Online criminals hate us. We protect you from attacks that antivirus can't block.

Interference between Windows OS and Thor Admin Privilege

Recently, we encountered an unusual situation that happens within our software when using Command Prompt on Windows, with The Admin Privilege enabled.

mceclip0.png

After clicking on the "ELEVATE" button from our Thor Client, and stating the elevation reason, with a pop up located in the bottom right on your screen, allowing full administrator rights for your machine.

mceclip1.png

mceclip2.png

If you run the Windows Command Prompt with administrator rights within the elevated right time frame you`ll receive full administrator access on your machine, which will not be removed once the timer will end, and you can spawn any other process you want, even if the "Access Removed" message shows on your machine.

mceclip3.png

mceclip7.png

mceclip5.png

This is due to the Windows OS processes functionality: a process spawned from another process keeps the rights of its parent.

mceclip0.png

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.