Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Gravity Zone Software Execution Policy Bypass

Options
Moisés Cerqueira
Moisés Cerqueira Network Security Analyst | Threat Hunter
in Enterprise Security

Hi guys, all right? During the last week, I've been testing some features of GravityZone and one of them was the program execution blocking policy.

From what I verified, we can block the execution of a software both by the absolute path and by the Hash (MD5/SHA).

I used an EDR test file without changes and it was blocked; however after I used the program "MD5-Hash-Changer" to change the hash value of the .exe, I was able to run it without major problems.

Is there any way to counter this technique?

Tagged:

Answers

  • Gjoksi
    Gjoksi DEFENDER OF THE YEAR 2022 / DEFENDER OF THE MONTH ✭✭✭✭✭
    Options

    Hello.

    Since you need help with business product, @Alex_Dr or @Andra_B (they both provide support for business products) could take a look here and help you with the issue.

    Also, you can always contact the Bitdefender business support:

    https://www.bitdefender.com/business/support/en/71263-85158-contact.html

    Regards.

  • Alex_Dr
    Alex_Dr Quality & Customer Experience Specialist BD Staff
    Options

    Hello @Moisés Cerqueira,


    The way to counter this technique would be to block using a combination of the hash & executable file, otherwise, it will still work, as Bitdefender does not match the program the needs to be blocked with what was modified.

    I hope I have answered your request. Do let me know if additional assistance is required.


    Best regards,

    Alex D.

All Time Leaders

Categories

Defenders of the month