Activities Virus Control Improved

Been to own tests, AVC and IDS are unable to monitor the following malicious behavior, in order to help improve the AVC and IDS, I propose the following behaviors hope improved. Thank you

Behavior Description: inject code, modify EIP execute their own code, perpetrating a fraud, so that users considered normal process

For example:% WINDIR% \ explorer.exe of Explorer.exe of

Behavior Description: After running delete itself.

Behavior Description: tampering with system files

This AVC unable to detect:% system% \ config \ system.LOG

Behavior Description: Disable Registry Editor

Behavior Description: Disable Task Manager

Behavior Description: Modify function entry point attribute to writable

This AVC unable to detect: ws2_32.dll getaddrinfows2_32.dll gethostbyname!!

Behavior Description: inline hook own process

This AVC unable to detect: xxx.exe WS2_32.dll gethostbyname Ordinal:! 52 HookType: InlineHook

Behavior Description: using the global message hook injected into other processes specified file

This AVC unable to detect:% system% \ ftpdll.dll

Behavior Description: Create a common file system of the same name, suspected of hijacking the normal file system, common in virus behavior

This AVC unable to detect: [shell] - explorer.exe


  • Hi. I am not entirely sure about this but I think you're referring to File Integrity Monitoring here, not Intrusion Detection. Please correct me if I'm wrong. 1.gif

Featured content

bitdefender review banner

Ukrainian Government Websites Defaced in Massive Cyberattack

Hackers took down and defaced several Ukrainian government websites after diplomatic talks between Ukrainian, Russian and US officials reached a dead end on Thursday.

Read more
bitdefender review banner

Top Five Security Tips for iPhone Owners in 2022

‘Less is more applies’ perfectly to exploits targeting iOS. They are rare, but can inflict major damage..

Read more
bitdefender review banner

Critical Vulnerability in 3 WordPress Plugins Impacts 84,000 Websites

“Security experts last week disclosed a critical WordPress plugin vulnerability affecting over 84,000 websites"

Read more