What Does Anti-Malware Protecting Means?
Ant-Malware Protection was introduced Microsoft from Kernel 8.1 (Windows 8.1 and Windows Server 2012 R2). It defines additional protection for application layer processes using DRM. A typical process cannot perform operations such as the following on a protected process (see Protected Processes Document):
· Inject a thread into a protected process
· Access the virtual memory of a protected process
· Debug an active protected process
· Duplicate a handle from a protected process
· Change the quota or working set of a protected process
The detail description of Anti-Malware Protection is done in Protecting Anti-Malware Services Document.
Ant-Malware Protection was introduced Microsoft from Kernel 8.1 (Windows 8.1 and Windows Server 2012 R2). It defines additional protection for application layer processes using DRM. A typical process cannot perform operations such as the following on a protected process (see Protected Processes Document):
· Inject a thread into a protected process
· Access the virtual memory of a protected process
· Debug an active protected process
· Duplicate a handle from a protected process
· Change the quota or working set of a protected process
The detail description of Anti-Malware Protection is done in Protecting Anti-Malware Services Document.
How it is seen?
Microsoft uses Anti-Malware Protection to protect system privilege services such as WinInit.exe or Services.exe.
The following picture demonstrate how to check protection type. On Windows 10 for Services.exe it setup as Light (WinTcb):
Microsoft uses Anti-Malware Protection to protect system privilege services such as WinInit.exe or Services.exe.
The following picture demonstrate how to check protection type. On Windows 10 for Services.exe it setup as Light (WinTcb):
Anti-Malware Protection Get Over
Anti-malware protection blocks instrumentation any non-Microsoft signing DLL into system process.
Practical for us Anti-Malware Protection means that our instrumentation technology and RPC tracing tool which worked for Windows 7 could not work on Windows 8 and Windows 10 - Anti-Malware has to block DLL injection into system processes.
I guess Microsoft has to appreciate us that we researched and got over Anti-Malware Protection and injects our non-Windows signing trace DLLs into system processes. It's illustrated by following picture where is CRFilter.dll and RpcTrace.dll are working in Servces.exe context on Windows 2012 R2 Server:
Anti-malware protection blocks instrumentation any non-Microsoft signing DLL into system process.
Practical for us Anti-Malware Protection means that our instrumentation technology and RPC tracing tool which worked for Windows 7 could not work on Windows 8 and Windows 10 - Anti-Malware has to block DLL injection into system processes.
I guess Microsoft has to appreciate us that we researched and got over Anti-Malware Protection and injects our non-Windows signing trace DLLs into system processes. It's illustrated by following picture where is CRFilter.dll and RpcTrace.dll are working in Servces.exe context on Windows 2012 R2 Server:
and on Windows 10:
Can I Inject my own DLL Into Privilege Process?
Yes, it is possible by using our tool. It has open interface which allows you inject your DLL into any process for any Windows version.
You have to call us for additional instruction.
But because our tool may be used for both - building additional security and hack information, you have to be ready answer on the question how you plan using our tool.
How to use Anti-Malware Protection to Protect My Product?
The Document Protecting Anti-Malware Services has detail instruction how to protect private Product by anti-Malware protection.
We may suggest other schema which utilize our driver instead of not good defined Early Launch Anti-Malware (ELAM) driver.
<TBD>
Yes, it is possible by using our tool. It has open interface which allows you inject your DLL into any process for any Windows version.
You have to call us for additional instruction.
But because our tool may be used for both - building additional security and hack information, you have to be ready answer on the question how you plan using our tool.
How to use Anti-Malware Protection to Protect My Product?
The Document Protecting Anti-Malware Services has detail instruction how to protect private Product by anti-Malware protection.
We may suggest other schema which utilize our driver instead of not good defined Early Launch Anti-Malware (ELAM) driver.
<TBD>