Since about September 2018, Microsoft's malware detection software will attempt to detect if the UtilMan.exe file has been changed and will delete the 'bad' UtilMan.exe file.
This should mean that replacing the UtilMan.exe file with the cmd.exe file as a means of gaining access to a Windows OS without knowing any user password should no longer be possible and the E2B UtilMan Hack will no longer work.
However, if you boot to Windows in Safe Mode, it delays the removal of a 'bad' UtilMan.exe file by approx. 30 seconds and this is long enough for us to use it to run a cmd batch file and create a new ADMIN user account.
I have updated the UtilMan hack instructions now and revised the .cmd files in E2B v1.A8f Beta to work around the new protection.
This should mean that replacing the UtilMan.exe file with the cmd.exe file as a means of gaining access to a Windows OS without knowing any user password should no longer be possible and the E2B UtilMan Hack will no longer work.
However, if you boot to Windows in Safe Mode, it delays the removal of a 'bad' UtilMan.exe file by approx. 30 seconds and this is long enough for us to use it to run a cmd batch file and create a new ADMIN user account.
I have updated the UtilMan hack instructions now and revised the .cmd files in E2B v1.A8f Beta to work around the new protection.
No comments:
Post a Comment