With over 20 years experience in the Anti-Virus Industry, Steve has been a key architect for change in gateway, desktop, and scanning technologies. Currently working in the kernel development team, Steve helps support the touch points between the scanning and protection technologies and the Windows operating system.
Steve Hearnden Blog FeedMore from Steve Hearnden
McAfee Labs
In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution’s (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee’s Advanced Threat ...
