Full support of LSP filter removal and recovery

Many malicious programs are designed as LSP filters (Layered Service Provider). This is a simple and convenient Windows mechanism that allows the program to receive all the network traffic going through a specific protocol.

Active infection means that everything you receive from the network and everything you send is intercepted and analyzed by intruder. That’s the concept most “bank” (financial) trojans and trojans for online games are based on.

Also, the information sent or received by you can be intentionally modified by intruders. This is not limited to the content of web pages, email messages, IM (instant messenger) chats, but also includes  addresses of sites and services you connect to. You may be redirected to fake sites.

The main difficulty that virtually all users come to face is the problem of a faulty network connection after the work of an antivirus application. Both the Internet and your LAN connections stop working! The user faces this problem alone and cannot ask anyone “what happened and who do I do to fix it? – the computer is fully isolated from the rest of the world.

The problem is that not a single antivirus application rebuilds the chain of providers to insert a malicious LSP filter. When you delete an infected file, the antivirus “uproots” one of the elements of such a chain, thus tearing it apart. The “contact” is lost and that’s exactly why the network stops working.

We implemented a unique technology of rebuilding the Winsock LSP chain in CESAM, which means that whenever you remove malicious software from your system using CESAM, the network keeps working without any problems. Which is more, you can safely remove and recover such objects, if necessary.

More about the technology of rebuilding the Winsock LSP chain...