SecEdit.exe
- File Path:
C:\WINDOWS\SysWOW64\SecEdit.exe
- Description: Windows Security Configuration Editor Command Tool
Hashes
Type | Hash |
---|---|
MD5 | A6801C5DCB3EA9358A5BA7A2B0186E56 |
SHA1 | 584DBF4DB30628DB3B6C25C2C813FFB9957650DE |
SHA256 | 22E6324DB60AE1D66650557114A46A3AFAF445B034B347813626B10E3ABC023B |
SHA384 | 59A4FF878C5AE923AEA18415FC9237C54234BF3F631CF1963310F0788F99916C1812CA29C4A7A9FD5A88CD5F90FEC19F |
SHA512 | 12DEB517DACDB01A36996DACAFF98D231BAEE7D6A680F070A3BD4E3543223092428179D35453E8D76F0B58BFB74CDCDED798FC4261C4201C607A7AEFF60ECF85 |
SSDEEP | 384:BqMmwvIDuZ8FahrB1KKWsoqLneqQe1SxPGq7WvzHiWhaXq0lDf2Bh7/oSXkoQfwK:Mav7ZT1KdnyZQkOPGqsKJqT7/pXkf |
IMP | 615449A6A25801F47AE0D7578EB950B4 |
PESHA1 | ECC3F6B2527DFF19BAAAF218A95094D1BA5D4081 |
PE256 | 399E35A6904C2ABA89286DEFD955B3486C3FEB7B25F22B0E05E913AB6D884CF7 |
Runtime Data
Usage (stdout):
The syntax of this command is:
secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]
Loaded Modules:
Path |
---|
C:\WINDOWS\SYSTEM32\ntdll.dll |
C:\WINDOWS\System32\wow64.dll |
C:\WINDOWS\System32\wow64base.dll |
C:\WINDOWS\System32\wow64con.dll |
C:\WINDOWS\System32\wow64win.dll |
C:\WINDOWS\SysWOW64\SecEdit.exe |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED
- Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: SeCEdit
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/22e6324db60ae1d66650557114a46a3afaf445b034b347813626b10e3abc023b/detection
File Similarity (ssdeep match)
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
secedit commands
Configures and analyzes system security by comparing your current security configuration against specified security templates.
[!NOTE] The Microsoft Management Console (MMC) and the Security Configuration and Analysis snap-in are not available on Server Core.
Syntax
secedit /analyze
secedit /configure
secedit /export
secedit /generaterollback
secedit /import
secedit /validate
Parameters
Parameter | Description |
---|---|
secedit /analyze | Allows you to analyze current systems settings against baseline settings that are stored in a database. The analysis results are stored in a separate area of the database and can be viewed in the Security Configuration and Analysis snap-in. |
secedit /configure | Allows you to configure a system with security settings stored in a database. |
secedit /export | Allows you to export security settings stored in a database. |
secedit /generaterollback | Allows you to generate a rollback template with respect to a configuration template. |
secedit /import | Allows you to import a security template into a database so that the settings specified in the template can be applied to a system or analyzed against a system. |
secedit /validate | Allows you to validate the syntax of a security template. |
Remarks
-
If there is no filepath specified, all filenames will default to the current directory.
-
Your analysis results are stored in a separate area of the database and can be viewed in the Security Configuration and Analysis snap-in to the MMC.
-
If your security templates are created by using the Security Template snap-in, and if you run the Security Configuration and Analysis snap-in against those templates, the following files are created:
File Description scesrv.log <ul><li>Location: %windir%\security\logs
</li><li>Created by: Operating system</li><li>File type: Text</li><li>Refresh rate: Overwritten whensecedit analyze
,secedit configure
,secedit export
orsecedit import
is run.</li><li>Content: Contains the results of the analysis grouped by policy type.</li></ul>user-selected name.sdb <ul><li>Location: %windir%\<user account>\Documents\Security\Database
</li><li>Created by: Running the Security Configuration and Analysis snap-in</li><li>File type: Proprietary</li><li>Refresh rate: Updated whenever a new security template is created.</li><li>Content: Local security policies and user-created security templates.</li></ul>user-selected name.log <ul><li>Location: User-defined, but defaults to %windir%\<user account>\Documents\Security\Logs
</li><li>Created by: Running thesecedit analyze
orsecedit configure
commands, or by using the Security Configuration and Analysis snap-in.</li><li>File type: Text</li><li>Refresh rate: Overwritten whensecedit analyze
orsecedit configure
is run, or by using the Security Configuration and Analysis snap-in.</li><li>Content: Log file name, date and time, and the results of the analysis or investigation.</li></ul>user-selected name.inf <ul><li>Location: %windir%\*<user account>\Documents\Security\Templates
</li><li>Created by: Running the Security Template snap-in.</li><li>File type: Text</li><li>Refresh rate: Overwritten each time the security template is updated.</li><li>Content: Contains the set up information for the template for each policy selected using the snap-in.</li></ul>
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.