In CSA 4.5, multiple various apps injecting code into a single specific

Unanswered Question
May 18th, 2007
User Badges:

In CSA 4.5, multiple various apps injecting code into a single specific process or application. Is there a way to stop <all apps> from injecting code into ONLY one specific application?

I have over 500 events a day as a System API block <all applications> from injecting code into a single specific process. The process (or app) is a Unix Emulation piece. It is called ReflectionX if anyone knows it.

It looks like there isn't a way to put in a HPDeny so that it will stop logging. I am not worried about it, however other security people here feel that it is in someway hurting the application. It is very strange that all these various apps are targeting this single process the most.

What does one do?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tsteger1 Fri, 05/18/2007 - 10:49
User Badges:
  • Red, 2250 points or more

There really isn't a good way with this particular rule. If it is a finite list of apps trying to inject code into r1win.exe, you could create an app class and add it to the exceptions list that are allowed to do this. Not the best security practice especially if it includes apps like iexplore.exe, winword.exe, etc..

Another method might be to use a Dynamic Application Class. Set it up so that whenever Reflections does "X", all applications are allowed to inject code.

This would be a bit trickier since you have to analyse what causes the process in the first place and have it trigger the exception.


This Discussion