Restarting with safe mode wasn’t possible, nor adding USB with different OS.
Using MoveFileEx with the flag MOVEFILE_DELAY_UNTIL_REBOOT also won’t help because it seems that the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManagerPendingFileRenameOperations is also being protected and this API call is trying to modify it. If I will succeed to clean the logs, my activity won’t be reported to the main server.Įven with the fact that I had SYSTEM privileges, it is not an easy task to clean the logs because Symantec has an open handle to its logs and you can’t stop it from working. All started when I was doing some penetration testing on a customer, trying to manipulate one application and Symantec “shout” on it and quarantined my malicious DLL :(Īt that moment I was curious to see if there is a way to clear Symantec logs which are saved in: C:\ProgramData\Symantec\Symantec Endpoint Protection\ \Data\Logs
0 kommentar(er)
