After terminal installed Aagent, why antivirus software report found virus?
Due to Agent end antivirus software based on behavior ways to antivirus, lead to misinformation.
Current antivirus software company antivirus principle mainly has the following two kinds:
1, virus signature files
Based on analysis of the virus file, extraction of the virus binary code, each antivirus manufacturer technology is different, the extracted code is different, this method misinformation rate is low, but due to need to extract binary code, so are update virus library after the virus appears, there exists hysteresis quality, in order to solve the hysteresis quality problem, thus appeared the second kind of antivirus mechanism.
2, behavior characteristics library
Behavior characteristics library is defined by manufacturers, think the virus may have a behavior, such as scanning change the registry, add service, add since the start, hidden process, changing the system files, etc., synthetic judgment software exactly meet the one of the many behavior characteristics, thus to judge whether it is virus, although solved the hysteresis quality problem, but to another problem, that is misinformation rate is high.
A lot of antivirus vendors have above two kind of antivirus mechanism.
Agent in order to protect themselves, there are the behavior characteristics such as changes the registry, automatic loading start items, the hidden process and so on, so some antivirus software transactions virus and will not cause any harm to the terminal machine.