首页> 外国专利> SYSTEM AND METHOD FOR TRANSITIONING TO A WHITELIST MODE DURING A MALWARE ATTACK IN A NETWORK ENVIRONMENT

SYSTEM AND METHOD FOR TRANSITIONING TO A WHITELIST MODE DURING A MALWARE ATTACK IN A NETWORK ENVIRONMENT

机译：在网络环境中从恶意软件攻击过渡到白名单模式的系统和方法

页面导航

摘要
著录项
相似文献

摘要

A method is provided in one example embodiment that includes receiving a signal to enable a whitelist mode on a host in a network, terminating a process executing on the host if the process is not verified, and blocking execution of software objects on the host if the software objects are not represented on the whitelist. In more particular embodiments, the method also includes identifying the process on a process list that enumerates one or more processes executing on the host. Yet further embodiments include quarantining the host if a second process on the process list is a critical process and if the second process is not verified. More specific embodiments include identifying and restarting another process on the process list if process memory was modified.

机译：在一个示例实施例中提供了一种方法，该方法包括：接收用于在网络中的主机上启用白名单模式的信号;如果未验证该进程，则终止在该主机上执行的进程;以及如果该主机上的软件对象被阻止，则终止该进程。软件对象未在白名单中表示。在更特定的实施例中，该方法还包括在枚举在主机上执行的一个或多个进程的进程列表上识别该进程。进一步的实施例包括：如果进程列表上的第二个进程是关键进程并且第二个进程未得到验证，则隔离主机。更具体的实施例包括如果修改了过程存储器，则识别并重新启动过程列表上的另一个过程。

著录项

公开/公告号EP2774072B1

专利类型
公开/公告日2018-07-18

原文格式PDF
申请/专利权人 MCAFEE LLC;
展开▼

申请/专利号EP20120841233
发明设计人 JAYANTHI SRIDHAR;SRINIVASA GANGADHARASA;KHARE PRANEET;
展开▼

申请日2012-09-28
分类号G06F21/10;G06F21/55;H04L29/06;
国家 EP
入库时间 2022-08-21 13:20:04

相似文献

专利
外文文献
中文文献