首页>
外国专利>
Behavioral detection based on uninstaller modification or removal
Behavioral detection based on uninstaller modification or removal
展开▼
机译:基于卸载程序修改或删除的行为检测
展开▼
页面导航
摘要
著录项
相似文献
摘要
To evade heuristic detection, malware is often designed to trick users into installing the malware by being packaged in a standard installer known to the user's computer for typically installing legitimate software. To prevent removal of the malware, the malware modifies or removes its uninstaller. A security module manages this type of evasion technique by monitoring and detecting installations performed on a computer. The module detects attempts to remove or modify the uninstaller for the application to render the uninstaller incapable of uninstalling the application. The module can intercept and block such attempts, and then analyze the application for malicious code. Where the application is determined to be malware, the module prevents malicious activity. The module can also use the malware's own uninstaller to uninstall the malware from the computer.
展开▼