Asked by:
Image file execution option being populated automatically

Question
-
Hello,
I have a W7 computer where the Image File Execution Options key is being populated automatically for various applications with an entry:
MitigationOptions Reg_QWord 0x100 (256)
Every application that has an entry can't run.
I'd like to know how to switch this off.
I thought GFlags might be responsible, so I installed it and run, but can't see anything enabled
Appreciate suggestions on things to try
Thanks
Vaughan
All replies
-
Hi Vaughan,
Execute a full scan in safe mode.
If no help, use a clean iso to in-place upgrade system.
More information here:
An Introduction to Image File Execution Options
https://blog.malwarebytes.com/101/2015/12/an-introduction-to-image-file-execution-options/
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. -
Hello Teemo,
I don't think this is as a result of a malicious attack
I was using EMET on this PC previously and I think somehow I've enabled some option which is causing the behaviour
I have removed EMET but that hasn't resolved, so then I reinstalled GFlags to see if there was something enabled in there
I'd prefer to avoid rebuilding the computer if possible
Virus scan comes up clean
Regards
Vaughan
-
Hello Teemo,
I think I may have worked this out.
If I'm right, as I suspected it was due to my previous testing with EMET
Thanks for your assistance
Regards,
Vaughan
- Proposed as answer by Teemo TangMicrosoft contingent staff, Moderator Friday, July 5, 2019 7:47 AM
-
You are welcome.
Glad to hear this issue has been solved by yourself. Thanks for sharing and hope this experience can help other community members facing similar problems.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.