Publicly-reported instances of Rootkit bypassing endpoint security products. Maintained on the same basis for every technique in the Index.
| Product | Entries | High-confidence | Most recent |
|---|---|---|---|
| Microsoft | 2 | 2 | 2026-04-14 |
| AVG | 1 | 1 | 2026-04-14 |
| Avira | 1 | 1 | 2026-04-14 |
| Elastic | 1 | 1 | 2025-10-31 |
| Faceit | 1 | 0 | 2025-05-21 |
| HitmanPro | 1 | 1 | 2026-04-14 |
| Kaspersky | 1 | 1 | 2026-04-14 |
| Avast | 1 | 1 | 2026-04-14 |
| Valve | 1 | 1 | 2024-10-22 |
| Product | Confidence | Disclosed | Source | |
|---|---|---|---|---|
| Avast | high | 2026-04-14 | www.gendigital.com | record → |
| AVG | high | 2026-04-14 | www.gendigital.com | record → |
| Avira | high | 2026-04-14 | www.gendigital.com | record → |
| Microsoft | high | 2026-04-14 | www.gendigital.com | record → |
| HitmanPro | high | 2026-04-14 | www.gendigital.com | record → |
| Kaspersky | high | 2026-04-14 | www.gendigital.com | record → |
| Elastic | high | 2025-10-31 | cyberpress.org | record → |
| Faceit | medium | 2025-05-21 | github.com | record → |
| Valve | high | 2024-10-22 | github.com | record → |
| Microsoft | high | 2024-02-25 | github.com | record → |
Counts reflect distinct publicly-reported events on record; absence of an entry means no confirmed public report is on file.