Results 1 to 4 of 4

Thread: Default unknown ADS & no admin in ACL

  1. #1
    Junior Member
    Join Date
    Oct 2016
    Posts
    1

    Default Default unknown ADS & no admin in ACL

    In the results of the Rootkit Scan, what do the terms "unknown ADS" and "no admin in ACL" indicate?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,475

    Default

    Hello,

    The RootAlyzer is an analyst tool, in general all items found by the RootAlyzer are not necessarily malicious.

    Sometimes even legitimate software uses rootkit technologies.

    How is the computer running, any particular reason you scanned for a rootkit?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Dec 2016
    Posts
    1

    Default

    Quote Originally Posted by tashi View Post
    Hello,

    The RootAlyzer is an analyst tool, in general all items found by the RootAlyzer are not necessarily malicious.

    Sometimes even legitimate software uses rootkit technologies.

    How is the computer running, any particular reason you scanned for a rootkit?

    Best regards.
    That didn't answer his question, which is also mine. The help guide is useless, and I've been having a heckuva time trying to discover on this site what these terms mean. I very eagerly look forward to an answer.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,475

    Default

    Hello,

    Quote Originally Posted by spybot_help_is_unhelpfu View Post
    That didn't answer his question, which is also mine. The help guide is useless, and I've been having a heckuva time trying to discover on this site what these terms mean. I very eagerly look forward to an answer.
    It is my understanding that "No admin in ACL" means these items are locked from being changed even if you are an admin, which is not unusual. Spybot found and reported that those keys lacked permissions.

    As the OP did not provide a log I asked, "How is the computer running, any particular reason you scanned for a rootkit?"

    That is actually a pertinent question and sometimes direct user feedback about their computer is quite useful, then one can proceed from there.

    A Technet article about alternate data streams (ADS) is informative: https://blogs.technet.microsoft.com/...reams-in-ntfs/

    If you would like to post a log please start your own topic.

    Thank you.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •