Hi, I've just installed CSA agent on a host and right away CSA has detected the dsload.sys has modified the kernel and put the host into rootkit system state. I've searched the sites and found out dsload.sys is belong to Oracle however I am not able to find any information about this file. Will this file be a threat to the system? Have any one seen this before?
Kernel functionality has been modified by the module C:\WINNT\System32\drivers\dsload.sys. The module 'C:\WINNT\System32\drivers\dsload.sys' is used by entries in the System syscall table. The specified action was taken to set detected rootkit as Untrusted.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...