strau0106
commented
10 months ago I guess instead of killing them, a refusal to start is possible as well. (Another SessionIntegrity check?)
Closed NekoJonez closed 10 months ago
strau0106
commented
10 months ago I guess instead of killing them, a refusal to start is possible as well. (Another SessionIntegrity check?)
Oliver-1-1
commented
10 months ago nvidia and amd overlay can also be an issue
NekoJonez
commented
10 months ago nvidia and amd overlay can also be an issue
Nvidia overlay is no issue. I tested it and unless you say it's an allowed application, it gets blocked. The shortcut isn't working and it doesn't pop-up WHILE SEB is in use.
I don't have an AMD device handy ATM to test. I'll test that later.
Oliver-1-1
commented
10 months ago nvidia and amd overlay can also be an issue
Nvidia overlay is no issue. I tested it and unless you say it's an allowed application, it gets blocked. The shortcut isn't working and it doesn't pop-up WHILE SEB is in use.
I don't have an AMD device handy ATM to test. I'll test that later.
Its still not the biggest issue, since the students can just inject into dwm and draw whatever they want or copy the desktop hdc. Or even better name their application dwm.exe which will cause a deadlock betwen the allowed apps and the not allowed ones.
dbuechel
commented
10 months ago As long as the NVIDIA thing is part of the driver itself, there is nothing we can do. Students need their graphics device in order to perform an exam, I'd reckon. But if there are any additional applications which should be part of the default list of prohibited applications, please do feel free to specify them in a new issue or pull request.
It's one thing to avoid abuse during the exams, but it's another thing when somebody can record their whole exam to after that share the video to share the questions. This can be an issue if you work for something like the government exam center
Various recording software like OBS is blocked thankfully, yet NVIDIA ShadowPlay & AMD Radeon ReLive isn't. The annoying part of NVIDIA ShadowPlay is that's it spawns an executeable that also is part of the container that runs the graphics of the device. From what I see, for AMD it's part of the app... but I don't have any AMD devices on hand to test that.
So, a way to detect them recording & just killing them once so the recording is stopped and letting them relaunch for not crashing the graphics driver is the best cause of action. But how should we go about doing that?