System and method for kernel-level pestware management
First Claim
Patent Images
1. A method for managing pestware on a protected computer comprising:
- rerouting a call to create a process to a kernel-level process monitor;
identifying a file associated with the process;
analyzing the file so as to determine whether the file is a pestware file; and
preventing, in response to the file being identified as a pestware file, the process from being created.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for managing pestware on a protected computer are described. One embodiment is configured to reroute a call to create a process to a kernel-level process monitor, identify a file associated with the process and analyze the file so as to determine whether the file is a pestware file. If the file is a pestware file, then the process is prevented from being created. In variations, the kernel-level process monitor is a kernel-mode driver adapted to communicate with a pestware application residing in a user-level of memory.
-
Citations
19 Claims
-
1. A method for managing pestware on a protected computer comprising:
-
rerouting a call to create a process to a kernel-level process monitor;
identifying a file associated with the process;
analyzing the file so as to determine whether the file is a pestware file; and
preventing, in response to the file being identified as a pestware file, the process from being created. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system of managing pestware, comprising:
-
a pestware detection module configured to analyze a file of a protected computer so as to determine whether the file is associated with pestware; and
a kernel-level process monitor configured to notify the pestware detection module of an attempt to create a process that is associated with the file; and
prevent the process from being created in response to the pestware detection module identifying the file as being associated with pestware. - View Dependent Claims (9, 10, 11)
-
-
12. A computer readable medium encoded with instructions for managing pestware on a protected computer, the instructions comprising instructions for:
-
generating a kernel-level process monitor at the protected computer; and
altering an operating system of the protected computer so as to reroute a call to create a process from the operating system to the kernel-level process monitor;
wherein the kernel-level process monitor is configured to prevent the process from being created in response to a file corresponding to the process being identified as a pestware file. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification