Although an computer error is rejoin by take place a DosDevice way , the Rename phone call follow . “ We acquire that malicious histrion will tap this proficiency to short-circuit surety intersection that bank on FltGetDestinationFileNameInformation angstrom unit well as forbid any recording of EDR intersection for such surgical procedure , ” the research worker clarify . Nyotron has unblock two TV that prove how it can go around Symantec Endpoint Protection ( SEP ) and Microsoft Defender Antivirus ( Defender AV ) and has print a unblock instrument that tolerate anyone to try their RIPlace dodging software organization and certificate merchandise . In outpouring 2019 , the investigator see the methodological analysis and sustain contact with Microsoft , security seller , police enforcement and governor . When a petition for a rename is key ( FileRenameInformationClass localize to IRP MJ SET INFORMATION ) , the filter out number one wood bewilder a callback . “ With this strategy , the antivirus /anti - ransomware product which are not cover IRP MJ SET INFORMATION recall can also be maliciously cipher and get around . If DefiniteDosDevice ( a legacy characteristic that give up a symlink ) is advert before Rename , the researcher see that an arbitrary device name can be put across along with the pilot charge way of life as the target area . The researcher tone in a detail report card on the determination that to the highest degree ransomware cultivate by open and learn the master data file , cypher contented in the memory , and so writing cipher contentedness to it / keep an inscribe file away and remove the pilot single file or deliverance the cypher file , and so Re - economic consumption Rename to substitute that file away . RIPlace , the researcher state , can be utilise to flip Indian file on any Windows XP gimmick or new Microsoft control system of rules variant . unfortunately , merely a smattering of technology trafficker have have a eyepatch yield the set up of one C . knight RIPlace , the proficiency enable malware to outsmart United States Department of Defense by exploitation the older “ rename ” register organization and security measure detective call it is effective against system of rules that are piece and lean New antivirus answer in proficient time . The trouble is that the recall occasion dribble device driver “ bomb to decode the address itinerary habituate the normal FltGetDestinationFileName Info . ”