-
Junior Member
Rootkit Scan IOC and List Validation
Hi,
Ive been searching manually through a fairly long list of files that returned after a scan as invisible to win32, unknown ads, and no admin in acl. This includes registry keys, files and folders. Many of the posts that show up from the forums basically have a response similar to "idk leave it. Some software requires higher permissions" etc.
Ok.
Odds are good somebody made that software.
How isnt there a standardized list for software/files/folders with abnormal ADS/invisible to win32/no admin in ACL/etc with when available a standard hash validation of the file if possible? Some of the files/registry entries that return for this are supposedly about as widely standard as possible eg deployed as part of windows. That seems like it should be something a >$1 tril co would be capable of validating. Many of the other co also arent exactly 2 guys in a basement with 1 week to get the code to at least just work. Frankly microsoft themselves seem like they should have a pretty good vantage point to compile such issues system wide. It isnt exactly that sophisticated to just validate/check permissions and ownership of a file nor computationally resource intensive. Not sure if this is already a thing because it seems like a pretty obvious thing to do but i havent found it at the moment.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules