首页>
外国专利>
Malware detection efficacy by identifying installation and uninstallation scenarios
Malware detection efficacy by identifying installation and uninstallation scenarios
展开▼
机译:通过确定安装和卸载方案来检测恶意软件
展开▼
页面导航
摘要
著录项
相似文献
摘要
The launch of an installer or uninstaller is detected. A process lineage tree is created representing the detected launched installer/uninstaller process, and all processes launched directly and indirectly thereby. The detected installer/uninstaller process is represented by the root node in the process lineage tree. Launches of child processes by the installer/uninstaller process and by any subsequently launched child processes are detected. The launched child processes are represented by child nodes in the tree. As long as the installer/uninstaller process represented by the root node in the tree is running, the processes represented by nodes in tree are exempted from anti-malware analysis. The termination of the installer/uninstaller process is detected, after which the processes represented by nodes in the process lineage tree are no longer exempted from anti-malware analysis.
展开▼