On-Access Anti-Virus Mechanism for Virtual Machine Architecture
First Claim
1. A method for protecting a plurality of guest virtual machines (VMs) from malicious code, the plurality of guest VMs executing via a virtualization layer on a common host platform, method comprising:
- scanning data using a scan engine of an anti-virus system, the scan engine being configured to execute within the virtualization layer outside a context of a target VM, the target VM being one of the guest VMs, the scanning comprising;
receiving a scan request from a driver portion of the anti-virus system, the scan request identifying the data to be scanned;
reading the data and comparing the data with a virus signature database;
determining a result of the scanning, the result indicating whether malicious code is present in the data; and
reporting the result of the scanning back to the driver portion that requested the scan; and
protecting the target VM using a driver portion of the anti-virus system, the driver portion being configured for installation in an operating system of the target VM, the protecting comprising;
intercepting an access request to a file, wherein the access request originates within the target VM;
communicating the scan request to the scan engine, the scan request including the identification of the data to be scanned by providing information identifying a location of the data to be scanned, the data to be scanned being or corresponding to contents of the file;
receiving the result from the scan engine, andtaking remedial action when the result indicates the file contains malicious code, the remedial action including one or more of notifying a user, deleting the file, or quarantining the file.
2 Assignments
0 Petitions
Accused Products
Abstract
A tangible medium embodying instructions usable by a computer system to protect a plurality of guest virtual machines (VMs), which execute via virtualization software on a common host platform, from malicious code is described. A scan engine is configured to scan data for malicious code and determine a result of the scanning, wherein the result indicates whether malicious code is present in the data. A driver portion is configured for installation in an operating system of a target VM, which is one of the guest VMs. The driver portion intercepts an access request to a file, that originates within the target VM. The driver portion communicates information identifying a location of the data to be scanned by the scan engine without sending a copy of the data to the scan engine. The scan engine executes within the virtualization layer outside a context of the target VM.
240 Citations
33 Claims
-
1. A method for protecting a plurality of guest virtual machines (VMs) from malicious code, the plurality of guest VMs executing via a virtualization layer on a common host platform, method comprising:
-
scanning data using a scan engine of an anti-virus system, the scan engine being configured to execute within the virtualization layer outside a context of a target VM, the target VM being one of the guest VMs, the scanning comprising; receiving a scan request from a driver portion of the anti-virus system, the scan request identifying the data to be scanned; reading the data and comparing the data with a virus signature database; determining a result of the scanning, the result indicating whether malicious code is present in the data; and reporting the result of the scanning back to the driver portion that requested the scan; and protecting the target VM using a driver portion of the anti-virus system, the driver portion being configured for installation in an operating system of the target VM, the protecting comprising; intercepting an access request to a file, wherein the access request originates within the target VM; communicating the scan request to the scan engine, the scan request including the identification of the data to be scanned by providing information identifying a location of the data to be scanned, the data to be scanned being or corresponding to contents of the file; receiving the result from the scan engine, and taking remedial action when the result indicates the file contains malicious code, the remedial action including one or more of notifying a user, deleting the file, or quarantining the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A tangible medium embodying instructions usable by a computer system to protect a plurality of guest virtual machines (VMs) from malicious code, the plurality of guest VMs executing via a virtualization layer on a common host platform, the instructions comprising:
-
instructions forming a scan engine of an anti-virus system, the scan engine being configured to scan data for malicious code and determining a result of the scanning, the result indicating whether malicious code is present in the data; instructions forming a driver portion of the anti-virus system, the driver portion being configured for installation in an operating system of a target VM, the target VM being one of the guest VMs, the driver portion intercepting an access request to a file, wherein the access request originates within the target VM, the driver portion further communicating information identifying a location of the data to be scanned by the scan engine without sending a copy of the data to the scan engine, the data to be scanned being or corresponding to contents of the file, the driver portion furthermore receiving the result of the scan communicated by the scan engine; and instructions forming a communication portion of the anti-virus system, the communications portion being configured to facilitate communication between the scan engine and the driver portion; and wherein the scan engine is configured to execute within the virtualization layer outside a context of the target VM and the communication portion facilitates the communicating of the information and the result between the driver portion within the context of the target VM and the scan engine outside the context of the target VM. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification