Malware detection by application monitoring
First Claim
1. A method of detecting malware on a computer system, the method comprising:
- monitoring the behaviour of trusted applications running on the computer system and, in the event that one or more unexpected behaviours of an application is detected, identifying a file or files responsible for the unexpected behaviour.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of detecting malware on a computer system. The method comprises monitoring the behaviour of trusted applications running on the computer system and, in the event that unexpected behaviour of an application is detected, identifying a file or files responsible for the unexpected behaviour and tagging the file(s) as malicious or suspicious. The unexpected behaviour of the application may comprise, for example, dropping executable files, performing modifications to a registry branch which is not a registry branch of the application, reading a file type class which is not a file type class of the application, writing portable executable (PE) files, and crashing and re-starting of the application.
-
Citations
14 Claims
-
1. A method of detecting malware on a computer system, the method comprising:
monitoring the behaviour of trusted applications running on the computer system and, in the event that one or more unexpected behaviours of an application is detected, identifying a file or files responsible for the unexpected behaviour. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- 9. A computer comprising an application monitor for monitoring the behaviour of trusted applications running on the computer and, in the event that unexpected behaviour of an application is detected, for identifying a file or files responsible for the unexpected behaviour.
-
11. A computer program for causing a computer to perform the steps of:
-
monitoring the behaviour of trusted applications running on the computer; detecting one or more unexpected behaviours of an application; and identifying a file or files responsible for the unexpected behaviour(s). - View Dependent Claims (12)
-
-
13. A computer storage medium having stored thereon instructions for causing a computer to:
-
monitor the behaviour of trusted applications running on the computer system; detect one or more unexpected behaviours of an application; and identify a file or files responsible for the unexpected behaviour(s). - View Dependent Claims (14)
-
Specification