Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
NoVirusThanks OSArmor
Message
<blockquote data-quote="Deleted member 65228" data-source="post: 697985"><p>The Bcdedit.exe protection doesn't work by preventing the activity itself, it appears that it works by filtering for command line. I attempted to spawn Dbgview.exe with the fake arguments (which would have been appropriate for Bcdedit.exe) and it still got flagged, despite the target not being Bcdedit.exe. So I wouldn't count your chickens.</p><p></p><p>[CODE]</p><p>Date/Time: 12/17/2017 8:59:41 PM</p><p>Process: [1556]C:\Users\PCNAME\Desktop\Dbgview.exe</p><p>Parent: [3724]C:\Windows\System32\cmd.exe</p><p>Rule: BlockModificationsViaBcedit</p><p>Rule Name: Prevent important system modifications via Bcedit.exe</p><p>Command Line: dbgview.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS</p><p>Signer: Microsoft Corporation</p><p>[/CODE]</p><p></p><p>Strangely, it doesn't flag for TESTSIGNING being enabled. You can use that instead of DDISABLE_INTEGRITY_CHECKS and it won't be flagged?</p><p></p><p>However, there's no self-protection. You need to have administrator rights to use the original Bcdedit.exe, and you can break the service for this product with Administrator rights too... Same for editing the config for it in the Registry! So that feature isn't that reliable.</p><p></p><p>Still useful and decent though - can be very handy for additional protection & I like how the User Interface is simple to use. All the settings are right there in front of you with hardly any effort at all, ease-of-use. Which is a good thing , After all it is a free product which is really nice and kind of them. The alerts UI looks nice too but would be good to have details put on there</p></blockquote><p></p>
[QUOTE="Deleted member 65228, post: 697985"] The Bcdedit.exe protection doesn't work by preventing the activity itself, it appears that it works by filtering for command line. I attempted to spawn Dbgview.exe with the fake arguments (which would have been appropriate for Bcdedit.exe) and it still got flagged, despite the target not being Bcdedit.exe. So I wouldn't count your chickens. [CODE] Date/Time: 12/17/2017 8:59:41 PM Process: [1556]C:\Users\PCNAME\Desktop\Dbgview.exe Parent: [3724]C:\Windows\System32\cmd.exe Rule: BlockModificationsViaBcedit Rule Name: Prevent important system modifications via Bcedit.exe Command Line: dbgview.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS Signer: Microsoft Corporation [/CODE] Strangely, it doesn't flag for TESTSIGNING being enabled. You can use that instead of DDISABLE_INTEGRITY_CHECKS and it won't be flagged? However, there's no self-protection. You need to have administrator rights to use the original Bcdedit.exe, and you can break the service for this product with Administrator rights too... Same for editing the config for it in the Registry! So that feature isn't that reliable. Still useful and decent though - can be very handy for additional protection & I like how the User Interface is simple to use. All the settings are right there in front of you with hardly any effort at all, ease-of-use. Which is a good thing , After all it is a free product which is really nice and kind of them. The alerts UI looks nice too but would be good to have details put on there [/QUOTE]
Insert quotes…
Verification
Post reply
Top