Is Endpoint Protection susceptible to PsSetLoadImageNotifyRoutine based attacks?
Last Updated October 13, 2017
You have grave concerns about a theoretical issue involving PsSetLoadImageNotifyRoutine, which purportedly allows malware authorts to cirumvent endpoint protection solutions. The news is particularly unsettling, as the press coverage surrounding the issue indicates that the PsSetLoadImageNotifyRoutine routine has been a part of the Windows kernel since Windows 2000, remains present in even the latest Windows builds and Microsoft has indicated it will do nothing on their part to fix it.
Windows 2000 - Windows 10
Windows 2000 Server - Windows Server 2016
None of our technologies use PsSetLoadImageNotifyRoutine routines as methods to block execution. As a result, Symantec Endpoint Protection (SEP) is unaffected by this issue.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe