bypassed the AntiExecute and Shadowdefender?

Hi all.

Some guys said the Shadowfender + AntiExecute is the stablest combine.

see this:https://www.wilderssecurity.com/showthread.php?t=195626&page=4

I just made a test here. In 5 mins, I think I bypassed them.

1) I made a .dll file(bypass.dll) with VC++ 6.0. The bypass.dll has a export function with the name "bypass". this function will access one sector in the disk in low level.

2) copy this .dll to the computer which has the Shadowfender(1.0.130) + AntiExecute(2.30.1.317) installed. both of them are in protection mode.

3)run command line like this in cmd.exe: rundll32 bypass.dll bypass.

4)reboot, check the sector changed by bypass.dll with SectorEditor. it was saved.

I found the AE can not prevent .sys and .dll file to run at all. There are too many way to replace the dll in system to bypass the protection of AE.

White.

 

Was AE security level on high?
Also were all protections on?

 

A very good question and I hope the OP does his test again, when AE is configured properly.

The right configuration is :
Security = High
Network Prevention = enabled
Delete Prevention = enabled
Copy Prevention = enabled

In FDISR I had to disable the "Delete Prevention", I wonder if you have to do this in ShadowDefender also.

 

WOW, so many PMs to ask for the dll today. Sorry for the dealy to reply.

Yes, it was in low level after I installed it.
I have to day, if it is in high level, I can only try .vbs,.bat to play samll game

Yes, I have sent it to the support email.

 

is this test destructive? i want to try this in my LUA with SRP enabled.

 

Yes, just tested with AE in low level + RVS 2008 beta, RVS 2008 can restore the changes in sector.

I have to say. AE is a perfect item for normal users with all the protections on.

 

yes, it will wipe the sectors in low level. I can only test it in my Virtual PC.

 

I hold a lot of stock in my HIPS and can think of nothing more radical then to let it try to pierce thru my defense shield.

 

sound very nice...can u try the test with DEEPFREEZE ?? wounder how this monster gona stande it ...btw AE is same company as DF

cheers

 

Hi QQ2595! How one can get a sample of this dll?

Thanks

 

I PMed him actually more than once. Unfortunately no reply. It,s just a reminder for him to check his PM box!

 

Can anyone having a sample of this dll PM me ?

Thanks