摘要:
A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.
摘要:
A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.
摘要:
A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event.
摘要:
A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event.
摘要:
A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data.
摘要:
A system, method, and computer program product are provided for scanning data utilizing one of a plurality of virtual machines of a device. In use, data to be scanned is identified utilizing a first virtual machine of a device, where the device further includes at least one second virtual machine and a cache shared by the first virtual machine and the second virtual machine. Additionally, it is determined whether the data was previously scanned by the at least one second virtual machine, utilizing the cache. Furthermore, the data is conditionally scanned utilizing the first virtual machine based on the determination.
摘要:
A system, method, and computer program product are provided for processing a task utilizing a virtual machine as a function of an aspect of another virtual machine. In use, a task to be processed is identified. Furthermore, the task is processed utilizing at least one virtual machine located in a device as a function of at least one aspect of at least one other virtual machine located on the device.
摘要:
A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data.
摘要:
A system, method, and computer program product are provided for scanning data utilizing one of a plurality of virtual, machines of a device. In use, data to be scanned is identified utilizing a first virtual machine of a device, where the device further includes at least one second virtual machine and a cache shared by the first virtual machine and the second virtual machine. Additionally, it is determined whether the data was previously scanned by the at least one second virtual machine, utilizing the cache. Furthermore, the data is conditionally scanned utilizing the first virtual machine based on the determination.
摘要:
A system, method, and computer program product are provided for hooking code inserted into an address space of a new process. In use, creation of a process is identified. Additionally, code is inserted into an address space of the process. Still yet, at least one module being loaded in association with the process is identified. Further, the code is hooked at an entry point of the at least one module based on a determination of whether the at least one module includes a predefined module.