Understand PMI and Behavioral Rootkit Detection
    • 26 Mar 2024
    • 1 Minute to read
    • PDF

    Understand PMI and Behavioral Rootkit Detection

    • PDF

    Article summary

    Process Memory Integrity (PMI) is a series of techniques that help validate the trustworthiness of code executing on a given system. This can be achieved through hashing, runtime code analysis, page flag analysis, monitoring of memory segment permission modifications, code-signing verification, and more.

    For more details, see our blog post on Process Memory Integrity.

    Behavioral Rootkit Detection

    This plugin is responsible for identifying behaviors associated with rootkits, including hidden processes or threads. 

    Rootkits

    A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.

     

     


    Was this article helpful?