How often does rootcheck run?¶
The rootcheck scan frequency is configurable with frequency. By default it runs every 2 hours.
How does rootcheck know the rootkit files to look for?¶
The rootcheck engine has databases of rootkit signatures: rootkit_files.txt, rootkit_trojans.txt and win_malware_rcl.txt. Unfortunately, the signatures are out of date.
Does rootcheck inspect running processes?¶
Yes, rootcheck inspects all running processes looking for discrepancies with different system calls.