Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 11447 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto restart of AV services.

ZMagnum

As you may know there are many viruses out there that attempt to shut down the AV service in the backgroud without user knowledge.  I have figured out a way using our LEM (Solarwinds Log and Event Manager) to restart any AV service as soon as it's shut down.  I've been running it for a while with Sophos AV and another AV without any issues.  It looks for "Service Stop" events.

If you have the LEM or similar and are interested let me know.

Mark.

:56480


This thread was automatically locked due to age.
Parents
  • 0

    Hello ZMagnum,

    basically you can perform - let's call it - remediation either with an agent on the endpoint/client or using Windows APIs. The former could be targeted by malware in the same way as an AV service and there are ways to thwart the latter. Regardless of the method the malware could, as I've said, take a dynamic approach, i.e. monitor the service's state, instead of doing a one-shot attempt to stop it.

    Christian

    :56578
Reply
  • 0

    Hello ZMagnum,

    basically you can perform - let's call it - remediation either with an agent on the endpoint/client or using Windows APIs. The former could be targeted by malware in the same way as an AV service and there are ways to thwart the latter. Regardless of the method the malware could, as I've said, take a dynamic approach, i.e. monitor the service's state, instead of doing a one-shot attempt to stop it.

    Christian

    :56578
Children
No Data