It is possible to bypass Cb Protection’s tamper protection, enabling a malicious actor to:
Run a malicious file
Prevent the startup of the Cb Protection agent or the server
One of the responsibilities of Tamper Protection is to prevent registry modifications involving the agent’s and server’s binaries. In Microsoft Windows 64-bit operating systems, Tamper Protection is protecting the wrong registry keys. A malicious actor can exploit this flaw to define a bogus debugger entry and run a malicious file or prevent the startup of the agent or server.