2. Suspicious Programs Running
A sudden spate of newly installed programs, automated processes starting and stopping, or system activity during abnormal times could all be signs of a serious problem on the network, Shteiman said. Once a dropper is placed on a system, a variety of programs can be installed to manipulate security software or make unauthorized changes to firewall configuration. A good attacker attempts to mimic valid network traffic and system processes, but every additional piece of malware running on a system increases noise level, hopefully tripping an alarm to suspicious activity.