Does PatchGuard stop kernel level keyloggers? Or rather, did it?

I know PatchGuard made it hard/near impossible for rootkits to infect an x64 system and retain system stability, but how about kernel level keyloggers? Since PatchGuard protects the kernel, are keyloggers that don't use TDL3's method of infection still hindered by PatchGuard?

 

PatchGuard can't protect against kernel-level keyloggers as they are using legitimate IRP filtering. Or it may use another trick (driver device function hook) PG does not control.

 

then 64 is not as secure as they promissed

 

It was only a matter of time until x64 would be exposed to threats it supposedly would be immune to.

 

Doesn,t every kernel based keylogger needs to install a driver for its keylogging and this driver install will be stopped by PatchGuard?

 

No. Test the Zemana keylogger or Spyshelters keylogger on a Windows x64 system and you'll have the evidence right there. Please note that those keyloggers are not actually malware, but merely testing tools.

 

There is only one really working protection mechanism to prevent malware in kernel mode- loading only signed driver files. But it can be subverted with MBR trick. PatchGuard doesn't protect the system as advertised.

 

agree

 

They are not kernel based keyloggers I think.