Tuesday, January 17, 2012


ATTR attributes for Solidcore 5

These are not listed in the documentation I had to get this information from development.


Attr command can be used to configured the required files to behave corresponding the solidifier.

-a  Always authorized attribute
     This attribute allows the user to configure a supported file as always authorized to execute.
      File configured under this attribute will be allowed to execute whether solidified or not.


-b  Bypassed from memory control attribute
      This attribute allows user to configure a process to run bypassed from MP-mangking and MP-decoying.
      This is one of the memory protection technique provided by solidifier but it is disabled by default.


-c  Bypassed from Critical Address Space Protection attribute
     Critical Address Space Protection is the latest and most effective memory protection technique provided by Solidifier. It is enabled by default.


     -c attribute configures a process to run bypassed from MP-CASP.


-d  Bypassed from process stack randomization attribute

    This comes under MP-VASR which is enabled only on special request from customer.


-e  Rebase dll attribute
    Changing the base address of the dll.


-r  Bypassed from dll relocation attribute
     -d, -e and -r attributes belong to VASR memory protection technique. This feature is disabled by default as CASP
     is enabled.


-f  Full crawl attribute
     -f attribute belongs the MP-mangling and MP-decoying memory protection. This feature is disable by default.
 
-i  Bypassed from installer detection attribute
    -i belongs to pkg-ctrl feature which tracks for the installation and uninstallation of MSI based packages...


-u  Always unauthorized attribute
    block the file from execution even if solidified.

-o  Process Context registry bypass:

Solidifier will not track any registry operations for the process configured under this attribute. All the registry operations in context of the configured process will be bypassed from solidifier.


-n Bypassed from DEP:
DEP is the Data Execution Prevention provided by Solidifier for 64-bit Machines. It is  a Memory protection technique provided by solidifier for 64 bit machines.Memory protection check will not apply  on the process configured as ‘Bypassed from DEP’.

-l Anti-Debugging Bypass:


Anti-debugging feature is there to prevent any process to access Memory space of the solidifier product. This is usually done by the debuggers to debug the application.

Any process bypassed from Anti-debugging  feature shall be able to access the solidifier address space in the kernel.

-p Process Context File Operations Bypass

Solidifier will not track any file operations for the process configured under this attribute. All the file operations in context of the configured process will be bypassed from solidifier.

No comments:

Post a Comment