Message269606
> what's to stop the attacker from distributing their own interpreter that just doesn't use AMSI?
AppLocker https://technet.microsoft.com/en-us/library/ee619725.aspx
(In short, restrict which executables can be run on a particular system by path/certificate/etc.)
Also a combination of ACLs and the fact that they may not be able to copy files onto the system directly anyway - see my post just before yours. |
|
Date |
User |
Action |
Args |
2016-06-30 17:20:04 | steve.dower | set | recipients:
+ steve.dower, brett.cannon, paul.moore, tim.golden, zach.ware, Alexander Riccio |
2016-06-30 17:20:04 | steve.dower | set | messageid: <1467307204.03.0.557405231824.issue26137@psf.upfronthosting.co.za> |
2016-06-30 17:20:04 | steve.dower | link | issue26137 messages |
2016-06-30 17:20:03 | steve.dower | create | |
|