Closed driverenok closed 4 months ago
Resolves #246
Добавлен детект обхода UAC на основе подмены ассоциации .msc файлов и оснастки EventVwr.
Ресерчи:
FORTIGUARD LABS THREAT RESEARCH Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware;
“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND REGISTRY HIJACKING.
Resolves #246
Добавлен детект обхода UAC на основе подмены ассоциации .msc файлов и оснастки EventVwr.
Ресерчи:
FORTIGUARD LABS THREAT RESEARCH Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware;
“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND REGISTRY HIJACKING.