What are some ways to defend against process hiding via global API hooks?

On Windows 7 and earlier systems, check the registry keys `AppInit_DLLs` under both the standard and Wow6432Node paths for any suspicious DLL paths. Also use Process Explorer (with administrator privileges) to inspect loaded DLLs in all processes. Enabling `RequireSignedAppInit_DLLs` can also block unsigned hook DLLs. These defensive measures are outlined in Using global API hooks to hide processes on Windows 7 systems.