We are using an application control solution which denies access for some exes according to their original filename. Is it possible to change original filename with hex editor or another method?
Asked
Active
Viewed 1.2k times
32
-
11Basing a security solution on the immutability of a property and then asking if that property can be changed trivially seems to be in scope indeed. OP asks "Is it possible?" not "How can I do it?" – May 27 '19 at 08:13
-
10To the OP: If you want a solution that is more difficult to defeat, you may want to use some kind of code signing. – Kevin May 27 '19 at 15:43
-
10Have you noticed the "Remove Properties and Personal Information" in your screenshot? Try clicking on it and select "Original Filename". – Damon May 27 '19 at 19:14
-
1Yeah, I tried it, It couldn't remove original filename for cmd.exe. – frkntrn May 27 '19 at 22:07
-
13I'm uncertain if frkntn is trying to create a security system or bypass one. – Mooing Duck May 28 '19 at 04:38
-
6If I want to run something you don't want me to run, I'l be rather annoyed but recompile it from source with a different name. Good luck matching that. – Joshua May 28 '19 at 15:18
1 Answers
59
Yes. There is a tool on GitHub here that can change that information. It supports both 64-bit and 32-bit.
The syntax I used: rcedit-x64.exe cmx.exe --set-version-string OriginalFilename "cmdx.exe" --set-version-string FileDescription "details are irrelevant"
Therefore, your solution may be efficient against beginners, but not against people with IT knowledge.
Overmind
- 8,779
- 3
- 19
- 28
-
26If people are allowed to download and run arbitrary applications from the Internet, there's little point in preventing them from running specific apps on the local machine. "The other side of the airtight hatchway"... – IMil May 28 '19 at 01:03
-
12
-
4Yes, it should invalidate it because the cryptographic hash is also used to validate integrity and file CRC changes after such alteration. – Overmind May 28 '19 at 12:16
-
@IMil you can also make the change with notepad (though not practical if you want to change it to something longer). It's just a lot easier with this dedicated tool. – OrangeDog May 28 '19 at 16:51