Method and apparatus for removing harmful software
First Claim
Patent Images
1. A method of protection from harmful software on a computer, comprising:
- tracking a set of one or more relationships among a plurality of nodes, the plurality of nodes representing;
a set of one or more processes on the computer and a set of one or more files on the computer, wherein the set of one or more relationships includes;
a first subset of one or more relationships among at least one process of the set of one or more processes and at least one file of the set of one or more files, wherein said first subset of one or more relationships excludes instance of-type relationships;
tracking a set of one or more characteristics at each node of the plurality of nodes;
based at least on the set of one or more characteristics, classifying as harmful software, at the computer, at least one node of the plurality of nodes; and
removing, at runtime, effects of the harmful software from the computer.
14 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention address the problem of removing malicious code from infected computers.
64 Citations
26 Claims
-
1. A method of protection from harmful software on a computer, comprising:
-
tracking a set of one or more relationships among a plurality of nodes, the plurality of nodes representing;
a set of one or more processes on the computer and a set of one or more files on the computer, wherein the set of one or more relationships includes;
a first subset of one or more relationships among at least one process of the set of one or more processes and at least one file of the set of one or more files, wherein said first subset of one or more relationships excludes instance of-type relationships;
tracking a set of one or more characteristics at each node of the plurality of nodes;
based at least on the set of one or more characteristics, classifying as harmful software, at the computer, at least one node of the plurality of nodes; and
removing, at runtime, effects of the harmful software from the computer. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
2. The method of clam 1, wherein said classifying is further based on at least autonomous action by the computer, including said tracking.
-
25. A computer having a method of protection from harmful software on the computer, comprising:
the computer having the method, the method including;
tracking a set of one or more relationships among a plurality of nodes, the plurality of nodes representing;
a set of one or more processes on the computer and a set of one or more files on the computer, wherein the set of one or more relationships includes;
a first subset of one or more relationships among at least one process of the set of one or more processes and at least one file of the set of one or more files, wherein said first subset of one or more relationships excludes instance of-type relationships;
tracking a set of one or more characteristics at each node of the plurality of nodes;
based at least on the set of one or more characteristics, classifying as harmful software, at the computer, at least one node of the plurality of nodes; and
removing, at runtime, effects of the harmful software from the computer.
-
26. A computer readable medium having a method of protection from harmful software on a computer, comprising:
the computer readable medium having the method, the method including;
tracking a set of one or more relationships among a plurality of nodes, the plurality of nodes representing;
a set of one or more processes on the computer and a set of one or more files on the computer, wherein the set of one or more relationships includes;
a first subset of one or more relationships among at least one process of the set of one or more processes and at least one file of the set of one or more files, wherein said first subset of one or more relationships excludes instance of-type relationships;
tracking a set of one or more characteristics at each node of the plurality of nodes;
based at least on the set of one or more characteristics, classifying as harmful software, at the computer, at least one node of the plurality of nodes; and
removing, at runtime, effects of the harmful software from the computer.
Specification