DKech

Now I will briefly outline the situation that happened in the test. For some very rare programs, special uninstallers have been written, which, if run in the folder of this program, correctly remove this specific program. But if the same uninstaller is run outside the folder of this program, then it literally deletes EVERYTHING from the hard disk (programs, documents, even some system files). Samples of this uninstaller were sent to the EsET laboratory a year ago, and after analyzing the program, analysts recognized it as malicious, creating a signature Win32/KillFiles.NJT trojan. But apparent

Not all ransomware is configured to bypass this. Some kind of flimsy argument. This is the same as saying that you don't need to insert a lock into the door, since the robber has the ability to open the lock with his own key.

Description: Rules for HIPS on default settings Detail: I propose to add to HIPS on the default setting (in automatic, smart modes) several pre-written rules to protect important parts of the operating system - startup, host file, some policies. User Sergey Tversky has already posted some registry keys that could be written to the rules by developers and by default, so that there was a request (alert) to the user from HIPS for any changes in these keys and files. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\*HKEY_CURRENT_USER\Software\Microsoft\Windo

Description: Protecting document folders Detail: Implementation of protection of user folders and files by the type of folder protection in Windows Defender. Now, in order to obtain such protection, the user must independently create a special rule in the HIPS, which is far from being possible for everyone. If the antivirus implements a similar "one-click" folder protection mechanism (just move the switch of this function to the Enabled position and specify the folders required to protect), then it will be very convenient and within the power of any user. This function can be considered a