Gravity Zone Software Execution Policy Bypass
Hi guys, all right? During the last week, I've been testing some features of GravityZone and one of them was the program execution blocking policy.
From what I verified, we can block the execution of a software both by the absolute path and by the Hash (MD5/SHA).
I used an EDR test file without changes and it was blocked; however after I used the program "MD5-Hash-Changer" to change the hash value of the .exe, I was able to run it without major problems.
Is there any way to counter this technique?
Answers
-
Hello @Moisés Cerqueira,
The way to counter this technique would be to block using a combination of the hash & executable file, otherwise, it will still work, as Bitdefender does not match the program the needs to be blocked with what was modified.
I hope I have answered your request. Do let me know if additional assistance is required.
Best regards,
Alex D.
0