Anti-virus Products Mostly Ignore Windows Security Features- ASLR or DEP

Discussion in 'other security issues & news' started by Malcontent, Aug 3, 2010.

Thread Status:
Not open for further replies.
  1. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Interesting, thanks. MSE uses both
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    I'd be shocked if they didn't to be honest. :p
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    For what I could see (In my own testing), it seems that, perhaps due to a bug, MSE 2 beta doesn't support DEP. It does support ASLR, though.

    Edit: Actually, it does support it! I was looking at the service, rather than the process msseces.exe.

    My bad. :)
     
    Last edited: Aug 3, 2010
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    The malware service? It should have it too, in both v1/v2, below a screenshot of v2's 3 processes. Unless I'm doing something wrong?

    mse.png
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I rechecked and this is what I have:

    MsMpEng.exe - Only ASLR
    NisSrv.exe - Only ASLR
    msseces.exe - Both DEP and ASLR

    Perhaps a bug with x86 version of MSE v2.0. I'll ask in the thread related with the beta version if anyone gets the same and report it to Microsoft.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    I'll assume you have DEP turned on for everything?
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes, I do.

    Edit: I wasn't running Process Explorer with administrative rights, hence the incorrect display.
    MSE v2 supports both DEP and ASLR on x86.

    Sorry for any inconvenience.
     
    Last edited: Aug 4, 2010
Loading...
Thread Status:
Not open for further replies.