Solved: How does DEM can do pre-tasks, etc.

pieterheijms · ‎06-25-2020

Hi,

Just a question, because I'm interested in the technique.

You can configure a Pre-task for a .exe file (or registry settings). When I start the .exe file, how does DEM hold or pause the process (because first the pre-task needs to be executed). I have no idea, curious how you fixed this.

Cheers,

Pieter

DEMdev · ‎06-25-2020

Hi Pieter,

What? You expect us to share our secrets?

Roughly speaking, the FlexHook* components allow us to detect when a new process starts, and when a process exits. We leverage that for our DirectFlex, application blocking, and privilege elevation features.

View solution in original post

ijdemes · ‎06-25-2020

Hi Pieter,

As far as I know, this is done using the FlexEngine filter driver that hooks into the system. Once an executable is launched the filter driver sees this and executes the configured actions before/after launching the actual executable.

But if you really want a good/correct answer, DEMdev is 'the' person to answer this question.

\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com

ijdemes · ‎06-25-2020

You can see the filter driver using a command prompt and type fltmc

Look for the immflex filter name.

\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com

DEMdev · ‎06-25-2020

Hi Pieter,

What? You expect us to share our secrets?

Roughly speaking, the FlexHook* components allow us to detect when a new process starts, and when a process exits. We leverage that for our DirectFlex, application blocking, and privilege elevation features.

pieterheijms · ‎06-25-2020

I love to know secrets

All

How does DEM can do pre-tasks, etc.