“Although Channel Files end with the SYS extension, they are not kernel drivers.”
I’ve seen some hairs split over this but, I believe since the falcon driver itself is at kernel it’s still a mute point in it’s effects. Whether the .sys was a CS pack or not, it interacted with the sensor @ kernel in a harmful way. A technical difference yes but, IIWII
whether “driver” or something else…the point is having to “operate within kernel” for detection means you have to keep messing with the kernel level stuff with regular updates.
the more you mess with kernel level the higher the chances of outages.
their legacy architecture of trying to “detect” requires them to do regular updates to kernel and it must be done fast otherwise no protection. it is a catch 22.