METHOD AND APPARATUS FOR DETERMINING BEHAVIOUR INFORMATION CORRESPONDING TO DANGEROUS FILE

摘要

A method for determining behaviour information corresponding to a dangerous file in a computer device. The method comprises: when a dangerous file is detected, running the dangerous file in a virtual environment of the computer device, wherein the virtual environment comprises at least one virtual API identical to at least one real API in a real environment of the computer device; and monitoring the behaviour of the dangerous file in the virtual environment to obtain behaviour information corresponding to the dangerous file. According to the method, the behaviour information about the dangerous file can be rapidly obtained in the virtual environment without needing to artificially analyse the destructive behaviour of the dangerous file, so as to rapidly and comprehensively repair a real system of the computer device.