12-01-17, 01:49 AM
السلام عليكم ...
عندي وصف لمشروع بدي توضيح لهادا الوصف ضروي الرجاء المساعدة
Computer Security Project (Registry Guard)
Action = Delete, Log
Reason = NotFound, Malware, Potential Malware
Signatures Sub-System
Good Luck!
عندي وصف لمشروع بدي توضيح لهادا الوصف ضروي الرجاء المساعدة
Computer Security Project (Registry Guard)
You’re assigned to create a simple Registry anti-malware product, shall be named Registry Guard and that scans the following registry key, which contains the startup programs:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunThe Registry Guard shall read all the values in those Keys and do the following,
- If the path referenced by the registry values is not available, then the Registy Guard will delete that Value item completely, and then it must log and display the performed action
- If the path referenced by the registry value is available, then the Registry Guard will scan the actual File to determine if it is a malware or a potential malware.
The conditions upon which the Registry Guard should mark an application as malware are as follows:
- The file have a matching hash value of a known set of hashes.
- The file have signature content that is identical to a sample content from a known set of samples
The conditions upon which the Registry Guard should mark an application as potential malware are as follows:
- The file contains a string that correspond to URL or IP Address, whereas
o The URL is not a Microsoft URL
o The IP Address is not a local IP Address (From the current local network)
In case the Registry Guard finds a malware, then it should:
- Delete the actual file
- Delete the corresponding Registry Value
- Log and display the performed action
In case the Registry Guard finds a potential malware, then it should:
- Log and display the performed action only
The Log Entry should be a text that is similar to the following:
Registry Value : Action : ReasonAction = Delete, Log
Reason = NotFound, Malware, Potential Malware
Signatures Sub-System
The Registry Guard must contain a subsystem for accepting samples, where it generates two signatures:
- hash
- random bytes
The Registry Guard needn’t store the signatures, only save them during Runtime.