Gravity Zone Software Execution Policy Bypass

Hi guys, all right? During the last week, I've been testing some features of GravityZone and one of them was the program execution blocking policy.

From what I verified, we can block the execution of a software both by the absolute path and by the Hash (MD5/SHA).

I used an EDR test file without changes and it was blocked; however after I used the program "MD5-Hash-Changer" to change the hash value of the .exe, I was able to run it without major problems.

Is there any way to counter this technique?

Answers

  • Hello.

    Since you need help with business product, @Alex_Dr or @Andra_B (they both provide support for business products) could take a look here and help you with the issue.

    Also, you can always contact the Bitdefender business support:

    Regards.

  • Alex_Dr
    Alex_Dr BD Staff

    Hello @Moisés Cerqueira,


    The way to counter this technique would be to block using a combination of the hash & executable file, otherwise, it will still work, as Bitdefender does not match the program the needs to be blocked with what was modified.

    I hope I have answered your request. Do let me know if additional assistance is required.


    Best regards,

    Alex D.