Security Command Center v2 API - Class KernelRootkit (1.0.0-beta05)

public sealed class KernelRootkit : IMessage<KernelRootkit>, IEquatable<KernelRootkit>, IDeepCloneable<KernelRootkit>, IBufferMessage, IMessage

Reference documentation and code samples for the Security Command Center v2 API class KernelRootkit.

Kernel mode rootkit signatures.

Inheritance

object > KernelRootkit

Namespace

Google.Cloud.SecurityCenter.V2

Assembly

Google.Cloud.SecurityCenter.V2.dll

Constructors

KernelRootkit()

public KernelRootkit()

KernelRootkit(KernelRootkit)

public KernelRootkit(KernelRootkit other)
Parameter
Name Description
other KernelRootkit

Properties

Name

public string Name { get; set; }

Rootkit name, when available.

Property Value
Type Description
string

UnexpectedCodeModification

public bool UnexpectedCodeModification { get; set; }

True if unexpected modifications of kernel code memory are present.

Property Value
Type Description
bool

UnexpectedFtraceHandler

public bool UnexpectedFtraceHandler { get; set; }

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

Property Value
Type Description
bool

UnexpectedInterruptHandler

public bool UnexpectedInterruptHandler { get; set; }

True if interrupt handlers that are are not in the expected kernel or module code regions are present.

Property Value
Type Description
bool

UnexpectedKernelCodePages

public bool UnexpectedKernelCodePages { get; set; }

True if kernel code pages that are not in the expected kernel or module code regions are present.

Property Value
Type Description
bool

UnexpectedKprobeHandler

public bool UnexpectedKprobeHandler { get; set; }

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

Property Value
Type Description
bool

UnexpectedProcessesInRunqueue

public bool UnexpectedProcessesInRunqueue { get; set; }

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

Property Value
Type Description
bool

UnexpectedReadOnlyDataModification

public bool UnexpectedReadOnlyDataModification { get; set; }

True if unexpected modifications of kernel read-only data memory are present.

Property Value
Type Description
bool

UnexpectedSystemCallHandler

public bool UnexpectedSystemCallHandler { get; set; }

True if system call handlers that are are not in the expected kernel or module code regions are present.

Property Value
Type Description
bool