P
Pennywise
(XP_SP2, SP3)
Lets say this is my boot.ini file:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="XP Pro" /fastdetect
/NoExecute=Optin
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="XP_HOME" /fastdetect
/Noexecute=Optin
I show the following:
From Everest on the CPU:
Data Execution Prevention (DEP, NX, EDB) -> (DEP is Supported)
----
CMD: wmic OS Get DataExecutionPrevention_Available
output: DataExecutionPrevention_Available
output: TRUE ---> (I have DEP available)
----
CMD: wmic OS Get DataExecutionPrevention_SupportPolicy
Output: DataExecutionPrevention_SupportPolicy
Output: 2 -->(Optin switch is enabled)
----
Still following http://support.microsoft.com/kb/912923/ the
Method 2: Use the graphical user interface
Shows true, and it's on. (DEP in enabled on my machine, and OPTIN is
set as the /NoExecute switch.
!!!
It's set because I'm running Comodo firewall and have placed the
BOOT.INI file as a protected file as if I don't, I get:
!!!
partition(4)\WINDOWS="XP Pro" /fastdetect /NoExecute=Optout <----
partition(1)\WINDOWS="XP_HOME" /fastdetect /Noexecute=Optin
or
partition(4)\WINDOWS="XP Pro" /fastdetect /NoExecute=Optin
partition(1)\WINDOWS="XP_HOME" /fastdetect=Optin <----this garbage
or
partition(4)\WINDOWS="XP Pro" /fastdetect /NoExecute=OptOut <----
partition(1)\WINDOWS="XP_HOME" /fastdetect=Optin <---- Or both
The settings above, I copied and pasted to this post (then saved) over
a few days., so they are the real thing.
Now, http://support.microsoft.com/kb/912923/ says, and I just saw this
today:
"In some system configurations, hardware DEP may be disabled by using
the /nopae or /execute switches in the Boot.ini file."
X\Windows\System32\wbem\wmiprvse.exe
appears to be doing this. As Comodo is blocking it's access to the
boot.ini file all the time. http://i47.tinypic.com/33be16q.jpg
Why is this happening? I reinstalled two OS's, cause no matter how
hard I tried - I couldn't find a root kit. Because of Comodo keeping
the BOOT.INI file from changing, the systems have been what I was
looking for, steady, I have to use the Optin switch so Agent won't
crash for one. and only the OptIn switch, of the four options work for
me
Any input would be helpful, as I'm stuck with Comodo because of this.
Not that it's bad, I'm just not used to it's config yet; and yes the
boot.ini file will change as soon as I disable Comodo.
Thanks.
Lets say this is my boot.ini file:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="XP Pro" /fastdetect
/NoExecute=Optin
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="XP_HOME" /fastdetect
/Noexecute=Optin
I show the following:
From Everest on the CPU:
Data Execution Prevention (DEP, NX, EDB) -> (DEP is Supported)
----
CMD: wmic OS Get DataExecutionPrevention_Available
output: DataExecutionPrevention_Available
output: TRUE ---> (I have DEP available)
----
CMD: wmic OS Get DataExecutionPrevention_SupportPolicy
Output: DataExecutionPrevention_SupportPolicy
Output: 2 -->(Optin switch is enabled)
----
Still following http://support.microsoft.com/kb/912923/ the
Method 2: Use the graphical user interface
Shows true, and it's on. (DEP in enabled on my machine, and OPTIN is
set as the /NoExecute switch.
!!!
It's set because I'm running Comodo firewall and have placed the
BOOT.INI file as a protected file as if I don't, I get:
!!!
partition(4)\WINDOWS="XP Pro" /fastdetect /NoExecute=Optout <----
partition(1)\WINDOWS="XP_HOME" /fastdetect /Noexecute=Optin
or
partition(4)\WINDOWS="XP Pro" /fastdetect /NoExecute=Optin
partition(1)\WINDOWS="XP_HOME" /fastdetect=Optin <----this garbage
or
partition(4)\WINDOWS="XP Pro" /fastdetect /NoExecute=OptOut <----
partition(1)\WINDOWS="XP_HOME" /fastdetect=Optin <---- Or both
The settings above, I copied and pasted to this post (then saved) over
a few days., so they are the real thing.
Now, http://support.microsoft.com/kb/912923/ says, and I just saw this
today:
"In some system configurations, hardware DEP may be disabled by using
the /nopae or /execute switches in the Boot.ini file."
X\Windows\System32\wbem\wmiprvse.exe
appears to be doing this. As Comodo is blocking it's access to the
boot.ini file all the time. http://i47.tinypic.com/33be16q.jpg
Why is this happening? I reinstalled two OS's, cause no matter how
hard I tried - I couldn't find a root kit. Because of Comodo keeping
the BOOT.INI file from changing, the systems have been what I was
looking for, steady, I have to use the Optin switch so Agent won't
crash for one. and only the OptIn switch, of the four options work for
me
Any input would be helpful, as I'm stuck with Comodo because of this.
Not that it's bad, I'm just not used to it's config yet; and yes the
boot.ini file will change as soon as I disable Comodo.
Thanks.