Detection rules › Sigma
CodeIntegrity - Unsigned Kernel Module Loaded
Detects the presence of a loaded unsigned kernel module on the system.
Event coverage
| Provider | Event ID | Title |
|---|---|---|
| CodeIntegrity | 3001 | Code Integrity determined an unsigned kernel module FileNameBuffer is loaded into the system. |