UPHClean's "Rootkit" Driver

Discussion in 'Ghost Security Suite (GSS)' started by nameless1, Dec 24, 2005.

Thread Status:
Not open for further replies.
  1. nameless1

    nameless1 Guest

    I use both AppDefend and RegDefend. When I installed the Microsoft User Profile Cleanup Service (version 1.6d), AppDefend did not notify me that a "rootkit driver" was being installed.

    However, when I ran RootKit Hook Analyzer, it showed a "rootkit driver" associated with the UPHClean service (named uphclean.sys).

    I am not worried about UPHClean actually being a rootkit. I am wondering why AppDefend did not seem to have caught this driver, or what else may have happened.
  2. nick s

    nick s Registered Member

    Nov 20, 2002
    Hi nameless1,

    AppDefend protects against "undocumented" driver installation methods, while RegDefend protects against traditional registry-based driver installation. Microsoft's UPHClean setup very likely uses the latter method. More here: Rootkit protection in AppDefend....

  3. nameless1

    nameless1 Guest

    Ah, yes, thank you very much, Nick. The sad thing is I actually read that before, and forgot it. It sucks to have a sieve for a brain.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.