Skip to content

Commit

Permalink
adjust per code review
Browse files Browse the repository at this point in the history
  • Loading branch information
@mr-tz
mr-tz committed Dec 2, 2024
1 parent 0e4ebef commit 3ecf5c2
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions anti-analysis/anti-av/protect-process-using-arbitrary-code-guard-or-blockdlls.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ rule:
- and:
- api: SetProcessMitigationPolicy
- number: 4 = sizeof(PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY)
- number: 1 = set policy.flags to 1
- number: 1 = set policy.MicrosoftSignedOnly to 1
- number: 8 = ProcessSignaturePolicy
- and:
- description: blockdlls
- api: InitializeProcThreadAttributeList
- api: UpdateProcThreadAttribute
- number: 0x20007 = PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY
- number: 0x100000000000 = PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON

0 comments on commit 3ecf5c2

Please sign in to comment.