View Single Post
Old 26th February 2021, 16:14   #16
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,420
Regedit cannot take ownership of WinDefend nor Spynet. If Regedit can't do it, we can't do it.

Just to clarify, trying to set S-1-5-32-544 (BUILTIN\Administrators) as the owner of the Spynet key with SetNamedSecurityInfoW fails even though we have enabled both SE_RESTORE_NAME and SE_TAKE_OWNERSHIP_NAME in the process token.

Which tricks are you currently using to bypass this security?

See also:
https://docs.microsoft.com/en-us/win...nership-in-c--

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote