摘要 |
Scanning engine (i.e. program(s) or application(s)) 310 sends request 315 to direct file system access engine (i.e. program(s) or application(s)) 360. Direct file system access engine 360 receives request 315 and passes request 315 to file system(s) 350 as request 325. No filter program(s) 340 receive program control as request 325 bypasses any filter program(s) 340. The direct file system access engine 360 receives unaltered information from file system(s) 350. Utilising Direct File Access (DFA) allows bypass of user mode hooking-type malwares, kernel, and file system filter programs to obtain access to or communicate with the real underlying file system(s). This provides a 'clean' view of the file system(s) in situations where user/kernel components are compromised or rootkit file system filter programs are installed.
|