Changes in System Area

System area is a storage area that is used by system applications. It contains sensitive user data and data critical to device operation. If your device is not rooted, the system area is not available to you.

Malicious applications can gain root access and make changes to the system area: delete, add, or change files or folders.

The SpIDer Guard component can monitor changes in the system area. You can enable system area monitoring in the SpIDer Guard settings. If the component detects suspicious changes in the system area, it notifies you about it.

Change

Name

Type

Deletion of folder with files

read-only.area.dir.deleted.threat

Deletion of system files

File deletion

read-only.area.deleted.threat

Deletion of system files

Addition of folder with files

read-only.area.dir.added.threat

New files in system area

File addition

read-only.area.added.threat

New files in system area

File modification

read-only.area.changed.threat

Change of system files

If SpIDer Guard detects one of the changes listed, the files or folders themselves are not necessarily malicious. However, the change could have been made by a malicious application.

For the detected changes, the following options are available:

Ignore.

Send to laboratory (available only if executable files have been added or changed: .jar, .odex, .so, APK, ELF files, etc.).

More on the Internet.

SpIDer Guard merely informs you about the changes listed above. To detect the malicious application that could have made the change to the system area, run the full scan.