System Analysis |
Home Previous Next |
System Analysis is a function that lets you analyze the system and generate an HTML protocol that helps detect suspicious files and programs. System Analysis can be used for a quick system analysis and subsequent submission of the log to be analyzed by virus experts.
Click “System Analysis” on the “File” menu to start System Analysis by. The “Results of system analysis” dialog box opens.
Check boxes let you specify what data you want to be collected during System Analysis. By default, all check boxes are selected and maximum data is collected.
System Analysis is influenced by the antirootkit function (because disabling of hooks can cause data masked by a rootkit to be displayed) and by the presence of the AVZPM system advanced monitoring driver in the system.
It is important to note:
1. The System Analysis does not have an active impact on the system (the registry is not changed, there is no impact on the state of running processes or services, etc.). As a result, it can be repeated many times without risk to the PC, and after the study does not require a reboot.
2. In the course of the research, AVZ does not exchange with "clouds" or any external resources, and does not transmit the information collected anywhere. As a result, Internet access is not required to the PC under study.
3. The protocols created in the course of the research are stored in the location specified by the user on the disk, and can be viewed by the user using any browser, or sent by the user to the study at the request of experts.
Group of settings “System areas to be analyzed”
“Running processes” check box
If this check box is selected, a table with the list of processes is included in the System Analysis log.
“DLLs” check box
This check box is available when the “Running processes” check box is selected. If this check box is selected, a table with the list of DLLs used by running processes is included in the System Analysis log. Two kinds of lists are supported: “List of DLLs for each process” and “Process list and DLLs list separately”. The latter is the default option, because the separate DLLs list without repetitions is much more compact (this list contains a column listing PIDs of processes that use the DLL).
“Services and drivers” check box
If this check box is selected, a table with the list of services and drivers of the computer being analyzed is included in the System Analysis log. This function is not supported in Windows 9x.
“Kernel Space Modules Viewer” check box
If this check box is selected, a table with the list of kernel space modules is included in the System Analysis log. This function is not supported in Windows 9x.
“Autoruns" check box
If this check box is checked, a table with the list of autorun applications is included in the System Analysis log. The notes for every autorun item specify how the item is started.
“SPI/LSP settings” check box
If this check box is selected, a table with a list of SPI extension modules (NSP and TSP providers) is included in the System Analysis log.
“TCP/UDP ports” check box
If this check box is selected, a table listing open TCP/UDP ports is included in the System Analysis log (in Windows XP and Windows 2003, information about the application listening on the port is shown).
“IE extensions (BHOs, toolbars…)” check box
If this check box is selected, a table with the list of Internet Explorer extension modules (BHOs, toolbars, etc.) is included in the System Analysis log.
“Windows Explorer extension modules” check box
If this check box is selected, a table with a list of Windows Explorer extension modules (explorer.exe) is included in the System Analysis log. Windows Explorer extension modules are registered in the system registry. There are malicious programs that register themselves as a Windows Explorer extension in order to hide their startup.
“Printing system extensions (print monitors, providers)” check box
If this check box is selected, a table with a list of printing system extension modules (print monitors, providers) is included in the System Analysis log. The extension module is an ordinary DLL library, and there are a number of trojans that exploit this autorun method.
“Parameters” group
“Do not report in the log files recognized as trusted” check box
If this check box is selected, all files found in the Trusted Objects Database are excluded from the System Analysis log. In most cases, enabling this option causes a significant reduction in log size and simplifies log analysis.
“Add text log of the latest AVZ scanning” check box
If this check box is selected, the System Analysis log is supplemented with the current AVZ log generated during the latest scanning. Enabling this option is convenient when you need to submit a log together with the System Analysis results.
“Add System Analysis log to ZIP” check box
When this check box is checked, a ZIP archive containing the analysis log is created in addition to the System Analysis log. This option is convenient when you need to email the log or post it to a forum.
“Add interactive script-generating items to the log” check box
If this check box is selected, the log is supplemented with interactive tools that let you create scripts in a semiautomatic mode. Please note that when this log is opened in Internet Explorer, you may see a security system message to the effect that the document contains active elements. If you do not allow active elements, the log will open, but the interactive functions will be unavailable.
“Create XML log for automatic analysis” check box
When this check box is selected, the application creates an XML file that duplicates the HTML log. The XML file is intended for automatic log analyzers.
“Start” button
Click the “Start” button to launch System Analysis. Before System Analysis is started, you will be prompted to specify the log file name for saving the log. After you have specified the file name, System Analysis is carried out, a log file is generated, and you are prompted to view the log. If you agree, the log opens in the default browser.
“Close” button
Click this button to close the System Analysis window.
Note:
Note that a running anti-virus monitor may slow down System Analysis so that it may take anywhere from 1-2 to 5 minutes. Usually it does not take more than 30 seconds to generate the log. You can view a progress indicator in the lower part of the window while the analysis is in process.
Note:
Before starting System Analysis, it is recommended to perform the following:
1. Close all unused programs.
2. Open the browser. This enables the analyzer to examine libraries loaded in its address space.
While System Analysis is running, it is not recommended to perform starting or closing programs, or use the system in any way, as this may affect analysis results.