Crowdstrike and other tools that have this access is for them to update their agents so that in case they see a ransomware or attack pattern to push it out to as many devices as possible to stem the attack. Do you need all this crazy level of kernel access, probably not, I hope they will have some refactoring efforts in the future.
Sohcahtoa82|1 year ago
You absolutely do. Otherwise, you'll be unable to detect malware that IS putting itself into the kernel.