摘要:
A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.
摘要:
A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.
摘要:
A system, method, and computer program product are provided for processing a task utilizing a virtual machine as a function of an aspect of another virtual machine. In use, a task to be processed is identified. Furthermore, the task is processed utilizing at least one virtual machine located in a device as a function of at least one aspect of at least one other virtual machine located on the device.
摘要:
A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data.
摘要:
A system, method, and computer program product are provided for scanning data utilizing one of a plurality of virtual machines of a device. In use, data to be scanned is identified utilizing a first virtual machine of a device, where the device further includes at least one second virtual machine and a cache shared by the first virtual machine and the second virtual machine. Additionally, it is determined whether the data was previously scanned by the at least one second virtual machine, utilizing the cache. Furthermore, the data is conditionally scanned utilizing the first virtual machine based on the determination.
摘要:
A system, method, and computer program product are provided for scanning data utilizing one of a plurality of virtual, machines of a device. In use, data to be scanned is identified utilizing a first virtual machine of a device, where the device further includes at least one second virtual machine and a cache shared by the first virtual machine and the second virtual machine. Additionally, it is determined whether the data was previously scanned by the at least one second virtual machine, utilizing the cache. Furthermore, the data is conditionally scanned utilizing the first virtual machine based on the determination.
摘要:
A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data.
摘要:
Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application. The behavioral analysis module also monitors execution of the executable application to determine whether the execution environment can be changed.
摘要:
Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application. The behavioral analysis module also monitors execution of the executable application to determine whether the execution environment can be changed.
摘要:
The invention is an apparatus and computer method for controlling the operation of a computer running under an operating system such as WINDOWS.RTM. 95 and WINDOWS.RTM. NT operating system, or their like, that do not require a footprint in the programs running under the operating system. A program, hereinafter referred to as CrashGuard.TM., is stored and installed in a computer thereby being established as the "debugger" in the user's systems. Once so established CrashGuard.TM. may be stored elsewhere then the computer memory. Whenever a fatal error occurs the "Just in Time" debugging facility of the WINDOWS.RTM. 95 and WINDOWS.RTM. NT operating system, or their like, will suspend the target program, will load CrashGuard.TM. as the designated "debugger" into memory space not allocated to the target program, identifies the target program to CrashGuard.TM. and executes CrashGuard.TM.. CrashGuard.TM. will cause additional memory space to be added to the virtual memory of the target program. Thereafter CrashGuard.TM. will store into the additional memory space a routine that will allow the user to take such actions as to execute a Save or Save As command thereby not losing data that would otherwise have been lost.