How do some processes in Windows get the PsProtectedSignerAntimalware flag set for them? Meaning how does windows decide which processes should have this flag set when they are created?
More info regarding this flag :
I doubt that Microsoft has hardcoded the list of AntiViruses somewhere and decides which processes should get this flag based on the certificate, so how does windows decide which processes should get this flag?
Lets say i already have a driver loaded, is there anyway i can force my user-mode processes to have this flag?