Modifiable Services false positives for explicit AccessDenied DACLs
e0x70i opened this issue · comments
epi commented
Noticed false positives for a number of services, for example most McAfee services.
Checked the ACL and it turns out they have an explicit access denied for the authenticated users SID.
This can probably be fixed by checking the ACE type.
Some jank debug shows the access control type is "AccessDenied" for the false positive sid.
Console.WriteLine("DACL for SID: " + ace.SecurityIdentifier);
Console.WriteLine(ace.AccessMask);
Console.WriteLine(ace.AceType);
Clément Notin commented
Fixed by #15 ;)