-
Notifications
You must be signed in to change notification settings - Fork 348
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kaspersky #19
Comments
yes there is no user mode hooking |
I would say the same for ESET |
Yep most of the EDRs have moved to the kernel which is good. Some of them
have moved to the kernel a long time ago.
…On Wed, May 17, 2023 at 11:12 AM tamburro92 ***@***.***> wrote:
I would say the same for ESET
—
Reply to this email directly, view it on GitHub
<#19 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABAK3LQAYS7DEJC4353XMC3XGTTF5ANCNFSM5O4IJNXA>
.
You are receiving this because you modified the open/close state.Message
ID: ***@***.***>
--
*Mr.Un1k0d3r** or 1 #*
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
wanted to share my observation for Kaspersky.
Seems like Kaspersky does the real hooking in Kernel mode as well like Cortex or Defender MDE.
How can those hooks be identified?
The text was updated successfully, but these errors were encountered: