This plugin is responsible for analyzing process memory for malicious or suspicious code.
What is Process Memory Integrity (PMI)?
Process Memory Integrity is a series of techniques that help validate the trustworthiness of code executing on a given system. This can be achieved through hashing, runtime code analysis, page flag analysis, monitoring of memory segment permission modifications, code-signing verification, and more.
For more details, see our blog post on Process Memory Integrity.
Plugins: Behavioral Rootkit Detection
This plugin is responsible for identifying behaviors associated with rootkits, including hidden processes or threads.
What is a rootkit?
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.