cancel
Showing results for 
Search instead for 
Did you mean: 

SolidCore 6.1.3.392 DLL unauthorized modification issue

Hi,

I am able to modify a solidified dll using a notepad on a Windows XP system.

The version of SolidCore deployed is 6.1.3.392.

Solidcore log when a dll is modified is shown below.

<FILE_MODIFIED  file_name="C:\Program Files\TF\ltif.dll" pid="2952" process_name="C:\WINDOWS\system32\notepad.exe" ppid="4924" parent_process_name="C:\WINDOWS\system32\rundll32.exe"  file_type="Unknown" is_system_file="false" user_name="Appox" workflow_id="PKGC_DEFAULT_ALLOW_UNINSTALL:  rundll32.exe" />

a) I took a backup of the dll before modifying.

b) I deleted the content of the original dll by opening it  in a notepad and saved it.

c) Application depending on this dll crashed when executed.

d) When I tried to replace this modified dll with the backup one, access denied message is displayed.


Why modification of the dll is allowed, but blocked from overwriting ?

2 Replies

Re: SolidCore 6.1.3.392 DLL unauthorized modification issue

Certainly could be a bug, but it sounds more like the difference between rights and rules for the two executables notepad.exe and explorer.exe.

Highlighted
neelima
Level 12
Report Inappropriate Content
Message 3 of 3

Re: SolidCore 6.1.3.392 DLL unauthorized modification issue

SecurityGeek, How did you invoke notepad.exe from rundll32.exe?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community