• wizardbeard@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    5 months ago

    It is a driver though, it runs at kernel level and intercepts system calls for logging, analysis, and potential blocking if malware type patterns are detected in the system calls.