UPHClean's "Rootkit" Driver

Discussion in 'Ghost Security Suite (GSS)' started by nameless1, Dec 24, 2005.

Thread Status:
Not open for further replies.
  1. nameless1

    nameless1 Guest

    I use both AppDefend and RegDefend. When I installed the Microsoft User Profile Cleanup Service (version 1.6d), AppDefend did not notify me that a "rootkit driver" was being installed.

    However, when I ran RootKit Hook Analyzer, it showed a "rootkit driver" associated with the UPHClean service (named uphclean.sys).

    I am not worried about UPHClean actually being a rootkit. I am wondering why AppDefend did not seem to have caught this driver, or what else may have happened.
     
    nameless1, Dec 24, 2005
    #1
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi nameless1,

    AppDefend protects against "undocumented" driver installation methods, while RegDefend protects against traditional registry-based driver installation. Microsoft's UPHClean setup very likely uses the latter method. More here: Rootkit protection in AppDefend....

    Nick
     
    nick s, Dec 24, 2005
    #2
  3. nameless1

    nameless1 Guest

    Ah, yes, thank you very much, Nick. The sad thing is I actually read that before, and forgot it. It sucks to have a sieve for a brain.
     
    nameless1, Dec 24, 2005
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...