Hi Mark,
Welcome to Adlice.com forum.
We were not able to get any Purple Fox malware payloads, so I can't answer you with certainty.
However, I can provide you some insights at what point, RogueKiller will trigger an alert. I will refer to the Guardicore tehnical as a reference.
The MSI/MOE installer being launched from a SMB drive will normally be detected as [Suspicious.Path].
The encrypted file containing the rootkit will be detected by MalPE, our heuristic engine.
Unfortunately, Guardicore does not provide any indication about the DLL payloads (winupdate64/winupdate32), so I don't have any clue about them.
Regards.
Topic: Does Rogus Killer guard against Purple Fox Roootkit / Worm? (Read 3133 times)
