Shulou(Shulou.com)06/02 Report--

What is the application of Exploit Protection in windows? in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

When reading Microsoft documents, I found a good thing: Exploit Protection

As shown in the figure above, we can add java.exe to the rule base

As shown in the figure above, after we find this rule, we can prohibit java from creating child processes.

Now let's make a comparison:

First, take a look at the code of the interface:

RequestMapping ("list5") public String getList5 (String name) {ProcessBuilder processBuilder = new ProcessBuilder ("whoami"); StringBuilder out = new StringBuilder (); try {Process process = processBuilder.start (); BufferedReader br = new BufferedReader (new InputStreamReader (process.getInputStream (); String line = "" While ((line = br.readLine ())! = null) {out.append (line);}} catch (IOException e) {e.printStackTrace ();} return out.toString ();}

The output is as follows

We now add a rule to java.exe that forbids the creation of child processes

Don't forget to restart the java process

And then we continue to access the same interface.

Although I can't reproduce the jni execution command, I've tested that both java and c are blocked when it comes to process creation.

The downside is that tomcat will not be able to use apr mode (who cares....)

Let's take a look at the Exploit Protection rules of the java process using the powershell command

Get-ProcessMitigation-Name java.exe

The rule that forbids the creation of processes has been opened. So we're going to study how to use commands to set security rules for processes in windows mode with no interface.

Java processes can write absolute paths, for example:

Set-ProcessMitigation-Name c:\ JDK\ bin\ java.exe-Enable DisallowChildProcessCreation

Only write the process name, that is, as long as the condition of the process name is met, the rule will be executed. The following two sentences are set to disable or disable the creation of child process rules.

Set-Processmitigation-Name java.exe-Enable "DisallowChildProcessCreation" Set-Processmitigation-Name java.exe-Disable "DisallowChildProcessCreation" the answer to the question about how the Exploit Protection application is in windows is shared here. I hope the above content can be of some help to everyone. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.