SecEdit.exe

  • File Path: C:\WINDOWS\SysWOW64\SecEdit.exe
  • Description: Windows Security Configuration Editor Command Tool

Hashes

Type Hash
MD5 A6801C5DCB3EA9358A5BA7A2B0186E56
SHA1 584DBF4DB30628DB3B6C25C2C813FFB9957650DE
SHA256 22E6324DB60AE1D66650557114A46A3AFAF445B034B347813626B10E3ABC023B
SHA384 59A4FF878C5AE923AEA18415FC9237C54234BF3F631CF1963310F0788F99916C1812CA29C4A7A9FD5A88CD5F90FEC19F
SHA512 12DEB517DACDB01A36996DACAFF98D231BAEE7D6A680F070A3BD4E3543223092428179D35453E8D76F0B58BFB74CDCDED798FC4261C4201C607A7AEFF60ECF85
SSDEEP 384:BqMmwvIDuZ8FahrB1KKWsoqLneqQe1SxPGq7WvzHiWhaXq0lDf2Bh7/oSXkoQfwK:Mav7ZT1KdnyZQkOPGqsKJqT7/pXkf
IMP 615449A6A25801F47AE0D7578EB950B4
PESHA1 ECC3F6B2527DFF19BAAAF218A95094D1BA5D4081
PE256 399E35A6904C2ABA89286DEFD955B3486C3FEB7B25F22B0E05E913AB6D884CF7

Runtime Data

Usage (stdout):


The syntax of this command is:

secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\SecEdit.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SeCEdit
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/22e6324db60ae1d66650557114a46a3afaf445b034b347813626b10e3abc023b/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SecEdit.exe 41
C:\WINDOWS\system32\SecEdit.exe 35
C:\WINDOWS\system32\SecEdit.exe 30
C:\Windows\system32\SecEdit.exe 38
C:\windows\system32\SecEdit.exe 40
C:\Windows\system32\SecEdit.exe 36
C:\Windows\SysWOW64\SecEdit.exe 47
C:\WINDOWS\SysWOW64\SecEdit.exe 41
C:\windows\SysWOW64\SecEdit.exe 49
C:\Windows\SysWOW64\SecEdit.exe 46
C:\Windows\SysWOW64\SecEdit.exe 54

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.

secedit commands

Configures and analyzes system security by comparing your current security configuration against specified security templates.

[!NOTE] The Microsoft Management Console (MMC) and the Security Configuration and Analysis snap-in are not available on Server Core.

Syntax

secedit /analyze
secedit /configure
secedit /export
secedit /generaterollback
secedit /import
secedit /validate

Parameters

Parameter Description
secedit /analyze Allows you to analyze current systems settings against baseline settings that are stored in a database. The analysis results are stored in a separate area of the database and can be viewed in the Security Configuration and Analysis snap-in.
secedit /configure Allows you to configure a system with security settings stored in a database.
secedit /export Allows you to export security settings stored in a database.
secedit /generaterollback Allows you to generate a rollback template with respect to a configuration template.
secedit /import Allows you to import a security template into a database so that the settings specified in the template can be applied to a system or analyzed against a system.
secedit /validate Allows you to validate the syntax of a security template.
Remarks

  • If there is no filepath specified, all filenames will default to the current directory.

  • Your analysis results are stored in a separate area of the database and can be viewed in the Security Configuration and Analysis snap-in to the MMC.

  • If your security templates are created by using the Security Template snap-in, and if you run the Security Configuration and Analysis snap-in against those templates, the following files are created:

    File Description
    scesrv.log <ul><li>Location: %windir%\security\logs</li><li>Created by: Operating system</li><li>File type: Text</li><li>Refresh rate: Overwritten when secedit analyze, secedit configure, secedit export or secedit import is run.</li><li>Content: Contains the results of the analysis grouped by policy type.</li></ul>
    user-selected name.sdb <ul><li>Location: %windir%\<user account>\Documents\Security\Database</li><li>Created by: Running the Security Configuration and Analysis snap-in</li><li>File type: Proprietary</li><li>Refresh rate: Updated whenever a new security template is created.</li><li>Content: Local security policies and user-created security templates.</li></ul>
    user-selected name.log <ul><li>Location: User-defined, but defaults to %windir%\<user account>\Documents\Security\Logs</li><li>Created by: Running the secedit analyze or secedit configure commands, or by using the Security Configuration and Analysis snap-in.</li><li>File type: Text</li><li>Refresh rate: Overwritten when secedit analyze or secedit configure is run, or by using the Security Configuration and Analysis snap-in.</li><li>Content: Log file name, date and time, and the results of the analysis or investigation.</li></ul>
    user-selected name.inf <ul><li>Location: %windir%\*<user account>\Documents\Security\Templates</li><li>Created by: Running the Security Template snap-in.</li><li>File type: Text</li><li>Refresh rate: Overwritten each time the security template is updated.</li><li>Content: Contains the set up information for the template for each policy selected using the snap-in.</li></ul>

Additional References

MIT License. Copyright (c) 2020-2021 Strontic.