Hijack.SecurityRun

detection icon

Short bio

Hijack.SecurityRun is Malwarebytes’ detection name for a Software Restriction Policy used against security software.

Type and source of infection

Hijack.SecurityRun is a detection-only rule that looks at the subkeys of the registry key: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowssafer codeidentifiersPaths and flags a detection if it finds a rule to block security software from running. Hijack.SecurityRun can be an indicator for a more serious threat that has disabled certain security software.

Remediation

Malwarebytes can detect and remove Hijack.SecurityRun without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Traces/IOCs

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowssafercodeidentifiersPaths{CLSID} “itemdata”=”{targeted security software}

detection icon

Related blog content

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams