PREVENTING AND RESPONDING TO DISABLING OF MALWARE PROTECTION SOFTWARE
First Claim
1. A computer-implemented method, comprising:
- monitoring, by a first computer, for attempts to disable a malware protection program;
in response to monitoring an attempt to disable the malware protection program;
identifying, by the first computer, a first process that generated the attempt to disable the malware protection program;
preventing, by the first computer, the first process from disabling the malware protection program;
determining, by the first computer, whether the first process is an approved process;
in response to determining that the first process is an approved process, providing, by the first computer, a user prompt to terminate the first process; and
in response to determining that the first process is not an approved process, performing, by the first computer, one or more protection processes on the first process.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for responding to an attempt to disable a malware protection program and performing an identification process and one or more protection processes to prevent the execution of potentially malicious code. In one aspect, a method includes monitoring for attempts to disable a malware protection program, identifying a process that generated an attempt to disable the malware protection program, determining whether the process is an approved process, and in response, performing one or more protection processes on the process so as to prevent the execution of potentially malicious code.
39 Citations
17 Claims
-
1. A computer-implemented method, comprising:
-
monitoring, by a first computer, for attempts to disable a malware protection program; in response to monitoring an attempt to disable the malware protection program; identifying, by the first computer, a first process that generated the attempt to disable the malware protection program; preventing, by the first computer, the first process from disabling the malware protection program; determining, by the first computer, whether the first process is an approved process; in response to determining that the first process is an approved process, providing, by the first computer, a user prompt to terminate the first process; and in response to determining that the first process is not an approved process, performing, by the first computer, one or more protection processes on the first process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer storage medium encoded with a computer program, the program comprising instructions that when executed by data processing apparatus cause the data processing apparatus to perform operations comprising:
-
monitoring for attempts to disable a malware protection program; in response to monitoring an attempt to disable the malware protection program; identifying a first process that generated the attempt to disable the malware protection program; preventing the first process from disabling the malware protection program; determining whether the first process is an approved process; in response to determining that the first process is an approved process, providing a user prompt to terminate the first process; and in response to determining that the first process is not an approved process, performing one or more protection processes on the first process. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification