4 Replies Latest reply on Apr 18, 2013 10:26 AM by wwarren

    Will VSE 8.8 remove kernal level root kits?

    alexn

      Hi all,

       

      Will VSE protect kernal level memory and remove kernal level rootkits?

        • 1. Re: Will VSE 8.8 remove kernal level root kits?
          pato

          I guess you mean Kernel level ones?

          If yes, then it can protect from getting infected, if the virus is known to the Mcaffee database. Once it's installed though, it's a much harder call to catch and to remove it cleanly. I guess there are routines built in for some variants, but you can never be 100% sure/safe.

          • 3. Re: Will VSE 8.8 remove kernal level root kits?
            alexn

            Attila,

             

            So it means VSe will not come in action if any rootkit  injects its code to win32api calls and gain its tearget below the operating system.So does it mean VSE filter driver is not kernal level driver and just works at user level?if it is kernal level then why hypervisor tech based rootkits attackes are not monitored? OR  does McAfee want people to purchase their another product to get rid of hypervisor tech based rootkits ? I am trying to make this thread full of info and want all tech people to shed some light

             

            Any comment will be much appreciated?

             

            on 4/18/13 10:24:23 AM CDT
            • 4. Re: Will VSE 8.8 remove kernal level root kits?
              wwarren

              Anything running in the kernel has access to your operating system - it can do anything.

              It is foolish to suppose another kernel component (such as VSE's rootkit scanning and cleaning capabilities) can always best another kernel component that is malware (a rootkit). They're both running in kernel; they can both do very bad things to the other. They are peers with respect to how much power they have.

               

              Still, you will have some success in using VSE to eradicate kernel-level malware/rootkits from a system. But there is a more effective way to do it - get rid of the rootkit from outside the Windows environment, where the malware is no longer your peer... that's what Deep Defender offers you, it makes rootkits its B**** - plus it protects your bootsector/MBR .

              1 of 1 people found this helpful