|
|
|
|
|
|
by the8472
704 days ago
|
|
|
I don't think this follows. Those vendors are third parties and reach for whatever they can get. Yes, if microsoft didn't allow kernel extensions then crowdstrike would run as SYSTEM in userspace, but that doesn't tell use whether they need it or not, it only tells us that they want it. Based on other comments it can run as kernel module or as eBPF filters on linux. So I guess to them it's a less invasive/more power tradeoff which they'll take whenever it's available. |
|
|