You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
junctions and reparse points
About this tag
Junctions and reparse points are NTFS features that allow directory path redirection in Windows. Recent discussions highlight security concerns, such as the GhostTree attack, which exploits junctions to bypass endpoint detection and response (EDR) tools during recursive scanning. Mitigations include applying Windows updates, enabling Microsoft's junction protections, and using tools like RedirectionGuard. Administrators should not rely solely on EDR for junction safety; instead, they must patch systems and ensure scanners handle path redirection with cycle detection and privilege awareness. These topics are relevant for Windows security, file server management, and enterprise IT hardening.
Verdict: patch Windows and endpoint tools as updates become available, enable Microsoft’s junction mitigations wherever your build and services support them, and do not treat EDR recursive scanning as a control you can safely trust by itself. GhostTree matters because it turns a familiar Windows...