I want to make a simple vaccine using Python
Is there a way to catch when a file with an executable extension runs, or when a file with an executable extension is newly downloaded and stored on your PC?
python
It's hard to catch files being created and deleted on the os only with python.
Based on Windows, you eventually need a file system filter driver.
This means that you need to know if the file on the os has been created, so you need to work in the kernel area. This means that you need to detect not only the creation of files, but also modifications and changes.
In summary, it is possible to detect malicious code itself only with Python, but to know events such as file creation, change, and deletion, consider that it is a filter driver in the kernel area, and this is another system programming area.
© 2024 OneMinuteCode. All rights reserved.