Changes in System Area

System area is a storage area that is used by system applications. It contains sensitive user data and data critical to device operation. If your device is not rooted, the system area is not available to you.

Malicious applications can gain root access and make changes to the system area: delete, add, or change files or folders.

You can enable system area checking in the Scanner settings. If the component detects suspicious changes in the system area, it notifies you about it after the scan.

Change

Name

Type

Deletion of folder with files

read-only.area.dir.deleted.threat

Deletion of system files

File deletion

read-only.area.deleted.threat

Deletion of system files

Addition of folder with files

read-only.area.dir.added.threat

New files in system area

File addition

read-only.area.added.threat

New files in system area

File modification

read-only.area.changed.threat

Change of system files

If Dr.Web Scanner detects one of the changes listed, the files or folders themselves are not necessarily malicious. However, the change could have been made by a malicious application.

For the detected changes, the following options are available:

Ignore.

Send to laboratory (available only if executable files have been added or changed: APK, ELF, JAR, ODEX, SO files, etc.).

More on the Internet.

The component merely informs you about the changes listed above. To detect the malicious application that could have made the change to the system area, run the full scan.