MALWARE MANAGEMENT THROUGH KERNEL DETECTION
First Claim
1. A method for managing pestware on a computer comprising:
- starting a boot sequence, the boot sequence including a period when boot drivers are initialized;
initiating a kernel-level monitor during the period when boot drivers are initialized;
monitoring, while the boot sequence is being carried out, events with the kernel-level monitor; and
managing pestware-related events with the kernel-level monitor before a period in the boot sequence when native applications are capable of running.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing pestware on a protected computer is described. The method in one variation includes starting a boot sequence that includes a period when boot drivers are initialized, initiating a kernel-level monitor during the period when boot drivers are initialized, monitoring events with the kernel-level monitor during the boot sequence and managing pestware-related events with the kernel-level monitor before a period in the boot sequence when native applications are capable of running. In variations, a pestware management engine is initialized after an operating system of the protected computer is initialized and the pestware management system both receives an event log of the monitored events and compiles the set of behavior rules utilized by kernel-level monitor.
121 Citations
20 Claims
-
1. A method for managing pestware on a computer comprising:
-
starting a boot sequence, the boot sequence including a period when boot drivers are initialized; initiating a kernel-level monitor during the period when boot drivers are initialized; monitoring, while the boot sequence is being carried out, events with the kernel-level monitor; and managing pestware-related events with the kernel-level monitor before a period in the boot sequence when native applications are capable of running. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for managing pestware on a protected computer comprising:
-
a kernel-level monitor configured to be initialized before at least a portion of boot drivers on the protected computer are initialized and to monitor, according to a set of behavior rules, activities on the protected computer before a period in a boot sequence of the protected computer when native applications are capable of running; and a pestware management engine configured to both be initialized after an operating system of the protected computer is initialized and to compile the set of behavior rules. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification