Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350629
Figure 8: (S) Process Avoid List tab
(S) If the payload executable is known to alert specific AVs or known to be incompatible
with certain executables, add the process names to avoid in this tab. For example, if
Kaspersky Internet Suite causes alerts when the payload is launched, type avp.exe into
the edit box and click the Add button.
(S) This process avoid list will stop the dll from executing the file specified in the “Dll
Parameters” tab. If you specified a dll output file the dll will still output the OS and
process information to that file so you can see that the dll was loaded and aborted because
of a process.
(S) For large lists of processes to avoid, the Import List and Export List buttons can
simplify the configuration process.
(S) When configuration is complete, click the Create link(s) button to write the links and
Dlls to the specified drive.
4.2.2 (U) Additional Notes
(S) Shortcut variables may also be used in the path names for the target entries and the
file patterns. For example, %temp%\dir1\dir2\payload.exe would be expanded as a
payload executable directory. Three additional environment variables are expanded if
entered on the GUI for the “Survey output directory” and the “Specify output file” fields,
as follows:
SECRET//20350629
13