Message 269606 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steve.dower
Recipients	Alexander Riccio, brett.cannon, paul.moore, steve.dower, tim.golden, zach.ware
Date	2016-06-30.17:20:03
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1467307204.03.0.557405231824.issue26137@psf.upfronthosting.co.za>
In-reply-to

Content
> what's to stop the attacker from distributing their own interpreter that just doesn't use AMSI? AppLocker https://technet.microsoft.com/en-us/library/ee619725.aspx (In short, restrict which executables can be run on a particular system by path/certificate/etc.) Also a combination of ACLs and the fact that they may not be able to copy files onto the system directly anyway - see my post just before yours.

> what's to stop the attacker from distributing their own interpreter that just doesn't use AMSI?

AppLocker https://technet.microsoft.com/en-us/library/ee619725.aspx

(In short, restrict which executables can be run on a particular system by path/certificate/etc.)

Also a combination of ACLs and the fact that they may not be able to copy files onto the system directly anyway - see my post just before yours.

History
Date	User	Action	Args
2016-06-30 17:20:04	steve.dower	set	recipients: + steve.dower, brett.cannon, paul.moore, tim.golden, zach.ware, Alexander Riccio
2016-06-30 17:20:04	steve.dower	set	messageid: <1467307204.03.0.557405231824.issue26137@psf.upfronthosting.co.za>
2016-06-30 17:20:04	steve.dower	link	issue26137 messages
2016-06-30 17:20:03	steve.dower	create