View Single Post
Old 26th February 2021, 16:14   #16
Anders's Avatar
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,420
Regedit cannot take ownership of WinDefend nor Spynet. If Regedit can't do it, we can't do it.

Just to clarify, trying to set S-1-5-32-544 (BUILTIN\Administrators) as the owner of the Spynet key with SetNamedSecurityInfoW fails even though we have enabled both SE_RESTORE_NAME and SE_TAKE_OWNERSHIP_NAME in the process token.

Which tricks are you currently using to bypass this security?

See also:

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote