I want to try something that in theory should be simple but is probably not.
I recently read about the Quantum Computer in a US University that was hacked to be used by crypto miners and the solution they came up with which seems like a logical one for any Anti Virus / Malware system e.g whitelist all the programs that the computer is ALLOWED and SHOULD BE running, so that if they discover another program running they can terminate the process and remove it.
Therefore as I have time on my hands and would like to investigate running and stopping processes/Services programmatically I thought about trying to create my own AV program in C# / SQL that would be able to replicate this solution.
The way I see it, and I maybe wrong. I would need to do the following:
- Run a "setup" program that would log into a DB all the Windows Processes, Programs and Services that need to be run to make the computer work. I am not sure whether I need to save the path of each programs executable but I need to be able to check the Task Manager to find processes and match them to the whitelist.
- I need to be able to also log any programs that have been installed on top of the OS such as web browsers, editors and other applications that have been installed by the user of the computer and also whitelist them.
- I then need a way to be able to scan the currently running processes as seen in Task Manager and match each process to the white list of applications.
- I also need a way that if I find a program running that is not in the whitelist to be able to flag it and terminate the process.
I am not sure how easy or hard this will be and may scrub it if too complicated but it seems like a logical way to run an Anti Virus tool. Running the setup in safe mode maybe with no networking to ensure that only safe existing apps are whitelisted OR do it on a clean install seem the best way to set the AV tool up.
I will be scouring the web to find out any code for doing the above points but I thought I would ask the question here to see what anyone thinks of this solution and if anybody has any suggestions on the way to proceed plus code examples for doing such things as scanning running processes and terminating them by code or logging ALL existing Windows OS programs that should be allowed to run plus any new installed app into the whitelist so that it can be matched against the running processes.
I just find it helpful to ask a question before attempting to do something new in case I find no online articles or code to help me as well as to gauge what people think of the idea.
Thanks for any help or code examples in advance.
Source: Windows Questions