none
Image file execution option being populated automatically RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    I have a W7 computer where the Image File Execution Options key is being populated automatically for various applications with an entry:

    MitigationOptions  Reg_QWord  0x100 (256)

    Every application that has an entry can't run.

    I'd like to know how to switch this off.

    I thought GFlags might be responsible, so I installed it and run, but can't see anything enabled

    Appreciate suggestions on things to try

    Thanks

    Vaughan

    Monday, June 17, 2019 3:56 AM
    |

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Vaughan,

    Execute a full scan in safe mode.

    If no help, use a clean iso to in-place upgrade system.

    More information here:

    An Introduction to Image File Execution Options

    https://blog.malwarebytes.com/101/2015/12/an-introduction-to-image-file-execution-options/

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 18, 2019 2:09 AM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Teemo,

    I don't think this is as a result of a malicious attack

    I was using EMET on this PC previously and I think somehow I've enabled some option which is causing the behaviour

    I have removed EMET but that hasn't resolved, so then I reinstalled GFlags to see if there was something enabled in there

    I'd prefer to avoid rebuilding the computer if possible

    Virus scan comes up clean

    Regards

    Vaughan

    Tuesday, June 18, 2019 10:19 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Teemo,

    I think I may have worked this out.

    If I'm right, as I suspected it was due to my previous testing with EMET

    Thanks for your assistance

    Regards,

    Vaughan

    Thursday, June 20, 2019 12:40 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    You are welcome.

    Glad to hear this issue has been solved by yourself. Thanks for sharing and hope this experience can help other community members facing similar problems.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 20, 2019 1:31 AM
    |
    Moderator