cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 5

Will VSE 8.8 remove kernal level root kits?

Hi all,

Will VSE protect kernal level memory and remove kernal level rootkits?

4 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 5

Re: Will VSE 8.8 remove kernal level root kits?

I guess you mean Kernel level ones?

If yes, then it can protect from getting infected, if the virus is known to the Mcaffee database. Once it's installed though, it's a much harder call to catch and to remove it cleanly. I guess there are routines built in for some variants, but you can never be 100% sure/safe.

apoling
Level 14
Report Inappropriate Content
Message 3 of 5

Re: Will VSE 8.8 remove kernal level root kits?

Hi,

is it not the Deep Defender technology you are after?

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23883/en_US/...

p. 7.

Attila

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 5

Re: Will VSE 8.8 remove kernal level root kits?

Attila,

So it means VSe will not come in action if any rootkit  injects its code to win32api calls and gain its tearget below the operating system.So does it mean VSE filter driver is not kernal level driver and just works at user level?if it is kernal level then why hypervisor tech based rootkits attackes are not monitored? OR  does McAfee want people to purchase their another product to get rid of hypervisor tech based rootkits ? I am trying to make this thread full of info and want all tech people to shed some light

Any comment will be much appreciated?

on 4/18/13 10:24:23 AM CDT
wwarren
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Will VSE 8.8 remove kernal level root kits?

Anything running in the kernel has access to your operating system - it can do anything.

It is foolish to suppose another kernel component (such as VSE's rootkit scanning and cleaning capabilities) can always best another kernel component that is malware (a rootkit). They're both running in kernel; they can both do very bad things to the other. They are peers with respect to how much power they have.

Still, you will have some success in using VSE to eradicate kernel-level malware/rootkits from a system. But there is a more effective way to do it - get rid of the rootkit from outside the Windows environment, where the malware is no longer your peer... that's what Deep Defender offers you, it makes rootkits its B**** - plus it protects your bootsector/MBR .

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community