Changes in System Area


Contents  Previous  Next

System area is a storage area that is used by system applications. It contains sensitive user data and data critical to device operation. If root access is not allowed on your device, system area is not available to you.

Malicious applications can gain root access and make changes to system area: delete, add, or change files or folders.

Component SpIDer Guard can monitor changes in system area. You can enable checking system area in the SpIDer Guard settings. If the component detects suspicious changes in system area, it notifies you about it.

Change

Name

Type

File folder deletion

read-only.area.dir.deleted.threat

Deletion of system files

File deletion

read-only.area.deleted.threat

Deletion of system files

File folder addition

read-only.area.dir.added.threat

New files in system area

File addition

read-only.area.added.threat

New files in system area

File change

read-only.area.changed.threat

Change of system files

If SpIDer Guard detects one of the changes listed, the files or folders themselves are not necessarily malicious. However the change can be made by a malicious application.

For the detected changes, the following options are available:

Ignore.

Send to laboratory—available only if executable files have been added or changed: APK, files of format ELF, JAR, ODEX, SO, etc.

More on the Internet.

SpIDer Guard only informs you about the changes listed above. To detect the malicious application that could made the change to the system area, run the full scan.