A compensatory approach to anti-virus shortfalls

Abstract

Computer systems security has become an increasingly important field. In the quest to provide the much-needed security many options exist. Systems have however continued to suffer attacks from malware despite the existing controls that have been put in place. One such control is the use of Anti-viruses which are widely used in many systems. Today malware exists that can bypass anti-viruses and cause harm to systems. Many controls exist to try to combat malware infiltration. Organizations and small businesses may not always be in a position to choose the best option for their environment when it comes to dealing with malware. They may not also be able to configure system security tools that may be available to deal with malware detection and prevention. One freely available tool is Sysmon. Sysmon logs critical events in a windows environment and can send them out for further analysis and classification. This research seeks to understand why some malware can bypass anti-viruses and seeks to close the gap by providing tangible recommendations. The end goal provides results that can be adopted by anyone to try to identify malicious activity in their systems by using freely available tools.