Hello Reader,
Tonight we continued our exploration of Server 2019 with a look into how Amcache is behaving on it.
Here is what we learned:
Tonight we continued our exploration of Server 2019 with a look into how Amcache is behaving on it.
Here is what we learned:
- Amcache is still scanning the desktop for executables and adding them to the Amcache when the Application experience scheduled task runs, even if the executable was never run
- Like Server 2008 R2 Amcache is including the contents of the Desktop directory for executions and executables
- Server 2019 appears to be storing command line executions! This is a very different behavior than we've seen before and requires more testing
You can watch the video here:
Also Read: Daily Blog #586
Post a Comment