Behavior monitoringAgents periodically check clients for unusual changes in the operating system or installed software. Administrators (or users) can create exclusion lists to run certain programs despite violating a monitored change or to block certain programs completely. In addition, programs with a valid digital signature may always be started. The following table contains the description. The default value of the monitored changes.
Observed possible changes
Monitored change Description Default value Duplicated system file Many malicious programs create copies of themselves or other malicious programs using file names used by Windows system files. This is usually done to overwrite or replace system files, hide or prevent users from deleting the malicious files. Ask if necessary Modify the Hosts file The Hosts file assigns IP addresses to domain names. Many malicious programs modify the hosts file so that the web browser is redirected to infected, non-existent or fake websites. Always deny Modification of system files Certain Windows system files determine system behavior, including autostart programs and screen saver settings. Many malicious programs modify system files to run automatically at startup and control system behavior. Always deny New plug-in for Internet Explorer Spyware/grayware programs often install unwanted plug-ins for Internet Explorer, such as. B. Toolbars. Browser Helper Objects. Toolbars. Browser Helper Objects. Inquire if necessary
Changes to Internet Explorer settings Many virus/malware programs change Internet Explorer settings, including home page, trusted sites, proxy server settings, and menu extensions. Always deny
Security policy changes Security policy changes can run unwanted applications and change system settings. Always refuse
Firewall policy changes The Windows firewall policy specifies the applications that can access the network, the ports that are open for communication, and the IP addresses that can communicate with the computer. Many malicious programs modify the policy to gain access to the network and the Internet. Ask if necessary Inject a program library Many malicious programs configure Windows so that all applications automatically load a program library (DLL). This allows malicious routines in the DLL to be executed each time an application is launched. Ask for help if necessary
Shell changes Many malicious programs change Windows shell settings to associate themselves with certain file types. This routine can automatically launch malicious programs when users open the linked files in Windows Explorer. Changes in the Windows shell also allow malicious programs to track the programs used and run like legitimate programs. Ask if needed New service Windows services are processes with special functions. They are usually run permanently and with full administrator privileges in the background. Malicious programs sometimes install themselves as hidden services. Ask if necessary New autostart program Many malicious programs configure Windows so that all applications automatically load a program library (DLL). This allows malicious routines to be executed in the DLL every time an application is launched. Ask if needed
Another function of behavior monitoring is to prevent .EXE and .DLL files are deleted or modified. Users with this permission can protect certain folders. In addition, users can choose to protect all Intuit QuickBooks programs with a.
Configure desktop and server groups
Information about virus protection and anti-spyware can be found under Info about search
Configure behavior monitoring
Showing computers with the most common violations of behavioral monitoring policies
Copyright © 2011 Trend Micro Incorporated. All rights reserved.