|
System Processes |
Post Reply 
|
Page 123> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
molotov 
Moderator Group 
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
 Post Options
 Quote Reply
 Topic: System ProcessesPosted: 02 June 2009 at 5:11pm |
|
The files in the config folder are used by and thus "locked" by the OS. The SAM key's permission is set so the administrator is not able to access it.
SECURITY stores security policies and privilege assignments. |
|
|
Daily affirmation:
net helpmsg 4006 |
|
 |
|
|
As-Ts
Newbie 
Joined: 02 June 2009 Online Status: Offline Posts: 15 |
Post Options
Quote Reply
Posted: 02 June 2009 at 5:01pm |
|
I checked this software through process monitoring. It changed the security files on
'\SystemRoot\system32\config' when I locked a folder or file. The files in that directory are locked by the system and you can't change them specially the file 'SAM'. Are you able to open this file? But some softwares do. And when you are running OS this file only can be opened in read-only mod (Afrer you would open them.) |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 02 June 2009 at 4:46pm |
I'm not familiar with "PC Security Suite", so I am unable to comment on how they may implement some functionality. |
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
As-Ts
Newbie
Joined: 02 June 2009 Online Status: Offline Posts: 15 |
Post Options
Quote Reply
Posted: 02 June 2009 at 4:39pm |
|
My another question is that how is it possible to deny access to files or directories. Like what some softwares do. For example 'PC Security Suite' denies access to directories (i think by changing the system security files (system32\config)) and you wont be able to enter to that directory or copy/move it. Like 'System Volum Information' in each drive root.
|
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 02 June 2009 at 4:38pm |
|
I have used RootRepeal. I have not used ESET, nor have I used RootRepeal to attempt to terminate processes associated with AV software.
Edited by molotov - 02 June 2009 at 4:39pm |
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
As-Ts
Newbie
Joined: 02 June 2009 Online Status: Offline Posts: 15 |
Post Options
Quote Reply
Posted: 02 June 2009 at 4:25pm |
|
Have you ever tried it ?
|
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 02 June 2009 at 4:22pm |
|
Perhaps, an ARK tool such as RootRepeal would be able to do it...
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
As-Ts
Newbie
Joined: 02 June 2009 Online Status: Offline Posts: 15 |
Post Options
Quote Reply
Posted: 02 June 2009 at 4:20pm |
|
Yes. You don't have the permission to close ati-virus processes unless you work out of windows limitation.
Edited by As-Ts - 02 June 2009 at 4:21pm |
|
|
|
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 02 June 2009 at 4:16pm |
|
Very good.
|
|
|
Daily affirmation:
net helpmsg 4006 |
|
|
|
|
As-Ts
Newbie
Joined: 02 June 2009 Online Status: Offline Posts: 15 |
Post Options
Quote Reply
Posted: 02 June 2009 at 4:15pm |
|
I enabled SeDebugPrivilege and accessed all system process.
And now there is no problem. All prosecces except ESET process can be opened by OpenProcess(). Edited by As-Ts - 02 June 2009 at 4:18pm |
|
|
|
|
Post Reply
|
Page 123> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
