I need a solution
Hi everyone,
I need some help fixing an interesting issue. I have a windows 2008 box with default "Hardened policy" applied to it. I am also running a vulnerable application on this box which allows remote code execution and throws back the command shell to the attacker machine. The vulnerable application is running under "Hardened" sandbox.
With above settings, SDCS is not preventing the attack and the attacker is able to obtain the shell. My assumption based on some SDCS videos was that even in the case of successful exploit, SDCS will prevent the attacker to get the shell. Am I missing something?
What policy changes are required to prevent any application from returing the shell without hindering the sysadmin operations?
Regards,
Nadeem