Scan hdd with rkhunter from live usb

I have older ASUS notebook with Debian 11 installation. If I run OS and especially when plug in network wire, then I got performance issues. I did advances memory test with Memtest86+, without any errors. Then I created kali-linux live usb to perform some health checks. If I run ┌──(kali㉿kali)-[~] └─$ sudo rkhunter -c or: sudo mkdir /mnt/temp sudo mount /dev/sda1 /mnt/temp ┌──(kali㉿kali)-[/mnt/temp] └─$ sudo rkhunter -c I got the summary: System checks summary ===================== File properties checks... Files checked: 145 Suspect files: 117 Rootkit checks... Rootkits checked : 497 Possible rootkits: 6 Applications checks... All checks skipped The system checks took: 11 minutes and 43 seconds All results have been written to the log file: /var/log/rkhunter.log One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) Are those false positive scans? Got the same results after sudo rkhunter --propupd. Does the result belongs only to kali, how to run proper check for /dev/sda? ┌──(kali㉿kali)-[/mnt/temp] └─$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS loop0 7:0 0 3.3G 1 loop /usr/lib/live/mount/rootfs/filesystem.squashfs /run/live/rootfs/filesystem.squashfs sda 8:0 0 149.1G 0 disk ├─sda1 8:1 0 500M 0 part /mnt/temp ├─sda2 8:2 0 53.7G 0 part ├─sda3 8:3 0 2.1G 0 part └─sda4 8:4 0 19.8M 0 part sdb 8:16 1 14.5G 0 disk ├─sdb1 8:17 1 3.9G 0 part /usr/lib/live/mount/medium │ /run/live/medium └─sdb2 8:18 1 896K 0 part sr0 11:0 1 1024M 0 rom /var/log/rkhunter.log: ... [09:34:48] Performing file properties checks [09:34:48] Checking for prerequisites [ OK ] [09:35:05] /usr/sbin/adduser [ Warning ] [09:35:06] Warning: File '/usr/sbin/adduser' has the immutable-bit set. [09:35:06] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check. [09:35:06] /usr/sbin/chroot [ Warning ] [09:35:07] Warning: File '/usr/sbin/chroot' has the immutable-bit set. [09:35:07] /usr/sbin/cron [ Warning ] [09:35:07] Warning: File '/usr/sbin/cron' has the immutable-bit set. [09:35:08] /usr/sbin/depmod [ OK ] [09:35:09] /usr/sbin/fsck [ Warning ] [09:35:09] Warning: File '/usr/sbin/fsck' has the immutable-bit set. [09:35:10] /usr/sbin/groupadd [ Warning ] [09:35:10] Warning: File '/usr/sbin/groupadd' has the immutable-bit set. [09:35:10] /usr/sbin/groupdel [ Warning ] ... [09:43:45] Checking for login backdoors [ None found ] [09:43:45] [09:43:45] Info: Starting test name 'sniffer_logs' [09:43:46] Checking for file '/usr/lib/libice.log' [ Not found ] [09:43:46] Checking for file '/dev/prom/sn.l' [ Not found ] [09:43:46] Checking for file '/dev/fd/.88/zxsniff.log' [ Not found ] [09:43:46] Checking for sniffer log files [ None found ] [09:43:46] [09:43:46] Info: Starting test name 'tripwire' [09:43:46] Checking for software intrusions [ Skipped ] [09:43:46] Info: Check skipped - tripwire not installed [09:43:46] [09:43:46] Info: Starting test name 'susp_dirs' [09:43:46] Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ] [09:43:46] Checking for directory '/dev/rd/cdb' [ Not found ] [09:43:47] Checking for suspicious directories [ None found ] [09:43:47] [09:43:47] Info: Starting test name 'ipc_shared_mem' [09:43:47] Info: The minimum shared memory segment size to be checked (in bytes): 1048576 (1.0MB) [09:43:48] Checking for suspicious (large) shared memory segments [ Warning ] [09:43:48] Warning: The following suspicious (large) shared memory segments have been found: [09:43:48] Process: /usr/bin/xfce4-taskmanager PID: 2826 Owner: kali Size: 2.0MB (configured size allowed: 1.0MB) [09:43:48] Process: /usr/bin/xfdesktop PID: 1839 Owner: kali Size: 2.0MB (configured size allowed: 1.0MB) [09:43:49] Process: /usr/lib/firefox-esr/firefox-esr PID: 2276 Owner: kali Size: 4.2MB (configured size allowed: 1.0MB) [09:43:49] Process: /usr/lib/firefox-esr/firefox-esr PID: 2276 Owner: kali Size: 4.2MB (configured size allowed: 1.0MB) [09:43:49] Process: /usr/bin/thunar PID: 1834 Owner: kali Size: 16MB (configured size allowed: 1.0MB) [09:43:49] Process: /usr/bin/xfwm4 PID: 1777 Owner: kali Size: 2.0MB (configured size allowed: 1.0MB) [09:43:49] [09:43:49] Info: Starting test name 'trojans' [09:43:49] Performing trojan specific checks [09:43:49] Checking for enabled inetd services [ Skipped ] [09:43:49] Info: Check skipped - file '/etc/inetd.conf' does not exist. [09:43:49] Checking for enabled xinetd services [ Skipped ] [09:43:49] Info: Check skipped - file '/etc/xinetd.conf' does not exist. [09:43:50] Checking for Apache backdoor [ Not found ] [09:43:50] ...