I mean lets say if i inject harmful code into a process that is on that list, will it be safe running that code ?
At the very least it would invalidate the digital verification.
I always find it hard to trust a computer once it becomes infected.
these pesky rootkits like to stick on kernel mode processes, to drivers and such, so that they can hide in the shadows. Youll never find em this way
Some rootkit writers don't bother going deep in the kernel because they don't need to and it would be more work then necessary and it could cause problem and tip off the user.
P.S. putting it in the kernel don't make it harder to hide, just harder to clean. That's all