Monitoring for system-level routines that perform destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.
It is important to realize that monitoring and interception is a risky technique. Some products that use this technique are so annoying to use (due to their frequent messages popping up) that some users consider the cure worse than the disease!
- Interceptors are useful for some simple logic bombs and Trojans.
- It would be unwise to depend entirely upon behavior monitors as they are easily bypassed.
|Integrity Checking||AV Product Use Guidelines|