Make self-defense for CIS at last! All antivirus and firewall software has it. Any idiot, missed virus or script can rename, move or remove any CIS files!
Actually, this is not true. CIS will prevent an automated program from making any changes. However, CIS will allow the user to manually change whatever they like, including killing tasks with Task Manager. This is intentional, but does not lower the safety of CIS.
If a piece of malware tried to do it, the malicious action would be blocked. There is no danger. Please let me know if you have any questions.
What about a trusted malware? Would a malware trusted by CIS be able to kill CIS processes? I mean if a malware would be whitelisted by CIS without the user actually making it trusted, but I’m interested in both situations.
How does CIS distinguish user interaction from program automation? If a trusted malware would not be able to kill CIS, would a trusted malware which is simulating mouse movement be able to open a task manager like killswitch and then click the CIS processes and then kill them? Though I think something like this would be tedious to create if possible, though I know programs can simulate mouse movements, I remember trying this in a hack tool some years ago, wonder if CIS can tell the difference?
Trusted malware may be able to do some things, but I’m not sure exactly how much. Hopefully someone who understands more of the details will be kind enough to stop by and clarify this.