It tries to monitor kernel level rootkits' actions and log them. What differs RKAnalyzer with tranditional detection softwares(i.e. Rootkit Revealer, IceSword) is that RKAnalyzer actively intercepts rootkit actions, rather than reacting to rootkit after already infected. Also, RKAnalyzer support analysis mode, which differs from defend mode by presenting a much more transparent environment, in which rootkit would consider itself running without being monitored
0 comments:
Post a Comment