Previous Topic

Next Topic
Devices

Similar to services access as defined in Services Object chapter you can manage the access of specific applications and processes to system devices.

This setting prevents the system devices and drivers from the executing of various dangerous commands such as formatting hard drive.

Full list of protected actions:

  • Dismount volume
  • Lock volume
  • Set compression
  • Unlock volume
  • Disk eject media
  • Disk format tracks
  • Disk load media
  • Disk media removal
  • Disk reassign blocks
  • Disk set drive layout
  • Disk set partition info
  • Disk verify
  • Serial lsrmst insert

Prevent Low Level API (PLLAPI)

Each Windows application interfaces with the operating system through an Application Programming Interface (Win32 API). Some portions of this API are intended for use by operating system only and not by regular applications. Prevent Low Level API function protects these portions of API:

If PLLAPI is enabled following functions are blocked:

  • AdjustTokenPrivileges
  • SetFileSecurity
  • SetKernelObjectSecurity
  • SetServiceObjectSecurity
  • SetSecurityInfo
  • SetNamedSecurityInfo
  • SetUserObjectSecurity
  • CreateProcessAsUser
  • CreateProcessWithLogonW
  • SHCreateProcessAsUserW

If PLLAPI is enabled System low-level access is prevented and the function wants

to work in other process than in the caller process

  • WriteProcessMemory
  • CreateRemoteThread
  • VirtualAllocEx
  • VirtualProtectEx

See Also

Sanbox Objects

Files and Folders

Registry

Services

OLE/COM

VBA macros

Process Spawning

Miscellaneous