|
|
|
|
|
|
by pilif
3691 days ago
|
|
|
of course, then you'll end up with regsvr32.exe which is signed by microsoft and still happily downloads and executes script code from remote servers. Unfortunately, not even this approach will work. No. To be totally safe, you have to whitelist by digest of the exe and command-line arguments. Which basically means that you have to know the the OS works internally. |
|
|