home

protectfs.sys

Kakasoft Software Co. Ltd

It runs as a Windows 64-bit file system device driver named “RealMonitor”. This is installed with Advanced Folder Encryption.
Publisher:
Kakasoft Software Co. Ltd  (signed and verified)

MD5:
4421fcea184516b4b71a20a22e71a564

SHA-1:
178b74a4b5de38b5a4bbcac00b818c94cea343e3

SHA-256:
ce87535f65e7e47efcd613dab23b2f979b1c4335d909096b46e0a81a85591980

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 7:04:42 PM UTC  (today)

File size:
27.6 KB (28,232 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\protectfs.sys

Digital Signature
Signed by:
Kakasoft Software Co. Ltd

Authority:
Thawte, Inc.

Valid from:
11/20/2012 1:00:00 AM

Valid to:
11/21/2014 12:59:59 AM

Subject:
CN=Kakasoft Software Co. Ltd, O=Kakasoft Software Co. Ltd, L=shenzhen, S=guangdong, C=CN

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6C54BB642CF1C0097FC29E20512C7527

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
384:kDHsVxRbi8rBODbnc4Ovr31b7wg144LlCPXdks/8OLWFvxKujPu8Aen0:kkRb51bIsM0T1n0

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 70, A4, FF, FF, CC, CC, C0, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, 74, 00, 00, 34, 50, 00, 00, 8C, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D4, 75, 00, 00, 00, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9E, 75, 00, 00, 80, 75, 00, 00, 60, 75, 00, 00, 4C, 75, 00, 00, 28, 75, 00, 00, 0A, 75, 00, 00, EE, 74, 00, 00, DA, 74, 00, 00, C4, 74, 00, 00, A8, 74, 00, 00, 92, 74, 00, 00, BA, 75, 00, 00, 00, 00...
 
[+]

Entropy:
6.6229

Driver
Display name:
RealMonitor

Type:
File system 'filter' driver (FileSystemDriver)

Group:
FSFilter Activity Monitor

Depends on:
FltMgr


The file protectfs.sys has been discovered within the following programs.

Advanced Folder Encryption  by Kakasoft, Inc.
www.kakasoft.com
About 2% of users remove it
 
Powered by Should I Remove It?

Scan protectfs.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.