Unless they’re doing app signing or binary examination, some of the methods to “log every app” literally look for an executable name. Renaming “firefox.exe” to “explorer.exe” (an obviously allowed executable name) and then executing it will still run Firefox.
Unless they’re doing app signing or binary examination, some of the methods to “log every app” literally look for an executable name. Renaming “firefox.exe” to “explorer.exe” (an obviously allowed executable name) and then executing it will still run Firefox.
Yeah, I don’t know how they’re doing it. They’re using some “zero trust” system. It’s beyond me.