Method, System, and Computer Program Product for Malware Detection, Analysis, and Response
First Claim
1. A computerized method for detecting malware by observing behavior of a computer system in actual program execution from outside of a host operating system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and computer program product for detecting malware from outside the host operating system using a disk, virtual machine, or combination of the two. The method, system, and computer program product detects malware at the disk level while computer files in the host operating system are in actual program execution by identifying characteristic malware properties and behaviors associated with the disk requests made. The malware properties and behaviors are identified by using rules that can reliably detect file-infecting viruses. The method, system, and computer program product also uses the disk processor to provide accelerated scanning of virus signatures, which substantially decreases overhead incurred on the host operating system by existing malware detection techniques. In the event that malware is detected, the method, system, and computer program product can respond by limiting the negative effects caused by the malware and help the system recover to its normal state.
119 Citations
63 Claims
- 1. A computerized method for detecting malware by observing behavior of a computer system in actual program execution from outside of a host operating system.
- 17. A computerized detection system for detecting malware, wherein said computerized detection system observes behavior of a host computer system in actual program execution from outside of a host operating system of the host computer system.
-
33. A computer program product comprising a computer useable medium having a computer program logic for enabling one processor to detect malware, said computer program logic comprising:
observing behavior of a computer system in actual program execution from outside of a host operating system. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- 49. A computerized method for detecting malware by using a computer disk to accelerate malware signature scanning from outside of a host operating system.
- 54. A computerized detection system for detecting malware, wherein said computerized detection system using a computer disk to accelerate malware signature scanning from outside of a host operating system of the host computer system.
-
59. A computer program product Comprising a computer useable medium having a computer program logic for enabling one processor to detect malware, said computer program logic comprises:
using a computer disk to accelerate malware signature scanning from outside of a host operating system. - View Dependent Claims (60, 61, 62, 63)
Specification