|
|
|
|
|
|
by londons_explore
705 days ago
|
|
|
AV software needs kernel privilidges to have access to everything it needs to inspect, but the actual inspection of that data should be done with no privilidges. I think most AV companies now have a helper process to do that. If you successfully exploit the helper process, the worst damage you ought to be able to do is falsely find files to be clean. |
|
|
Ought. But it depends on the way the communication with the main process is done. I wouldn't be surprised if the main process trusts the output from the parser just a tiny bit too much.