I noticed KIS occasionally makes SQL calls to MS SQL Server. It sends a SELECT for each database on the server looking for rows from sys.assemblies. I’m assuming it’s able to access MSSQL and the databases using the elevated permissions granted to the KIS app. I can understand anti-virus apps checking the CLR assemblies for malware, but this approach via SQL seems unusual to me.
Can anyone provide any insight on this?
Best answer by Wesly.ZhangView original