METHOD AND APPARATUS FOR DETECTING MALICIOUS CODE IN AN INFORMATION HANDLING SYSTEM
3 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting malicious code on an information handling system includes executing malicious code detection code (MCDC) on the information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation running on the information handling system during the execution of the MCDC. The detection routines associate weights to respective executable code under investigation in response to detections of a valid program or malicious code as a function of respective detection routines. Lastly, executable code under investigation is determined a valid program or malicious code as a function of the weights associated by the detection routines. Computer-readable media and an information handling system are also disclosed.
-
Citations
72 Claims
-
1-50. -50. (canceled)
-
51. One or more computer-readable media storing program instructions executable by an information handling system to:
-
scan a plurality of programs currently running on the information handling system, wherein each of the plurality programs is scanned while running on the information handling system in a manner that permits infection of the information handling system; wherein the scan includes, for each of the plurality of programs, executing a plurality of detection routines usable to categorize that program with respect to the likelihood of that program compromising the security of the information handling system. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A method, comprising:
-
scanning a plurality of programs currently running on an information handling system, wherein each of the plurality of programs is scanned while running on the information handling system in a manner that permits infection of the information handling system, wherein the scanning includes, for each of the currently running programs, executing a plurality of detection routines usable to categorize the potential security threat presented by that program; and upon completion of execution of the plurality of detection routines for a given one of the plurality of programs, using results of the plurality of detection routings to categorize the given program into one of a set of categories, wherein the set of categories includes at least two categories indicative of malicious and valid code, respectively. - View Dependent Claims (67, 68, 69)
-
-
70. An information handling system, comprising:
-
a central processing unit (CPU); a memory storing program instructions executable by the CPU to; scan a plurality of programs currently running on the information handling system, wherein each of the plurality of programs is scanned while running on the information handling system in a manner that permits infection of the information handling system; wherein the scan includes, for each of the currently running programs, executing a plurality of detection routines usable to categorize that program with respect to the likelihood of that program compromising the security of the information handling system. - View Dependent Claims (71, 72)
-
Specification