Problem: Windows Explorer > right-mouse-click > not responding > hard reset

Discussion in 'ProcessGuard' started by newbornii, Dec 5, 2004.

Thread Status:
Not open for further replies.
  1. gottadoit

    gottadoit Security Expert

    Jul 12, 2004
    The thread on the board seemed to indicate that malware is already using the provided API's to disable WFP on a specific file, then replace it and checksum + enable WFP again

    This being the case would you be considering intercepting calls to the API (not being a Windows System Programmer I am taking those guys at their word that it does exist and is documented enough to be used)

    It seems to me that this is a bit of a hole that is exposed that could potentially be used at some point.

    It comes down to levels of trust, it would be really nice to be able to execute some programs without granting them any extra privileges and think that they didn't have many (if any) method's of getting them. The effect of replacing system DLL's is just as bad as having the ability to install services and drivers

    That is one of the key reasons it would be really good if PG could offer some checksum protection on at least the key handful of system DLL's that provide file, disk and memory access.

    [Edit: fixed link... thanks earth1]
    Last edited: Dec 13, 2004
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.