Windows Bind Links Enable EDR Evasion for Malware
Bitdefender researchers have detailed new techniques using Windows bind links to hide malware from endpoint detection and response (EDR) tools by manipulating filesystem views.

Security researchers at Bitdefender have uncovered three novel attack techniques that leverage Windows’ legitimate bind link feature to evade detection by endpoint detection and response (EDR) products. Bind links, managed by the kernel-level driver bindflt.sys, are a standard Windows mechanism used by applications like Store apps, Windows Sandbox, and Windows containers to create virtual paths that transparently map to actual file locations.
However, attackers can exploit this feature by manipulating the bind link's backing path to point to a file under their control. This allows malicious files to be accessed effectively invisibly, as security tools often rely on file paths for identification and trust. If the manipulated bind link redirects a process to load an attacker-controlled DLL from a path it trusts, this technique, known as 'file-binding,' can bypass security measures like the Antimalware Scan Interface (AMSI).
PowerShell, for instance, uses AMSI to scan scripts before execution. By hijacking the amsi.dll path with a bind link pointing to a malicious DLL, attackers can neutralize AMSI scanning without altering PowerShell itself. This method is largely invisible to user-mode processes and most EDR file-system monitors, as they perceive the virtual path as legitimate, unaware that data is being sourced from a malicious backing path.
The second technique, 'process-binding,' extends file-binding to executable images, potentially bypassing EDR detection. In this scenario, a bind link can redirect a process's trusted file path to a benign or attacker-controlled file. For example, a process might believe it is loading the legitimate winver.exe, while in reality, it is being directed to a malicious executable. This makes the attacker's payload invisible to EDRs that verify the file path rather than the file's content or origin.
A significant challenge with these methods is that a single bind link is global and can be detected by other security tools that re-examine paths. To overcome this, Bitdefender researchers developed a third technique called 'silo-binding.' This advanced method requires an attacker to first gain administrator privileges to create a user-defined Windows silo, which provides processes with an isolated view of the system, including its own file paths and object names.
Within a silo, a bind link is not globally visible. An attacker can create two opposing bind links: one that maps a trusted path to their malware within the silo, and another that maps the malware's path back to the original clean file outside the silo. This setup ensures that when a process runs inside the silo, it executes the attacker's payload, while any external scanner attempting to find the payload is redirected to the legitimate file, rendering the malware undetectable.
Silo-binding has been demonstrated to bypass built-in Windows defenses such as AppLocker and Windows Firewall, and even poison Sysmon logs. Crucially, when tested against a standard Mimikatz execution, EDR tools failed to detect the attack when silo-binding was employed, highlighting its effectiveness in evading security monitoring.
While Microsoft has assessed these findings as low severity due to the requirement of administrator access, Bitdefender emphasizes that obtaining such privileges is a common step for cybercriminals. The research underscores the potential for bind links to serve as a powerful post-compromise evasion tool, particularly when combined with advanced techniques like silo-binding, posing a significant challenge for defenders.