This group of technologies was developed during our work with the cyber security solution vendors. Security monitoring, user action audit, or insider threat control products frequently require to reside silently on the client machines to be protected from unauthorized deletion and service interruptions.
Incident investigation tools may include optional silent mode, which supposes hiding of various system components such as solution files, processes, services, and registry keys, to analyze security issues and cybercrimes and perform incident response activities more efficiently.
Set of Hiding Technologies Details
If you are a security solution vendor, Apriorit can quickly deliver, customize, and integrate such stealth technologies into your product:
- Process Hiding - hiding of the specified process from the standard Process list browsers such as Microsoft Task Manager, Process Explorer, etc.
- Service Hiding - hiding of the specified service from the service list browsing by means of the standard API.
- File Hiding - hiding of the specified files and folders from the file browsers, which use standard API (Explorer, FAR, Total Commander, etc.). This technology also supports hiding from file browsing via Microsoft Sharing.
- Registry Hiding - hiding of the specified registry keys from the applications, which use standard API, such as RegEdit.
- Silent installer. The installer is a standard MSI installation that can install and uninstall the hidden application. This application doesn’t appear in Windows Add and Remove Programs list. Due to MSI standard, this installer can be used to install hidden application via corporate Microsoft SMS server or Domain Installation.
- Hidden object management. This “back door” function gives access to the hidden objects for the specified applications.
- Advanced antivirus compatibility. Described silent technologies suppose standard system behavior change, in particular process hooking. Antivirus software usually detects such activity as the malicious one and correspondingly blocks the solution. Apriorit technologies are properly designed and tested to provide advanced compatibility with popular antiviruses and antimalware solutions.
Please note that Apriorit implements and delivers mentioned technologies only for the legal applications, supporting investigators and security auditors.
We can customize these technologies for your particular requirements, implement proper integration with your solution, or provide you the corresponding SDK.