- 26 Mar 2024
- 1 Minute to read
- PDF
Understand PMI and Behavioral Rootkit Detection
- Updated on 26 Mar 2024
- 1 Minute to read
- PDF
Process Memory Integrity (PMI) is a series of techniques that help validate the trustworthiness of code executing on a given system. This can be achieved through hashing, runtime code analysis, page flag analysis, monitoring of memory segment permission modifications, code-signing verification, and more.
For more details, see our blog post on Process Memory Integrity.
Behavioral Rootkit Detection
This plugin is responsible for identifying behaviors associated with rootkits, including hidden processes or threads.
Rootkits
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.