Warning: This is the documentation for Wazuh 3.2. Check out the docs for the latest version of Wazuh!
FAQ¶
How often does rootcheck run?¶
The rootcheck scan frequency is configurable with frequency. By default it runs every 2 hours.
How does rootcheck know the rootkit files to look for?¶
The rootcheck engine has databases of rootkit signatures: rootkit_files.txt, rootkit_trojans.txt and win_malware_rcl.txt. Unfortunately, the signatures are out of date.
Does rootcheck inspect running processes?¶
Yes, rootcheck inspects all running processes looking for discrepancies with different system calls.