[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe latest version of the Google Cloud Security Center v1 API class KernelRootkit is 3.24.0, with numerous prior versions available for use, including 3.23.0 down to version 2.2.0.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eKernelRootkit\u003c/code\u003e class provides signatures for detecting kernel mode rootkits, and implements interfaces such as \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe class contains properties to check for various indicators of rootkit presence, including \u003ccode\u003eUnexpectedCodeModification\u003c/code\u003e, \u003ccode\u003eUnexpectedFtraceHandler\u003c/code\u003e, \u003ccode\u003eUnexpectedInterruptHandler\u003c/code\u003e, \u003ccode\u003eUnexpectedKernelCodePages\u003c/code\u003e, \u003ccode\u003eUnexpectedKprobeHandler\u003c/code\u003e, \u003ccode\u003eUnexpectedProcessesInRunqueue\u003c/code\u003e, \u003ccode\u003eUnexpectedReadOnlyDataModification\u003c/code\u003e, and \u003ccode\u003eUnexpectedSystemCallHandler\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eKernelRootkit\u003c/code\u003e objects can be constructed using a default constructor \u003ccode\u003eKernelRootkit()\u003c/code\u003e or by copying an existing \u003ccode\u003eKernelRootkit\u003c/code\u003e object using \u003ccode\u003eKernelRootkit(KernelRootkit other)\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eIt has a \u003ccode\u003eName\u003c/code\u003e property, representing the rootkit's name when available, and all other properties are boolean values representing the presence of rootkit indicators.\u003c/p\u003e\n"]]],[],null,["# Google Cloud Security Command Center v1 API - Class KernelRootkit (3.24.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.24.0 (latest)](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/latest/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.23.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.23.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.22.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.22.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.21.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.21.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.20.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.20.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.19.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.19.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.18.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.18.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.17.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.17.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.16.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.16.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.15.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.15.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.14.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.14.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.13.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.13.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.12.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.12.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.11.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.11.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.10.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.10.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.9.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.9.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.8.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.8.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.7.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.7.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.6.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.6.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.5.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.5.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.4.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.4.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.3.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.2.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.1.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [3.0.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/3.0.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.13.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.13.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.12.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.12.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.11.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.11.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.10.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.10.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.9.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.9.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.8.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.8.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.7.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.7.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.6.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.6.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.5.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.5.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.4.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.4.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.3.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.3.0/Google.Cloud.SecurityCenter.V1.KernelRootkit)\n- [2.2.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/2.2.0/Google.Cloud.SecurityCenter.V1.KernelRootkit) \n\n public sealed class KernelRootkit : IMessage\u003cKernelRootkit\u003e, IEquatable\u003cKernelRootkit\u003e, IDeepCloneable\u003cKernelRootkit\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Google Cloud Security Command Center v1 API class KernelRootkit.\n\nKernel mode rootkit signatures. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e KernelRootkit \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[KernelRootkit](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/latest/Google.Cloud.SecurityCenter.V1.KernelRootkit), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[KernelRootkit](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/latest/Google.Cloud.SecurityCenter.V1.KernelRootkit), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[KernelRootkit](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/latest/Google.Cloud.SecurityCenter.V1.KernelRootkit), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.SecurityCenter.V1](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V1/latest/Google.Cloud.SecurityCenter.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.SecurityCenter.V1.dll\n\nConstructors\n------------\n\n### KernelRootkit()\n\n public KernelRootkit()\n\n### KernelRootkit(KernelRootkit)\n\n public KernelRootkit(KernelRootkit other)\n\nProperties\n----------\n\n### Name\n\n public string Name { get; set; }\n\nRootkit name, when available.\n\n### UnexpectedCodeModification\n\n public bool UnexpectedCodeModification { get; set; }\n\nTrue if unexpected modifications of kernel code memory are present.\n\n### UnexpectedFtraceHandler\n\n public bool UnexpectedFtraceHandler { get; set; }\n\nTrue if `ftrace` points are present with callbacks pointing to regions\nthat are not in the expected kernel or module code range.\n\n### UnexpectedInterruptHandler\n\n public bool UnexpectedInterruptHandler { get; set; }\n\nTrue if interrupt handlers that are are not in the expected kernel or\nmodule code regions are present.\n\n### UnexpectedKernelCodePages\n\n public bool UnexpectedKernelCodePages { get; set; }\n\nTrue if kernel code pages that are not in the expected kernel or module\ncode regions are present.\n\n### UnexpectedKprobeHandler\n\n public bool UnexpectedKprobeHandler { get; set; }\n\nTrue if `kprobe` points are present with callbacks pointing to regions\nthat are not in the expected kernel or module code range.\n\n### UnexpectedProcessesInRunqueue\n\n public bool UnexpectedProcessesInRunqueue { get; set; }\n\nTrue if unexpected processes in the scheduler run queue are present. Such\nprocesses are in the run queue, but not in the process task list.\n\n### UnexpectedReadOnlyDataModification\n\n public bool UnexpectedReadOnlyDataModification { get; set; }\n\nTrue if unexpected modifications of kernel read-only data memory are\npresent.\n\n### UnexpectedSystemCallHandler\n\n public bool UnexpectedSystemCallHandler { get; set; }\n\nTrue if system call handlers that are are not in the expected kernel or\nmodule code regions are present."]]
