hardening/Recent content in Service Hardening on Koos's Tech BlogHugo -- gohugo.ioenFri, 08 May 2026 00:00:00 +0000https://koosjanse.com/posts/devices/serviceacl/Fri, 08 May 2026 00:00:00 +0000https://koosjanse.com/posts/devices/serviceacl/Microsoft Defender can flag services that run outside common protected locations. This post shows how to use KQL to identify the affected service paths and PowerShell to validate whether the base folders are writable by broad user groups.