[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eKernelRootkit\u003c/code\u003e class in the Security Command Center v2 API represents signatures of kernel mode rootkits.\u003c/p\u003e\n"],["\u003cp\u003eThis class includes properties to identify various types of unexpected kernel activities, such as modifications to kernel code and data, as well as unexpected handlers and processes.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eKernelRootkit\u003c/code\u003e class can be instantiated using a default constructor or a copy constructor that accepts another \u003ccode\u003eKernelRootkit\u003c/code\u003e object.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of this documentation is 1.1.0, with an older version of 1.0.0 being also available.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eKernelRootkit\u003c/code\u003e class implements several interfaces, including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, and inherits members from the \u003ccode\u003eobject\u003c/code\u003e class.\u003c/p\u003e\n"]]],[],null,["# Security Command Center v2 API - Class KernelRootkit (1.2.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.2.0 (latest)](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V2/latest/Google.Cloud.SecurityCenter.V2.KernelRootkit)\n- [1.1.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V2/1.1.0/Google.Cloud.SecurityCenter.V2.KernelRootkit)\n- [1.0.0](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V2/1.0.0/Google.Cloud.SecurityCenter.V2.KernelRootkit) \n\n public sealed class KernelRootkit : IMessage\u003cKernelRootkit\u003e, IEquatable\u003cKernelRootkit\u003e, IDeepCloneable\u003cKernelRootkit\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Security Command Center v2 API class KernelRootkit.\n\nKernel mode rootkit signatures. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e KernelRootkit \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[KernelRootkit](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V2/latest/Google.Cloud.SecurityCenter.V2.KernelRootkit), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[KernelRootkit](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V2/latest/Google.Cloud.SecurityCenter.V2.KernelRootkit), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[KernelRootkit](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V2/latest/Google.Cloud.SecurityCenter.V2.KernelRootkit), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.SecurityCenter.V2](/dotnet/docs/reference/Google.Cloud.SecurityCenter.V2/latest/Google.Cloud.SecurityCenter.V2)\n\nAssembly\n--------\n\nGoogle.Cloud.SecurityCenter.V2.dll\n\nConstructors\n------------\n\n### KernelRootkit()\n\n public KernelRootkit()\n\n### KernelRootkit(KernelRootkit)\n\n public KernelRootkit(KernelRootkit other)\n\nProperties\n----------\n\n### Name\n\n public string Name { get; set; }\n\nRootkit name, when available.\n\n### UnexpectedCodeModification\n\n public bool UnexpectedCodeModification { get; set; }\n\nTrue if unexpected modifications of kernel code memory are present.\n\n### UnexpectedFtraceHandler\n\n public bool UnexpectedFtraceHandler { get; set; }\n\nTrue if `ftrace` points are present with callbacks pointing to regions\nthat are not in the expected kernel or module code range.\n\n### UnexpectedInterruptHandler\n\n public bool UnexpectedInterruptHandler { get; set; }\n\nTrue if interrupt handlers that are are not in the expected kernel or\nmodule code regions are present.\n\n### UnexpectedKernelCodePages\n\n public bool UnexpectedKernelCodePages { get; set; }\n\nTrue if kernel code pages that are not in the expected kernel or module\ncode regions are present.\n\n### UnexpectedKprobeHandler\n\n public bool UnexpectedKprobeHandler { get; set; }\n\nTrue if `kprobe` points are present with callbacks pointing to regions\nthat are not in the expected kernel or module code range.\n\n### UnexpectedProcessesInRunqueue\n\n public bool UnexpectedProcessesInRunqueue { get; set; }\n\nTrue if unexpected processes in the scheduler run queue are present. Such\nprocesses are in the run queue, but not in the process task list.\n\n### UnexpectedReadOnlyDataModification\n\n public bool UnexpectedReadOnlyDataModification { get; set; }\n\nTrue if unexpected modifications of kernel read-only data memory are\npresent.\n\n### UnexpectedSystemCallHandler\n\n public bool UnexpectedSystemCallHandler { get; set; }\n\nTrue if system call handlers that are are not in the expected kernel or\nmodule code regions are present."]]