In the cases where these are detected, they can simply be removed completely.
As I did not want to depend on these files for my own work, I only use them in two minor cases:
- Stealth Mode, which doesn’t fully work.
- Removing debugging protections when attaching the debugger.
If you never need these two features, just remove those files.
Soon my own kernel-mode driver will replace these files and being as unknown as my software is (despite the fact that I have tons of contacts directly inside the industry) it will go back into being undetected.
My driver will also not be detectable by name, as it will have a new name each time you run Memory Hacking Software.
L. Spiro