MSE与360的疑问

wjcharles

见MSE日志：
Name: Informational:Behavior/ModifiedKernel

ID: 2133215269

Severity: Low

Category: Suspicious Behavior

Path: process:0

Detection Origin: Unknown

Detection Type: Suspicious

Detection Source: Real-Time Protection

Status: Executing

User: Unknown\Unknown

Process Name: Unknown

Signature ID: 717259538435

Signature Version: AV: 1.85.825.0, AS: 1.85.825.0

Engine Version: 1.1.5902.0

Fidelity Label:  Medium

Target File Name:  \??\C:\Program Files\360\360Safe\firstaid\Fix\FsWriteBack.sys


微软的介绍：
Informational:Behavior/ModifiedKernel Behavior Monitoring has detected signs of tampering in the state of the running operating system kernel.

Malware known as kernel-modifying “rootkits” typically modify kernel state in order to cause the kernel to hide malicious files, processes, and network connections from administrators.  However, some benign programs also modify kernel state in a similar way for legitimate purposes.  Consequently, when Next Generation Forefront Client Security detects kernel state tampering, it is not a certain indication that the system is infected with a rootkit.

The Modified Kernel detection creates a 1015 event in the System Event Log.  The Path Found field will indicate the driver connected with the tampering, if Next Generation Forefront Client Security can identify that driver.

当时刚对MSE进行手动升级，对360没有操作。。。

xing2005206

数字实在不感兴趣。

zhanyuchenbobo

对某数字的行为不予置评

lpaaaaa

我逃。。。

悠柚

加驱动当然是可疑行为了

Severity: Low

Category: Suspicious Behavior

MSE只是报了可疑行为而已，没什么大不了的

toofeng

我就说吧，360不要太嚣张，早晚被抓到，奶奶的。

勇者无敌

我就说吧，360不要太嚣张，早晚被抓到，奶奶的。
toofeng 发表于 2010.6.26 18:48

鸡婆婆说的是

yybird81

俺现在不敢说数字坏话了。

皇柝

我就说吧，360不要太嚣张，早晚被抓到，奶奶的。
toofeng 发表于 2010.6.26 18:48

膜拜鸡婆婆

107

谁用谁知道