"Fake Processes. Scarecrow will create a number of background processes that don't do anything, but look like security research tools.
Fake registry entries. Scarecrow creates registry entries to make it look like security tools are installed on your computer."
I'd be interested to see this tested, there's tons of good malware repos out there like vx-underground's collections that can be used to test it.
If you dont wanna share the source, somewhat logical. Perhaps run a test versus gigabytes of malware samples and let us know which ones actually query these process names / values you create and disable themselves as a result??