Changes in System Area

System area is a storage area that is used by system applications. It contains sensitive user data and data critical to device operation. If root access is not allowed on your device, system area is not available to you.

Malicious applications can gain root access and make changes to system area: delete, add, or change files or folders.

Component SpIDer Guard can monitor changes in system area. You can enable checking system area in the SpIDer Guard settings. If the component detects suspicious changes in system area, it notifies you about it.




File folder deletion


Deletion of system files

File deletion


Deletion of system files

File folder addition


New files in system area

File addition


New files in system area

File change


Change of system files

If SpIDer Guard detects one of the changes listed, the files or folders themselves are not necessarily malicious. However the change can be made by a malicious application.

For the detected changes, the following options are available:


Send to laboratory—available only if executable files have been added or changed: APK, files of format ELF, JAR, ODEX, SO, etc.

More on the Internet.

SpIDer Guard only informs you about the changes listed above. To detect the malicious application that could made the change to the system area, run the full scan.