|
|
|
|
|
|
by tamiral
693 days ago
|
|
|
Crowdstrike and other tools that have this access is for them to update their agents so that in case they see a ransomware or attack pattern to push it out to as many devices as possible to stem the attack. Do you need all this crazy level of kernel access, probably not, I hope they will have some refactoring efforts in the future. |
|
|
You absolutely do. Otherwise, you'll be unable to detect malware that IS putting itself into the kernel.