-
公开(公告)号:US20110093953A1
公开(公告)日:2011-04-21
申请号:US12582260
申请日:2009-10-20
IPC分类号: G06F21/22
CPC分类号: G06F21/629 , G06F21/56 , G06F21/568 , G06F2221/2115 , G06F2221/2141 , G06F2221/2147 , H04L63/12
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for responding to an attempt to disable a malware protection program and performing an identification process and one or more protection processes to prevent the execution of potentially malicious code. In one aspect, a method includes monitoring for attempts to disable a malware protection program, identifying a process that generated an attempt to disable the malware protection program, determining whether the process is an approved process, and in response, performing one or more protection processes on the process so as to prevent the execution of potentially malicious code.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于响应企图禁用恶意软件保护程序并执行识别过程以及一个或多个保护过程以防止执行潜在的恶意代码。 一方面,一种方法包括监视尝试禁用恶意软件保护程序,识别生成尝试禁用恶意软件保护程序的过程,确定该过程是否是经批准的过程,以及响应于执行一个或多个保护过程 在此过程中,以防止执行潜在的恶意代码。
-
公开(公告)号:US09015829B2
公开(公告)日:2015-04-21
申请号:US12582260
申请日:2009-10-20
IPC分类号: G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F21/62 , G06F21/56 , G06F7/04 , G06F17/30 , H04N7/16 , H04L29/06
CPC分类号: G06F21/629 , G06F21/56 , G06F21/568 , G06F2221/2115 , G06F2221/2141 , G06F2221/2147 , H04L63/12
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for responding to an attempt to disable a malware protection program and performing an identification process and one or more protection processes to prevent the execution of potentially malicious code. In one aspect, a method includes monitoring for attempts to disable a malware protection program, identifying a process that generated an attempt to disable the malware protection program, determining whether the process is an approved process, and in response, performing one or more protection processes on the process so as to prevent the execution of potentially malicious code.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于响应企图禁用恶意软件保护程序并执行识别过程以及一个或多个保护过程以防止执行潜在的恶意代码。 一方面,一种方法包括监视尝试禁用恶意软件保护程序,识别生成尝试禁用恶意软件保护程序的过程,确定该过程是否是经批准的过程,以及响应于执行一个或多个保护过程 在此过程中,以防止执行潜在的恶意代码。
-
公开(公告)号:US08863282B2
公开(公告)日:2014-10-14
申请号:US12579679
申请日:2009-10-15
CPC分类号: G06F21/51 , G06F21/554 , G06F21/56 , H04L63/145
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for monitoring the generation of link files by processes on a computer and performing protection processes based on whether the link files target malicious objects or are generated by malicious processes. In one aspect, a method includes monitoring for a generation of a first file that includes a target path that points to an object; in response to monitoring the generation of the first file: determining whether the target path is a uniform resource locator; in response to determining that the target path is a uniform resource locator, identifying a process that caused the first file to be generated; determining whether the process is a prohibited process; in response to determining that the process is a prohibited process, performing one or more protection processes on the process and the first file; in response to determining that the process is not a prohibited process, determining whether the uniform resource locator is a prohibited uniform resource locator; in response to determining that the uniform resource locator is a prohibited uniform resource locator, performing one or more protection processes on the process and the first file.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于通过计算机上的进程来监视链接文件的生成,并且基于链接文件是否针对恶意对象或由恶意进程生成来执行保护过程。 一方面,一种方法包括监视包括指向对象的目标路径的第一文件的生成; 响应于监视所述第一文件的生成:确定所述目标路径是否是统一资源定位符; 响应于确定所述目标路径是统一资源定位符,识别导致所述第一文件被生成的进程; 确定进程是否是禁止进程; 响应于确定所述进程是被禁止的进程,对所述进程和所述第一文件执行一个或多个保护进程; 响应于确定所述处理不是禁止进程,确定所述统一资源定位符是否是禁止的统一资源定位符; 响应于确定统一资源定位符是禁止的统一资源定位符,对进程和第一文件执行一个或多个保护处理。
-
公开(公告)号:US20110093952A1
公开(公告)日:2011-04-21
申请号:US12579679
申请日:2009-10-15
IPC分类号: G06F21/00 , G06F12/14 , G06F15/173
CPC分类号: G06F21/51 , G06F21/554 , G06F21/56 , H04L63/145
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for monitoring the generation of link files by processes on a computer and performing protection processes based on whether the link files target malicious objects or are generated by malicious processes. In one aspect, a method includes monitoring for a generation of a first file that includes a target path that points to an object; in response to monitoring the generation of the first file: determining whether the target path is a uniform resource locator; in response to determining that the target path is a uniform resource locator, identifying a process that caused the first file to be generated; determining whether the process is a prohibited process; in response to determining that the process is a prohibited process, performing one or more protection processes on the process and the first file; in response to determining that the process is not a prohibited process, determining whether the uniform resource locator is a prohibited uniform resource locator; in response to determining that the uniform resource locator is a prohibited uniform resource locator, performing one or more protection processes on the process and the first file.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于通过计算机上的进程来监视链接文件的生成,并且基于链接文件是否针对恶意对象或由恶意进程生成来执行保护过程。 一方面,一种方法包括监视包括指向对象的目标路径的第一文件的生成; 响应于监视所述第一文件的生成:确定所述目标路径是否是统一资源定位符; 响应于确定所述目标路径是统一资源定位符,识别导致所述第一文件被生成的进程; 确定进程是否是禁止进程; 响应于确定所述进程是被禁止的进程,对所述进程和所述第一文件执行一个或多个保护进程; 响应于确定所述处理不是禁止进程,确定所述统一资源定位符是否是禁止的统一资源定位符; 响应于确定统一资源定位符是禁止的统一资源定位符,对进程和第一文件执行一个或多个保护处理。
-
公开(公告)号:US09135443B2
公开(公告)日:2015-09-15
申请号:US12774870
申请日:2010-05-06
CPC分类号: G06F21/566 , G06F21/564
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for identifying and processing malicious threads In one aspect, a method includes identifying a memory heap block; identifying threads that reside in the memory heap block; determining whether at least one of the identified threads in the memory heap block is a malicious thread; and in response to determining that at least one of the identified threads is a malicious thread, terminating each of the identified threads.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的用于识别和处理恶意线程的计算机程序。一方面,一种方法包括识别存储器堆块; 识别驻留在内存堆块中的线程; 确定所述存储器堆块中所识别的线程中的至少一个是否是恶意线程; 并且响应于确定所识别的线程中的至少一个是恶意线程,终止所识别的线程中的每一个。
-
公开(公告)号:US20110277033A1
公开(公告)日:2011-11-10
申请号:US12774870
申请日:2010-05-06
CPC分类号: G06F21/566 , G06F21/564
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for identifying and processing malicious threads In one aspect, a method includes identifying a memory heap block; identifying threads that reside in the memory heap block; determining whether at least one of the identified threads in the memory heap block is a malicious thread; and in response to determining that at least one of the identified threads is a malicious thread, terminating each of the identified threads
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的用于识别和处理恶意线程的计算机程序。一方面,一种方法包括识别存储器堆块; 识别驻留在内存堆块中的线程; 确定所述存储器堆块中所识别的线程中的至少一个是否是恶意线程; 并且响应于确定所识别的线程中的至少一个是恶意线程,终止所识别的线程中的每一个
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.012 秒)
