Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Rootkit Attacks
Event Description
Event message:
If an Atlas 500 is managed by FusionDirector, a rootkit attack on the Atlas 500 is reported to FusionDirector.
Currently, only user-mode rootkit detection is supported. The rootkit detection features are defined as the combinations of the file paths and directory paths. If one of the following conditions is met, the rootkit of this type is detected:
a. More than 30% of the total features exist in the system.
b. The system contains more than five features, which account for more than 20% of the total features.
c. The system contains hidden features.
Event Attributes
ID |
Severity Level |
Auto Clear |
|---|---|---|
0x01000001 |
Normal |
No |
Impact on the System
A rootkit attack occurs on the device.
Possible Causes
The device has been maliciously attacked.
Procedure
N/A