On 02/23/2011 02:34 AM, tayebe wrote:
hi all.
does ossec support rootkit detection in windows or not? i'm surprised
when i checked my windows agent ossec.conf and didn't find any setting
for directory of rootkit_files or rootkit_trojans.
is there rootkit detection ability for linux operating systems, not
windows?
The closest OSSEC comes to rootkit detection in Windows is by the
detection of alternate data streams, but this is not really "rootkit"
detection. Maybe RootkitRevealer could be installed and we could add
support for some logs from that?
