I guess you mean Kernel level ones?
If yes, then it can protect from getting infected, if the virus is known to the Mcaffee database. Once it's installed though, it's a much harder call to catch and to remove it cleanly. I guess there are routines built in for some variants, but you can never be 100% sure/safe.
is it not the Deep Defender technology you are after?
So it means VSe will not come in action if any rootkit injects its code to win32api calls and gain its tearget below the operating system.So does it mean VSE filter driver is not kernal level driver and just works at user level?if it is kernal level then why hypervisor tech based rootkits attackes are not monitored? OR does McAfee want people to purchase their another product to get rid of hypervisor tech based rootkits ? I am trying to make this thread full of info and want all tech people to shed some light
Any comment will be much appreciated?on 4/18/13 10:24:23 AM CDT
Anything running in the kernel has access to your operating system - it can do anything.
It is foolish to suppose another kernel component (such as VSE's rootkit scanning and cleaning capabilities) can always best another kernel component that is malware (a rootkit). They're both running in kernel; they can both do very bad things to the other. They are peers with respect to how much power they have.
Still, you will have some success in using VSE to eradicate kernel-level malware/rootkits from a system. But there is a more effective way to do it - get rid of the rootkit from outside the Windows environment, where the malware is no longer your peer... that's what Deep Defender offers you, it makes rootkits its B**** - plus it protects your bootsector/MBR .