Hijack.SecurityRun

Short bio

Hijack.SecurityRun is Malwarebytes’ detection name for a Software Restriction Policy used against security software.

Type and source of infection

Hijack.SecurityRun is a detection-only rule that looks at the subkeys of the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\
codeidentifiers\0\Paths

and flags a detection if it finds a rule to block security software from running.
Hijack.SecurityRun can be an indicator for a more serious threat that has disabled certain security software.

Remediation

Malwarebytes can detect and remove Hijack.SecurityRun without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click MBSetup.exe and follow the prompts to install the program.
  3. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantine to remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Traces/IOCs

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{CLSID}
“itemdata”=”{targeted security software}

Select your language