Time
3 hours 35 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Transcription

00:00
Hello and welcome to P C Security Intermediate course
00:04
This video I will be talking about
00:07
how to make sure that how to protect your anti Melber solution Andre Ware software, so to make sure it's always working. So what about killing the anti wires?
00:20
There are small mile wears
00:24
that when they start on your PC, the first thing they do is they stopped the process or processes off tomorrow. Software. So basically, they killed a we
00:36
so that they can do the things they are planning to do. So, um,
00:40
the before that they're not doing anything that a we can them
00:47
detectives a suspicious behavior. But from that point on,
00:52
they can do whatever they want because they know the A is done
00:57
and there are a couple ways to prevent it. So the 1st 1
01:00
is a mix of defender 80 p,
01:06
and it's something called temper protection.
01:11
Eso. It's essentially preventing anybody to from tempering with important security features.
01:21
And it's part of Windows security settings,
01:25
Um, and it actually essentially protects and time our from being stopped. The Ben thing is that the only anti member that it's actually protecting his windows defender and them over. So the built in and time our that is in Windows
01:42
is what is actually being protected with this. Uh huh,
01:49
Optioning in Windows security settings.
01:52
So if you're using some other on Tim over,
01:53
yes, it is stated in the in Windows security settings as a current anti malware solution. So when there's one complained because Microsoft ah anti malware solution is not working,
02:08
but then you cannot use this
02:12
function.
02:13
If you decide to work with the built in Microsoft anti malware solution, then you're okay. So then you can use this.
02:21
If not, then you have to choose some other way. So the second thing is to find the way to launch your anti virus or anti mull over as a critical process.
02:32
So in Windows, when you stop the critical process,
02:37
what happened is that basically your windows locks,
02:42
so you get this blue screen.
02:44
The Colonel Windows kernel will will essentially stop your system. You'll get this blue screen, and then your machine cannot go on. So, essentially what happens is that you're in the Mallory's stopped in the in its first tracks.
03:01
It doesn't mean that you have killed the anti Mauer But it at least it has prevented and time Arab buyer softer from being stopped.
03:09
And then the next time you start your machine, it might try to do the same thing again. But then it will go just in the loop or football screens,
03:22
so at least you'll know that something very wrong with your system.
03:27
Um,
03:28
the problem with this is that sometimes there is, Ah,
03:34
it's really difficult to start your A B is a critical process and really depends on I vis a VI solution that you're choosing. So one of the things that you can put on the list of criteria when choosing anti malware is
03:47
can it be launched? There's a critical process. If it can, then it's cool,
03:55
Okay? And the third way to do it is to use third party solution. Eso.
04:01
There are few third party solutions on the market that do this
04:05
on. There are some I, Reese oceans that have something like this built in there. Let's a
04:14
original core code.
04:15
Um, I will talk about one solution because I had the experience working in it, but I'm not saying that this is the only one or the best one.
04:25
So it's HP sure run, and it comes basically free with the Ole HP pieces that are off the circum level and above. So all those that have the sure start I was talking about before, Uh, most of them, they have sure run.
04:42
So sure, Ron is basically a piece of software that's it's
04:46
very high in prayer. Italy stuff Windows,
04:48
and it is monitoring whatever on type wires are anti mulberry solution you have
04:58
in your set up in your Windows security settings as currently turned on anti wire, softer.
05:05
So if you look at the window security set up screen here on the on screen, you see that, for example, on my machine, I have a vast antivirus says as a antivirus solution set up in Windows security
05:19
and when those defender anti virus system duff. So this is my set up, and then the Iran is there to act and restart whatever process is set up as the anti wires in the Windows security settings.
05:36
So if this process goes down, it will simply restarted in. But it started again,
05:43
and the good thing about the whole HB set up is that the show Ron is also protected by the shore Start So So essentially, if somebody tries to disable show Ron process
05:57
uh, it will be detected by harder cheap on the on your mother board. So it is really
06:05
Ah, really good solution. The only problem is that we dissolution. You are bound to use the certain harbor it cannot be used on any other is vendors BC
06:18
So we're here at the end of from
06:23
the this video and the question for you is just to remind you of what you have been learned. These how can you prevent anti members suffer from being stopped
06:33
and the possible answer ours to launch. It is a critical process
06:39
to launch it with highest privileges or to launch it is a service, and the correct answer is
06:45
to launch it as a critical process. If you remember, if you stopped critical process, the whole machine goes to blue screen mode. So it
06:53
looks,
06:55
um,
06:56
telling this video you have learned about three ways to protect your anti malware process for Bill being killed by Malbert. And in next lesson, I'm goingto pay short attention to firewalls on a PC

Up Next

Intermediate PC Security

The Intermediate PC Security course will teach students about endpoint protection. Students will learn fundamental information about PC Security and common attack vectors.

Instructed By

Instructor Profile Image
Milan Cetic
IT Security Consultant
Instructor