Capsule8 Docs
Capsule8 Docs

Infection Strategies

Infection defines a family of strategies containing policies that detect persistence mechanisms and malware. For example, Infection can help you discover rootkits or ransomware.

How to create an Infection Strategy

  • Persistence: Any attempt to achieve persistence (in memory, via rootkits etc).
  • Malware: Exploitation involving known malware and/or malware techniques.
  • Generic: Any exploitation technique not falling within the above categories

Policy types


Strategy Description
yaraScan A background scanner that tests parts of the subsystem against predefined YARA rules

Default Infection Strategies

There are no default strategies for the Infection strategy type.