|
|
|
Deep Freeze operates at the kernel level, loading drivers very early in the boot process to intercept disk write commands. Ideally, this makes it nearly impenetrable from the user level. However, version 8.x (including early builds of 8.30) had specific attack vectors.
One of the most common methods used by "Anti Deep Freeze" tools targeting version 8.30 involved manipulating the uninstallation process. Deep Freeze keeps an uninstall executable ( DF5Serv.exe or similar variants) on the system. If a tool can trick the system into running this uninstaller with elevated privileges without triggering the password prompt, the software removes itself, leaving the system thawed. anti deep freeze 8.30