Stealthy New Attack Puts Security Tools in a 'Coma'

A security researcher has developed a new tool that can temporarily disable endpoint detection and response (EDR) and antivirus solutions without using vulnerable drivers. The technique cleverly abuses a legitimate operating system error reporting feature by initiating a memory dump of a security process, which suspends its operations. By then immediately suspending the error reporting process itself, the attack leaves the target security software indefinitely frozen in a 'coma state.' This user-mode method bypasses common protections and is harder to detect than traditional techniques because it relies entirely on trusted system components. The tool's release highlights an evolution in evasion tactics, forcing security teams to monitor for unusual activity from legitimate system processes to defend against such attacks.