11-27-2018 , 11:16 PM
Quote:Windows Defender will now detect when accessibility programs such as sethc.exe or utilman.exe have been hijacked by an Image File Execution Options debugger so that they can be used as a backdoor.
For those who are not familiar with the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options Registry key, it allows a user to assign debuggers to a program so that they are automatically started when the program is launched. This makes it possible for developers to easily debug their programs when they executed.
Windows Defender will now detect when accessibility programs such as sethc.exe or utilman.exe have been hijacked by an Image File Execution Options debugger so that they can be used as a backdoor.
For those who are not familiar with the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options Registry key, it allows a user to assign debuggers to a program so that they are automatically started when the program is launched. This makes it possible for developers to easily debug their programs when they executed.
Read the full article HERE