Login
      Contents x
      Understand PMI and Behavioral Rootkit Detection
      • 26 Mar 2024
      • 1 Minute to read
      • PDF
      Contents

      Understand PMI and Behavioral Rootkit Detection

      • Updated on 26 Mar 2024
      • 1 Minute to read
      • PDF
      Article summary

      Process Memory Integrity (PMI) is a series of techniques that help validate the trustworthiness of code executing on a given system. This can be achieved through hashing, runtime code analysis, page flag analysis, monitoring of memory segment permission modifications, code-signing verification, and more.

      For more details, see our blog post on Process Memory Integrity.

      Behavioral Rootkit Detection

      This plugin is responsible for identifying behaviors associated with rootkits, including hidden processes or threads. 

      Rootkits

      A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.

       

       

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout