We will use AVG Free for our research

AV Information Gathering

Hooking

Hooking: This is a process where the AV injects a DLL into Every Process to monitor the system

Now let’s Start Practical Example

1. Open Notepad

2. Open Process Explorer and search for the notepad process

3. Now just CTRL + D

Please Notice The aswhook.dll from the AVG AV was injected into the Notepad process!

Now we have information About the AV Hooking Process

Monitoring

Following up we need to know how the AV conducts file scans

1. Open Procmon

2. Open Notepad