0

I am trying to set permission on an application as read/execute only, I can achieve this by using c++ windows SetSecurityDescriptorDacl() function.

But after that admin can change it by right clicking on a file

properties->security->advanced->Change Permission

But somehow antivirus prevents these charges on their application as shown in below image

enter image description here

Amit.Desai
  • 185
  • 1
  • 1
  • 13
  • You can remove admin rights, however admin can always re-take ownership. – Richard Critten Jul 26 '17 at 09:56
  • @RichardCritten But how antivirus did this? For example in Symantec antivirus the current owner is system, if I try to change the owner to administrator it popups Access denied error message. – Amit.Desai Jul 26 '17 at 10:11
  • Typically, this is done using a file system filter driver. – Harry Johnston Jul 27 '17 at 00:49
  • Hi thanks @HarryJohnston, can you please help me on this by little more detail... Sorry for bothering you – Amit.Desai Jul 27 '17 at 03:05
  • https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/introduction-to-file-system-filter-drivers – Harry Johnston Jul 27 '17 at 03:07
  • 1
    A file system filter driver intercepts every file system request - including permissions changes - and can inspect, modify, or reject them. In this case the file system filter driver would be rejecting the request to change the permissions on that particular file. – Harry Johnston Jul 27 '17 at 03:08
  • 1
    ... of course, the system administrator can always uninstall or disable the anti-virus software and *then* change the permissions on the file. Or boot to Linux, or remove the disk drive and install it in a completely different machine, or ... at the end of the day, trying to stop the system administrator from doing something is almost always pointless. – Harry Johnston Jul 27 '17 at 03:10
  • Thank you very much will work on it and get back to you...☺ – Amit.Desai Jul 27 '17 at 03:18
  • @HarryJohnston thanks....it works – Amit.Desai Aug 04 '17 at 05:45

0 Answers0