Closed JohnLaTwC closed 3 years ago
https://github.com/Neo23x0/Raccine/blob/b8ea99ad4b4e393b3cab2639b33755a26d3a8868/raccine.cpp#L79
I think you want dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID && dwIntegrityLevel < SECURITY_MANDATORY_SYSTEM_RID
Currently as written, if the IL is System the code returns 3 (High) because of the >= check.
This would break your whitelist because you check for a value of 4
// Is the process running as SYSTEM if (IntegrityLevel(hProcess) == 4) {
Thanks! Fixed in https://github.com/Neo23x0/Raccine/commit/8aa4e43424ddc129847006826fcedc44bd06b79a
Neo23x0
commented
3 years ago Neo23x0
commented
3 years ago
https://github.com/Neo23x0/Raccine/blob/b8ea99ad4b4e393b3cab2639b33755a26d3a8868/raccine.cpp#L79
I think you want dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID && dwIntegrityLevel < SECURITY_MANDATORY_SYSTEM_RID
Currently as written, if the IL is System the code returns 3 (High) because of the >= check.
This would break your whitelist because you check for a value of 4
// Is the process running as SYSTEM if (IntegrityLevel(hProcess) == 4) {