chkp-alexanderc
commented
1 year ago Hi,
Changes in the registry is just one approach that could be undertaken and, of course, it is not the best fit for every case. You can use filter driver functionality to address most of the filesystem\registry checks.
If you are aware of any other VMware strings, which are leading to detection, you can issue a pull request and we would definitely consider it.
Hi guys,
thank you so much for this cool tool.
I made the Checks for my vm and fixed them all except the string: ven_15ad, I cant change and save it in my registry or is it possible on another way?
The next thing is that after all the work their still a bunch of vmware strings that can be found, but I ask me, can everybody make a full registry scan with any external installed software or not?
Because of the Admin rights for the installation/running the software it should be so and they can figure out that its a vm?
best regards