Jump to content

Rootkits and Delayed Start of MBAM


Recommended Posts

One of the options in Advanced Settings is to delay the start of MBAM by a pre-determined number of seconds if there are conflicts between MBAM and certain starup processes, such as drivers.

 

What is the potential impact of a delayed start on system security - especially with respect to Rootkits.?

 

My understanding of the most dangerous type of Rootkit is that typically they will run within the first few seconds of startup.  If MBAM is delayed by say 60 seconds, then one may assume that this is more than adequate time for a Rootkit to run. 

 

What action - if any - should a user take to prevent Rootkit infection on a machine that has a delayed start?

 

TiA

 

T.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

For rootkits they typically already own the computer and are at the same or similar kernel level rights as we are so it really depends on what they do or want to do. They can and have fully blocked or removed both antivirus and anti-malware products so it really wouldn't matter what you had your settings set on. Typically the reason for not wanting a delay is the user level infection that attempts to load as soon as the desktop loads which then can potentially launch something else again as well. So yes there is at least some increased risk exposure but don't forget you're also supposed to be running a regular antivirus program at all times that is also looking for any infections.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.