Status
Not open for further replies.

shmu26

Level 83
Verified
Trusted
Content Creator
if you like to test hard-to-defeat software, what about running a test on ReHIPS?
The isolation won't give the malware even a chance, but you could make it much more interesting by running the samples from a non-isolated location, and let the HIPS alone fight the battle.
 

shmu26

Level 83
Verified
Trusted
Content Creator
It doesn't restrict driver loading so i guess it can't protect any kernel mode malware. I would assume that's one way to bypass any protection it offers.
the malware can load all the drivers it wants, and muck up the windows kernel, and it's all okay. Because all changes to the system will be erased at reboot. that's the form of protection it is designed to offer. Your system gets temporarily infected, and then you wash it all away at reboot.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
the malware can load all the drivers it wants, and muck up the windows kernel, and it's all okay. Because all changes to the system will be erased at reboot. that's the form of protection it is designed to offer. Your system gets temporarily infected, and then you wash it all away at reboot.
If you load your drivers you can disable SD. No? I am no malware expert but it's possible.
 
D

Deleted member 178

It doesn't restrict driver loading so i guess it can't protect any kernel mode malware. I would assume that's one way to bypass any protection it offers.
If you load your drivers you can disable SD. No? I am no malware expert but it's possible.
Writing to MBR and partitions are redirected , so the drivers would be also redirected. AFAIK , nothing bypassed SD yet. The last known bypass was a MBR exploitation , this bypass led to the implementation of the MBR protection of SD.
 
Status
Not open for further replies.