I use both AppDefend and RegDefend. When I installed the Microsoft User Profile Cleanup Service (http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582) (version 1.6d), AppDefend did not notify me that a "rootkit driver" was being installed.

However, when I ran RootKit Hook Analyzer (http://www.resplendence.com/hookanalyzer), it showed a "rootkit driver" associated with the UPHClean service (named uphclean.sys).

I am not worried about UPHClean actually being a rootkit. I am wondering why AppDefend did not seem to have caught this driver, or what else may have happened.

-{ Quote: "I use both AppDefend and RegDefend. When I installed the Microsoft User Profile Cleanup Service (http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582) (version 1.6d), AppDefend did not notify me that a "rootkit driver" was being installed.

However, when I ran RootKit Hook Analyzer (http://www.resplendence.com/hookanalyzer), it showed a "rootkit driver" associated with the UPHClean service (named uphclean.sys).

I am not worried about UPHClean actually being a rootkit. I am wondering why AppDefend did not seem to have caught this driver, or what else may have happened." }-Hi nameless1,

AppDefend protects against "undocumented" driver installation methods, while RegDefend protects against traditional registry-based driver installation. Microsoft's UPHClean setup very likely uses the latter method. More here: Rootkit protection in AppDefend... (http://www.wilderssecurity.com/showpost.php?p=611008&postcount=20).

Nick

Ah, yes, thank you very much, Nick. The sad thing is I actually read that before, and forgot it. It sucks to have a sieve for a brain.