Gravity Zone Software Execution Policy Bypass
Hi guys, all right? During the last week, I've been testing some features of GravityZone and one of them was the program execution blocking policy.
From what I verified, we can block the execution of a software both by the absolute path and by the Hash (MD5/SHA).
I used an EDR test file without changes and it was blocked; however after I used the program "MD5-Hash-Changer" to change the hash value of the .exe, I was able to run it without major problems.
Is there any way to counter this technique?
Comments
-
Kindly contact Bitdefender Business Support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory
Additionally, @Andrei_S Enterprise from Bitdefender Enterprise team can check on this for you.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Hello @Moisés Cerqueira ,
From my knowledge the hash would change in case of am update or manually using a dedicate tool such as MD5-Hash-Changer, for your scenario you can use the absolute path exclusions because there is no way to know the new hash of the file. There are alternative workaround such us importing a list of hashes which might help in some case.
These are described here:
andAlternatively, there is the Application Control feature available for OnPremise infrastructures, you can find more details about it here:
You can also reach out to our Enterprise Support Team which might be able to provide additional solutions for your scenario.
Kind Regards,
1