search cancel

Is Endpoint Protection susceptible to PsSetLoadImageNotifyRoutine based attacks?


Article ID: 170278


Updated On:


Endpoint Protection


You have grave concerns about a theoretical issue involving PsSetLoadImageNotifyRoutine, which purportedly allows malware authorts to cirumvent endpoint protection solutions. The news is particularly unsettling, as the press coverage surrounding the issue indicates that the PsSetLoadImageNotifyRoutine routine has been a part of the Windows kernel since Windows 2000, remains present in even the latest Windows builds and Microsoft has indicated it will do nothing on their part to fix it.


Windows 2000 - Windows 10

Windows 2000 Server - Windows Server 2016


None of our technologies use PsSetLoadImageNotifyRoutine routines as methods to block execution. As a result, Symantec Endpoint Protection (SEP) is unaffected by this issue.