This table lists some of the most common process activities that sensors detect.

Abnormal file accesses
The process is accessing multiple file types or system files without privileges, for example.
Abnormal file modification
The process is making unusual changes in system files, making files executable, or removing log files or executable files, for example.
Abnormal library or module
The process is using unusual or unknown resources, for example loading libraries from USB.
Abnormal network connection
Unusual network activity for the process, for example binding to a network port or downloading data from the internet.
Abnormal process execution
The process is using suspicious parameters or unusual file paths while running a process or a script.
Changing file visibility
The process is hiding or creating hidden files and directories.
Changing security settings
The process is changing settings such as firewall rules, administrative users, and developer mode access.
Changing user information
The process is adding users or modifying the existing user information.
CC network connection
The process is opening a network connection to a known command-and-control server.
Creating attack tools
The process is building tools on the local computer to disguise their malicious intent.
Credential theft
The process is using a known method or tool to steal credentials.
The process is running custom code within another process, for example in another application.
Lateral movement
The process is attempting to gain further access within the network.
The process is trying to stay persistent, for example with login hooks, crontab, or rootkits.
Privilege escalation
The process is attempting to extend user access, for example trying to log in as an administrator multiple times.
Recon activities
The process is testing the network for potential vulnerabilities.
Sensor tamper
The process is attempting to modify the Sensor, for example trying to turn it off.
Data Collection
The process is retrieving information from documents, browser history, or active directory or it is capturing keystrokes and screenshots.
Memory dumping
The process is storing the contents of computer’s memory.
Enumeration of security settings
The process is checking security settings, for example the firewall rules.
The process is attempting to find and exploit known vulnerabilities.

Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 4 times, 1 visits today)