首页>
外国专利>
REAL-TIME DETECTION OF AND PROTECTION FROM MALWARE AND STEGANOGRAPHY IN A KERNEL MODE
REAL-TIME DETECTION OF AND PROTECTION FROM MALWARE AND STEGANOGRAPHY IN A KERNEL MODE
展开▼
机译:内核模式下恶意软件和象形文字的实时检测和防护
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method for real-time detection of malware in a Kernel mode includes detecting a file operation request initiated by a process running in user mode. Malware detection analytics is performed on a file buffer associated with the detected file operation request to detect behavior indicating presence of malware. Responsive to detecting the behavior indicating the presence of the malware, the process responsible for initiating the detected file operation request is identified. A search for the identified process is performed on one or more of a blacklist of programs and a whitelist of programs to determine whether the identified process is a trusted process. Responsive to determining that the identified process is not a trusted process, a malware remediation action is executed against the identified process. Information describing the malware is transmitted to a client device.
展开▼