|
Rootkits are a type of malware that is particularly stealthy about remaining in the infected system, making it not only extremely difficult to detect but also very difficult - if not impossible - to remove. |
Rootkits often don't follow patterns of other malware after infecting a system, and take advantage of little used and obscure Windows functionality that is not generally known to the industry. If a rootkit is able to manipulate and infect the Windows kernel, then it can remain completely hidden since its code (process, drivers, etc) will remain concealed and not be visible to monitor and/or AV software. Additionally, rootkits at the kernel level are potentially able to intercept network & keyboard data to stealthy steal usernames, passwords and other valuable data.
Nevertheless, for a rootkit to be successful, it still needs to infect a system in the first place and gain administrative rights. As such, it's extremely important to detect any abnormal behavior on a monitored system.
EventSentry Benefits |
There is no specific feature in EventSentry that can detect a rootkit once it's installed, however EventSentry's extensive monitoring and detection capabilities can detect most malicious activity that will precede a rootkit installation. This includes:
•Anomaly Detection •Sysmon support & integration •Service & Driver Inventory •Advanced event log analysis |
