Class KernelRootkit

Kernel mode rootkit signatures.

Inheritance

object

KernelRootkit

Implements

IDirectResponseSchema

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Namespace: Google.Apis.SecurityCommandCenter.v1beta1.Data

Assembly: Google.Apis.SecurityCommandCenter.v1beta1.dll

Syntax

public class KernelRootkit : IDirectResponseSchema

Properties

ETag

The ETag of the item.

Declaration

public virtual string ETag { get; set; }

Property Value

Type	Description
string

Name

Rootkit name, when available.

Declaration

[JsonProperty("name")]
public virtual string Name { get; set; }

Property Value

Type	Description
string

UnexpectedCodeModification

True if unexpected modifications of kernel code memory are present.

Declaration

[JsonProperty("unexpectedCodeModification")]
public virtual bool? UnexpectedCodeModification { get; set; }

Property Value

Type	Description
bool?

UnexpectedFtraceHandler

True if ftrace points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

Declaration

[JsonProperty("unexpectedFtraceHandler")]
public virtual bool? UnexpectedFtraceHandler { get; set; }

Property Value

Type	Description
bool?

UnexpectedInterruptHandler

True if interrupt handlers that are are not in the expected kernel or module code regions are present.

Declaration

[JsonProperty("unexpectedInterruptHandler")]
public virtual bool? UnexpectedInterruptHandler { get; set; }

Property Value

Type	Description
bool?

UnexpectedKernelCodePages

True if kernel code pages that are not in the expected kernel or module code regions are present.

Declaration

[JsonProperty("unexpectedKernelCodePages")]
public virtual bool? UnexpectedKernelCodePages { get; set; }

Property Value

Type	Description
bool?

UnexpectedKprobeHandler

True if kprobe points are present with callbacks pointing to regions that are not in the expected kernel or module code range.

Declaration

[JsonProperty("unexpectedKprobeHandler")]
public virtual bool? UnexpectedKprobeHandler { get; set; }

Property Value

Type	Description
bool?

UnexpectedProcessesInRunqueue

True if unexpected processes in the scheduler run queue are present. Such processes are in the run queue, but not in the process task list.

Declaration

[JsonProperty("unexpectedProcessesInRunqueue")]
public virtual bool? UnexpectedProcessesInRunqueue { get; set; }

Property Value

Type	Description
bool?

UnexpectedReadOnlyDataModification

True if unexpected modifications of kernel read-only data memory are present.

Declaration

[JsonProperty("unexpectedReadOnlyDataModification")]
public virtual bool? UnexpectedReadOnlyDataModification { get; set; }

Property Value

Type	Description
bool?

UnexpectedSystemCallHandler

True if system call handlers that are are not in the expected kernel or module code regions are present.

Declaration

[JsonProperty("unexpectedSystemCallHandler")]
public virtual bool? UnexpectedSystemCallHandler { get; set; }

Property Value

Type	Description
bool?

Implements

IDirectResponseSchema