public sealed class KernelRootkit : IMessage<KernelRootkit>, IEquatable<KernelRootkit>, IDeepCloneable<KernelRootkit>, IBufferMessage, IMessage
Reference documentation and code samples for the Security Command Center v2 API class KernelRootkit.
Kernel mode rootkit signatures.
Implements
IMessageKernelRootkit, IEquatableKernelRootkit, IDeepCloneableKernelRootkit, IBufferMessage, IMessageNamespace
Google.Cloud.SecurityCenter.V2Assembly
Google.Cloud.SecurityCenter.V2.dll
Constructors
KernelRootkit()
public KernelRootkit()
KernelRootkit(KernelRootkit)
public KernelRootkit(KernelRootkit other)
Parameter | |
---|---|
Name | Description |
other | KernelRootkit |
Properties
Name
public string Name { get; set; }
Rootkit name, when available.
Property Value | |
---|---|
Type | Description |
string |
UnexpectedCodeModification
public bool UnexpectedCodeModification { get; set; }
True if unexpected modifications of kernel code memory are present.
Property Value | |
---|---|
Type | Description |
bool |
UnexpectedFtraceHandler
public bool UnexpectedFtraceHandler { get; set; }
True if ftrace
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
Property Value | |
---|---|
Type | Description |
bool |
UnexpectedInterruptHandler
public bool UnexpectedInterruptHandler { get; set; }
True if interrupt handlers that are are not in the expected kernel or module code regions are present.
Property Value | |
---|---|
Type | Description |
bool |
UnexpectedKernelCodePages
public bool UnexpectedKernelCodePages { get; set; }
True if kernel code pages that are not in the expected kernel or module code regions are present.
Property Value | |
---|---|
Type | Description |
bool |
UnexpectedKprobeHandler
public bool UnexpectedKprobeHandler { get; set; }
True if kprobe
points are present with callbacks pointing to regions
that are not in the expected kernel or module code range.
Property Value | |
---|---|
Type | Description |
bool |
UnexpectedProcessesInRunqueue
public bool UnexpectedProcessesInRunqueue { get; set; }
True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.
Property Value | |
---|---|
Type | Description |
bool |
UnexpectedReadOnlyDataModification
public bool UnexpectedReadOnlyDataModification { get; set; }
True if unexpected modifications of kernel read-only data memory are present.
Property Value | |
---|---|
Type | Description |
bool |
UnexpectedSystemCallHandler
public bool UnexpectedSystemCallHandler { get; set; }
True if system call handlers that are are not in the expected kernel or module code regions are present.
Property Value | |
---|---|
Type | Description |
bool |