In Kaspersky Internet Security, it is possible to limit the functionality of specific applications through the "Program Management" -> "Details and rules" -> "Rights" menu.
One of the blocks - "Implementation in other processes." So Antivirus can prevent an application from being implemented and reading / writing the memory of other processes.
Tell me, please, how is this implemented from a technical point of view? I have a need to implement similar functionality in my application.
For example, a ban on reading the memory of other processes, I imagine as follows:
Injection DLL to the target application -> Hook on ReadProcessMemory -> Replacing with a function that will refuse.
Does this work in antivirus?
