Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Kaspersky Internet Security - System Watcher only, no KSN - ransomware test
Message
<blockquote data-quote="Wave" data-source="post: 589454"><p>It depends on the situation: is the executable running the script being restricted or not? If yes, then it'll apply to it too.</p><p></p><p>The script cannot just do things without using the Windows API, not possible. The script is interpreted and the contents of the script is used to determine the code for the execution of the actions, which then bonds down to using the Windows API -> NTAPI -> triggers any hooks from Kaspersky, kernel-mode callback notifications, and the such.</p><p></p><p>I believe Kaspersky work with MSR hooks with the hyper-visor on a system-wide level (virtualization but it allows them to bypass PatchGuard problems on x64 systems); they probably use user-mode hooking also with injection to the restricted programs, and device drivers for kernel-mode callbacks.</p><p></p><p>Enjoy the internals info, it should be right.</p></blockquote><p></p>
[QUOTE="Wave, post: 589454"] It depends on the situation: is the executable running the script being restricted or not? If yes, then it'll apply to it too. The script cannot just do things without using the Windows API, not possible. The script is interpreted and the contents of the script is used to determine the code for the execution of the actions, which then bonds down to using the Windows API -> NTAPI -> triggers any hooks from Kaspersky, kernel-mode callback notifications, and the such. I believe Kaspersky work with MSR hooks with the hyper-visor on a system-wide level (virtualization but it allows them to bypass PatchGuard problems on x64 systems); they probably use user-mode hooking also with injection to the restricted programs, and device drivers for kernel-mode callbacks. Enjoy the internals info, it should be right. [/QUOTE]
Insert quotes…
Verification
Post reply
Top