Active rule currently published.
This rule is detects when an attempt is made to insert a kernel module, and this has failed. This may indicate that an attacker has tried to insert code into your kernel, such as a rootkit. This may also indicate that you have an application is trying to insert code into the kernel, such as a kernel module.
The secure ASL kernel prevents any user or process, including root, from modifying the kernel. This prevents rootkits from being installed into the kernel. Please see the URL below for further guidance:
There is no known false positive for this rule. This rule detects when a kernel module insertion attempt has failed. Please see the URL below if you wish to allow kernel modifications on your system:
Knowledge Base Articles