Hello Reader,
Tonight I'm back in my home lab with access to all my handy testing VMs! I decided to start up a series of tests on the Application Compatibility Cache artifacts (including Shimcache and Amcache amongst others to be tested). The tests have already shown more than I expected and here is what we learned tonight:
Tonight I'm back in my home lab with access to all my handy testing VMs! I decided to start up a series of tests on the Application Compatibility Cache artifacts (including Shimcache and Amcache amongst others to be tested). The tests have already shown more than I expected and here is what we learned tonight:
- Extracting an executable from a zip into the Desktop directory on Windows 10 is enough to get a shimcache entry
- There was no corresponding Amcache entry
- Extracting an executable from a zip into the root of another file system all together on Windows 10 also created a shimcache entry
- There was no corresponding Amcache entry
- We also didn't get Amcache entries for the programs we did in fact execute
- We did have Amcache entries for programs we never executed!
You can watch the video here:
Also Read: Daily Blog #539
Post a Comment