Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
WiseVector Free AI Driven Security
Message
<blockquote data-quote="In2an3_PpG" data-source="post: 786182" data-attributes="member: 56957"><p>Why do you need to inject into explorer.exe to support the on-execution feature? I really hope you aren't API hooking for this given there's an officially supported and documented mechanism to filter process creation from Microsoft in WDK (which doesn't require affecting the integrity of other people's software).</p><p></p><p></p><p></p><p>Script interpreters like PowerShell are based on the .NET Framework and support Platform Invocation (P/Invoke) to the Win32 API/NTAPI. Office VBA is no exception to this either, it supports P/Invoke. You do not need to drop a Win32 PE and then use it to perform malicious operations on the machine... it is entirely optional behavior.</p><p></p><p>Can WiseVector intercept and block operations being performed by a script alone?</p></blockquote><p></p>
[QUOTE="In2an3_PpG, post: 786182, member: 56957"] Why do you need to inject into explorer.exe to support the on-execution feature? I really hope you aren't API hooking for this given there's an officially supported and documented mechanism to filter process creation from Microsoft in WDK (which doesn't require affecting the integrity of other people's software). Script interpreters like PowerShell are based on the .NET Framework and support Platform Invocation (P/Invoke) to the Win32 API/NTAPI. Office VBA is no exception to this either, it supports P/Invoke. You do not need to drop a Win32 PE and then use it to perform malicious operations on the machine... it is entirely optional behavior. Can WiseVector intercept and block operations being performed by a script alone? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
