Jump to content

Recommended Posts

My setup

Windows 8.1 Update 1

Free version of MBAE 1.05.  I don't have the premium version, but if I did...

 

Is it a good idea to shield Windows system files, such as dllhost.exe and explorer.exe?  Or is it pointless to do this?

 

Let's say I download a .jpg file that can magically exploit Windows Photo Viewer.  When I open it, dllhost.exe is now running.  If it's shielded, then the exploit should be blocked.

Link to post
Share on other sites

If a JPG exploits Windows Photo Viewer, you use MBAE to monitor Windows Photo Viewer.  DLLHost.exe would be ( in your scenario ) the result of a successful exploitation so that's not the solution.

 

It is the program/utility that is exploitable and is targeted by malicious activity that gets monitored by MBAE.

Link to post
Share on other sites

It wouldn't make any sense to do it anyway.  That was just your scenario. 

 

The fact is JPG is a graphic format that is ubiquitous.  Therefore many applications and utilities can be associated to a JPEG by MIME or by the extension and thus would fail miserably as a vehicle for use in a exploitation attack.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.