The battle between malware and antivirus makers has been going on since the late 1980â€™s.rnThe malware makers are inventing and using different methods to infect, replicate andrnpropagate to machines and the Malwares have been given classifications like Viruses, wormsrn,Trojans to name a few. In response the antivirus makes have come up with differentrndetection mechanisms. Today blacklisting and Heuristics are the dominant technologies usedrnby Anti-Virus (AV) Scanner engines and Databases. However, the sheer number of computerrnviruses and the shift in the internal design of computer Malwares in the last 6 years alonernindicate that a new trend in dealing with malicious activities needs to be addressed.rnIn this thesis a whitelist based approach to detect unknown malicious activities is addressed.rnIn this approach a windowâ€™s Operating System registry settings and entries are used to buildrna whitelist profile on programs exiting on the Personal Computer (PC). Latter on thisrninformation is used to identify new entries in the registry and this will be processed tornidentify them as malicious or benign using a statistical based scan engine. The engine usesrnsuspected programs Input/output (I/O) Read, Write and Other Operation together withrnApplication Programming Interface (API) Trace to classify it as malware or benign.rnA user level scan engine was written and the engine was tested on 40 code generatedrnmalicious programs that include virusâ€™s, worms and Trojans and 30 benign programsrnresulting in high true positive detection rate and No false positive detection. The samernsample was processed with commercial Antivirus Softwareâ€™s including Symantec endpoint,rnAvast, AVG and Kaspersky. The thesis detected 95 % of the malwares while the next nearestrnmatch was Symantec endpoint with 67 % detection rate followed by Symantec 10.0 with 38rn%. The other product AVG has 11 % detection rate. Kaspersky and Avast Antivirus were notrnable to detect any of the malwares. The high detection rate of the thesis scan engine showsrnthat the methods used can be integrated into a heuristics scan engine to achieve a high truernpositive detection rate of unknown malicious activities.