D7 v8 Breakdown
Just wanted to give a quick breakdown and introduction to the new functionality in v8…
- Red X behavior (the close button for the main window) is now configurable! Visit Config > Custom Stuff to configure the default shutdown behavior when clicking this button.
- Holding the F8 key while starting D7 brings up a startup menu with new options (this also replaces the old get system access prompt.) Among these options are the ability to start in Normal mode (optionally with debug mode enabled or disabling D7’s runonce key entry), System Mode (runs D7 under the local system account to bypass file system / registry permissions), or Service Mode (see below about holding the SHIFT key down for a description.
- Holding SHIFT key while starting D7 now starts in ‘service mode’ which runs under the system account, runs KillEmAll (internal version) until completed, restarting it as needed if malware terminates it, and then launches D7 direct to the malware page.
- You can now choose to only execute a D7′s custom function/script for startup while holding down the CTRL key while starting D7. Visit D7 Config > Custom Functions for the new checkbox option.
- New write protected media detection and warning when starting D7, which gives you the option to run D7 anway or automatically copy D7 to the All Users/Public desktop and run from there.
New Fixes in v8:
- Fixed Relaunch Explorer.exe with System access function.
- Fixed custom apps with randomize file name flag set not launching from write protected media.
- Fixed reporting directory format issues with MalwareScan and FileHandler.
- Fixed a recent typo affecting DataMigrate functionality.
General Improvements in v8:
- Improved user profile directory detection (should now be compatible with non-english Windows versions on live systems) which benefits a huge amount of core functionality.
- Auto Mode (malware page) resumes by default after a crash/reboot, after a 10 second timer giving you a cancel option.
- Improved detection of UNC paths and mapped drives (as D7 cannot perform certain functions when run from a network path.)
- Misc. enhancements to MalwareScan. Improved detection of certain registry values, also improved enumerating values from in-use registry hives when running from other accounts.
- HitmanPro should now always launch under a standard admin account even from system mode, which was causing issues with the app – note this will trigger a UAC prompt when executing from the system account.
- D7 should now handle waiting on apps like HitmanPro better and without user intervention.
- D7 now automatically and silently imports new .cfg files for custom apps when found.
- Improved Remove Policies function (both on live systems with multiple user accounts and offline systems) and now includes restoring Start Menu defaults.
- Added Anti-Spyware software status if installed and detected (only supported on Vista+)
Under the hood enhancements in v8:
- Reduced 3rd party dependencies.
- D7 now has service code and runs as a system service under certain circumstances.
- New method of starting apps under the system account when running under a standard account, affecting several functions (but not enough, more to come.)
- New method of starting apps (like HitmanPro) running as a standard account from the system account, affecting several functions.
- Resuming D7 after a Combofix run is now handled internally without needing a separate module.
- Tons of under the hood improvements for stability and speed by removing obsolete code and streamlining what needed to be there.
- Lots of minor tweaks and adjustments.