首页>
外国专利>
Method and system for detection of previously unknown malware components
Method and system for detection of previously unknown malware components
展开▼
机译:用于检测先前未知的恶意软件组件的方法和系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
A system, method, and computer program product for identifying malware components on a computer, including detecting an attempt to create or modify an executable file or an attempt to write to a system registry; logging the attempt as an auditable event; performing a malware check on executable files of the computer; if malware is detected on the computer, identifying all other files created or modified during the auditable event, and all other processes related to the auditable event; terminating the processes related to the auditable event; deleting or quarantining the executable files created or modified during the auditable event; and if the deleted executable files include any system files, restoring the system files from a trusted backup. Optionally, all files and processes having a parent-child relationship to a known malware component or known infected file are identified. A log of auditable events is maintained, and is recoverable after system reboot.
展开▼