CIS 3.5.57173.439 and ZwTerminateProcess kill method [RESOLVED]

Hello,
I have downloaded Advanced Process Termination (APT) v4.2 and I tested it with CIS.
CIS is only able to be terminated with “Kernel Kill 2” (ZwTerminateProcess) :-
Im using WinXP 32bit SP3 and CIS is in maximum protection (Proactive Security).

I was not able to reproduce a fail for APT4.2 Kernel2 PoC.

Kernel2 PoC involves copying an apt.sys driver to System32\drivers folder and loading this driver using Service Control Manager
Blocking either one of these alerts will prevent the PoC.

My system specs are:
P4 HT 3 GHz and over 1gb ram available and XP sp3 32bit, HW DEP Optout.
Other apps: Comodo Safesurf, Unlocker assistant, Speedfan, Daemon tools 4.30.1 , CIS 3.5.57173.439, COMODO Vulnerability Analyzer 1.1.4, Logitech Setpoint 4.60.122, Symantec Software Virtualization 2.1.3062

CIS config: Proactive Security

Hello,
I’m getting the alert about the driver too. But CIS isn’t supposed to block the termination without an alert?

To test those PoCs you only need to select Treat As Isolated application on the first alert.
Allowing all alerts defeats the prevention purpose of D+

As a kernel driver run privileged code, to pass this PoC it is needed to prevent the kernel driver to run and the most important way is to block Service Control Manager access.

Now it makes sense. Thanks for the info :■■■■

I will now close this thread.

Please PM any online mod if you want it re-opened.

Cheers,
Josh