Method and system for isolating suspicious email
First Claim
Patent Images
1. A method for detecting malicious programs, the method comprising:
- determining whether an object is suspicious;
opening the suspicious object in a disposable, secure, single purpose VM (virtual machine) session; and
detecting indications of malicious behavior when the suspicious object is opened within the VM session.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for detecting malicious programs, the method includes determining whether an object is suspicious, opening the suspicious object in a disposable, secure, single purpose VM (virtual machine) session and detecting indications of malicious behavior when the suspicious object is opened within the VM session.
85 Citations
84 Claims
-
1. A method for detecting malicious programs, the method comprising:
-
determining whether an object is suspicious;
opening the suspicious object in a disposable, secure, single purpose VM (virtual machine) session; and
detecting indications of malicious behavior when the suspicious object is opened within the VM session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for detecting malicious programs comprising:
-
a determining system for determining whether an object is suspicious;
an opening system for opening the suspicious object in a disposable, secure, single purpose VM (virtual machine) session; and
a detecting system for detecting indications of malicious behavior when the suspicious object is opened within the VM session. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A computer storage medium including computer executable code for detecting malicious programs, comprising:
-
code for determining whether an object is suspicious;
code for opening the suspicious object in a disposable, secure, single purpose VM (virtual machine) session; and
code for detecting indications of malicious behavior when the suspicious object is opened within the VM session. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84)
-
Specification