×

Code injection technique for remediation at an endpoint of a network

  • US 10,474,813 B1
  • Filed: 10/23/2015
  • Issued: 11/12/2019
  • Est. Priority Date: 03/31/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving an object at an endpoint on a network,determining, by a virtual machine monitor, at least whether the object is suspicious as including possible malware configured to attempt a modification of one or more kernel resources;

    instantiating, by the virtual machine monitor, a virtual machine as a container including an operating system process executing contents of the object, the operating system process to access one or more kernel resources;

    monitoring one or more operations of the operating system process included in the virtual machine as the operating system process accesses the one or more kernel resources of the endpoint; and

    injecting code into a portion of memory associated with an address space of the operating system process during instrumentation of the virtual machine, the injected code being configured to remediate the modification of the one or more kernel resources accessed by the operating system process by restoring an original state of the one or more kernel resources without terminating the operating system process.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×