In the results of the Rootkit Scan, what do the terms "unknown ADS" and "no admin in ACL" indicate?
In the results of the Rootkit Scan, what do the terms "unknown ADS" and "no admin in ACL" indicate?
Hello,
The RootAlyzer is an analyst tool, in general all items found by the RootAlyzer are not necessarily malicious.
Sometimes even legitimate software uses rootkit technologies.
How is the computer running, any particular reason you scanned for a rootkit?
Best regards.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
Hello,
It is my understanding that "No admin in ACL" means these items are locked from being changed even if you are an admin, which is not unusual. Spybot found and reported that those keys lacked permissions.
As the OP did not provide a log I asked, "How is the computer running, any particular reason you scanned for a rootkit?"
That is actually a pertinent question and sometimes direct user feedback about their computer is quite useful, then one can proceed from there.
A Technet article about alternate data streams (ADS) is informative: https://blogs.technet.microsoft.com/...reams-in-ntfs/
If you would like to post a log please start your own topic.
Thank you.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016