I have not seen this issue discussed here,
but I would like to know if Returnil is vulnerable
to the "hook" attack pointed out by Matousec.

http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Thanks

-{ Quote: "I have not seen this issue discussed here,
but I would like to know if Returnil is vulnerable
to the "hook" attack pointed out by Matousec.

http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Thanks" }-

Hello whoman and welcome to the forums :)

RVS is not vulnerable to the attack described by Matousec as the RVS Monitoring System does not use SSDT patching for A/V checks.

Mike

Wow. Serious congrats to you guys then.

(And to FISK. I think. Returnil's built-in AV is based on F-Prot isn't it?)

-{ Quote: "Wow. Serious congrats to you guys then.

(And to FISK. I think. Returnil's built-in AV is based on F-Prot isn't it?)" }-

Yes, the current RVS VG is based on the F-Prot engine but is not exactly the same as the full commercial Frisk product. This means there may be differences in how Frisk implements their technology in the full commercial F-Prot AV solution. Though both use the same or similar engine, it does not necessarily mean they are implemented in the same way...

For guidance with the stand-alone commercial versions of F-Prot, we highly recommend contacting Frisk directly as they are best suited to comment on their implementation and product lines...

Mike

That is great news and one less problem to worry about!
Also one more reason to keep using Returnil.

Thanks for your response.