Suspending a Running Operating System to Enable Security Scanning
First Claim
Patent Images
1. One or more computer-readable media storing computer-executable instructions that, when executed on one or more processors, performs acts comprising:
- virtualizing a processor into at least one virtual machine running a corresponding operating system; and
suspending the operating system effective to suspend progress of threads running on the operating system and effective to enable a determination of whether contents associated with the virtual machine have been improperly altered or contain malicious code.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques described herein enable virtualizing a processor into one or more virtual machines and suspending an operating system of one of the virtual machines from outside of the operating system environment. Once suspended, these techniques capture a snapshot of the virtual machine to determine a presence of malware. This snapshot may also be used to determine whether an unauthorized change has occurred within contents of the virtual machine. Remedial action may occur responsive to determining a presence of malware or an unauthorized change.
-
Citations
20 Claims
-
1. One or more computer-readable media storing computer-executable instructions that, when executed on one or more processors, performs acts comprising:
-
virtualizing a processor into at least one virtual machine running a corresponding operating system; and suspending the operating system effective to suspend progress of threads running on the operating system and effective to enable a determination of whether contents associated with the virtual machine have been improperly altered or contain malicious code. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer-readable media storing computer-executable instructions that, when executed on one or more processors, performs acts comprising:
-
receiving, at a virtual machine monitor, a request to suspend an operating system associated with a virtual machine; and suspending, by the virtual machine monitor, the operating system associated with the virtual machine, the suspending effective to enable a determination of whether contents associated with the virtual machine have been improperly altered or contain malicious code. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
- 17. One or more computer-readable media capable of suspending an operating system associated with a virtual machine and capturing a snapshot of the virtual machine at a time corresponding to the suspending, wherein the one or more computer-readable media operate outside of the operating system associated with the virtual machine.
Specification