Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,680
- Content source
- https://youtu.be/pO2QA1-qKYE
I wonder how you block AV services and if it would work with Kaspersky & Bitdefender
Are you aiming at the filter drivers? And does it affect only kernel-mode services? What if an application has multiple services in user and kernel mode, will all be affected? Interesting how no attempts for repair are made by Comodo and Eset… They certainly must have some scheduled tasks as well that should be able to perform a check.The first part uses a shortcut with CmdLines. The CmdLines can use several LOLBins to initialize the attack. In the video, I used the CMD LOLBin.
The current AVs have some chances to stop the first part of the attack by blocking CmdLines or LOLBins. So, the attack can be successful in some settings and fail in others.
Would products with Virtualization-based Security, like Kaspersky, survive the second part of the attack if V-bS is enabled in K?The second part of the attack can block many AV kernel drivers. It cannot block drivers protected by VBS (Virtualization-based Security).
Is this attack test fit for products like OSArmor or CyberLock, or do they simply block CMD, so it won't be a fair test evaluating their mechanism like AI or suspicious?
Are you aiming at the filter drivers? And does it affect only kernel-mode services? What if an application has multiple services in user and kernel mode, will all be affected?
Interesting how no attempts for repair are made by Comodo and Eset.
I wonder if there is any point in reporting this to Eset in some way?Interesting how no attempts for repair are made by Comodo and Eset…
I wonder if there is any point in reporting this to Eset in some way?
Would products with Virtualization-based Security, like Kaspersky, survive the second part of the attack if V-bS is enabled in K?