This plugin is responsible for analyzing process memory for malicious or suspicious code.

What is PMI?

Process Memory Integrity (PMI) is a series of techniques that help validate the trustworthiness of code executing on a given system. This can be achieved through hashing, runtime code analysis, page flag analysis, monitoring of memory segment permission modifications, code-signing verification, and more.

For more details, see our blog post on Process Memory Integrity.

Plugins: Behavioral Rootkit Detection

This plugin is responsible for identifying behaviors associated with rootkits, including hidden processes or threads. 

What is a rootkit?

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.