Esc

Host Reboot

Definition

Initiating a host's reboot sequence to terminate all running processes.

How It Works

Host reboot can either be initiated in the physical presence of the device using the power functions or remotely using the provided user interface or an installed EDR agent (with the available function). This process may allow for the removal of specific types of malware, such as fileless malware, and can also prevent further damage, for example, if the system is part of a botnet.

Considerations

If the attacker has achieved persistence techniques, this technique may not be effective
Compromised systems may not respond to remote commands to shutdown or reboot, requiring physical intervention.
Shutting down a system will usually result in the memory losing its state which can be useful in forensic activities so this should be considered when deciding to shutdown.
Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.

json

References

All

Academic Paper

The following references were used to develop the Host Reboot knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

Near-Memory & In-Memory Detection of Fileless Malware

Reference Type: Academic Paper Author: Marcus Botacin, André Grégio, Marco Antonio Zanata Alves

Source: https://web.inf.ufpr.br/mazalves/wp-content/uploads/sites/13/2021/03/memsys2020.pdf

D3FEND^™

A knowledge graph of cybersecurity countermeasures