its a very simple question but might not be too trivial. Imagine an attacker has access to your device and gained SYSTEM privilege. Your company has installed a logging agent on your device to capture all these malicious activities, is there any ways to prevent an attacker from stopping the logging agent and send “Green” traffic back to the logging server?
One way that I can think of is using something similar to cred guard in windows 10, you have a hypervisor and running the agent in a separate “god” mode memory region. So the agent can oversee all the malicious activities and attacker wouldn’t be able to modify it. (This requires hypervisor mode to be enabled.)
Sandboxing might help here, but let’s just assume the attacker gained OS level privilege.
Will using an external electronic device help here? (Touchbar in mac)