I like the idea of lowering my browser's write capability with a restricted token, but that's what I have Simple Software Restriction Policy and EMET for. I never intentionally downloaded or installed StripMyRights.exe, which is in C:\Windows, and Malwarebytes Premium is flagging the registry keys and values written by it as a "Security Hijack", specifically (HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FIREFOX.EXE|Debugger) for example ( there are 4 keys and 4 values in total) Is this put here by EMET or Simple Software Restriction Policy? How can I check that my browser is actually operating under a restricted token rather than a (maliciously) elevated one? Thanks!
My Computer
System One
-
- OS
- windows 8.1
- Computer type
- Laptop
- System Manufacturer/Model
- ASUS
- Browser
- firefox
- Antivirus
- avast