Login

***tarekma7*** · 11-27-2018 , 11:16 PM

Quote:Windows Defender will now detect when accessibility programs such as sethc.exe or utilman.exe have been hijacked by an Image File Execution Options debugger so that they can be used as a backdoor.

For those who are not familiar with the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options Registry key, it allows a user to assign debuggers to a program so that they are automatically started when the program is launched. This makes it possible for developers to easily debug their programs when they executed.

Windows Defender will now detect when accessibility programs such as sethc.exe or utilman.exe have been hijacked by an Image File Execution Options debugger so that they can be used as a backdoor.

For those who are not familiar with the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options Registry key, it allows a user to assign debuggers to a program so that they are automatically started when the program is launched. This makes it possible for developers to easily debug their programs when they executed.

Read the full article HERE

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Windows Defender is boosting its response to malware attacks	dhruv2193	0	847	01-20-2021 , 06:29 AM Last Post: dhruv2193
	Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detect	mrtrout	0	975	09-02-2020 , 07:38 AM Last Post: mrtrout
	Newsletter plugin bugs let hackers inject backdoors on 300K sites	*tarekma7*	0	1,013	08-06-2020 , 08:55 PM Last Post: *tarekma7*
	Windows Defender Blocks CCleaner Due to Software Bundled with the Installer	mrtrout	0	1,290	07-30-2020 , 05:20 PM Last Post: mrtrout
	Microsoft renames Windows Defender on Windows 10	dhruv2193	0	1,341	04-13-2020 , 08:25 AM Last Post: dhruv2193