-
March 31st, 2021, 04:52 PM
#1
Create Process with integrity level = HIGH
Hello! A very strange problem.
My application is running under administrator account + High Integrity Level.
It create a process (just CreateProcess). And I expect new process to be High Integrity Level too.
But this happens only if my application is not digital signed. If it is signed, then a new process is created with Medium Integrity Level.
Perhaps this is due to the fact that I have TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN in the security token, and the file of the new process does not have an Integrity Level.
But I set High Integrity Level file too. Did not help. It is not possible to remove the TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN from the token using SetInformationToken (TokenMandatoryPolicy), because SE_TCB_NAME cannot be given the privilege. (Or I don't know how to do it) The most amazing thing is that this only happens in the not signed application. Without a digital signature - everything is ok.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|