Add AntiSandbox system parameters detection signature#578
Conversation
This file implements an AntiSandbox system parameters detection signature, which queries or modifies system parameters related to user presence detection and sandbox evasion techniques.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a new signature module, AntiSandboxSystemParametersInfo, to detect Windows sandbox evasion techniques that query or modify system parameters. The review feedback highlights potential runtime issues and fragility in how the Action parameter is parsed and matched. Specifically, the reviewer recommends converting the dictionary keys to integer constants and safely parsing the Action argument to prevent AttributeError exceptions and ensure robust matching regardless of whether the parameter is captured as an integer or a string.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
1 participant
This file implements an AntiSandbox system parameters detection signature, which queries or modifies system parameters related to user presence detection and sandbox evasion techniques.
Seen in 2017 kazuar 8490daab736aa638b500b27c962a8250bbb8615ae1c68ef77494875ac9d2ada2
