Malware protection
First Claim
Patent Images
1. A method of protecting a computer system from malware, which malware attempts to prevent detection or analysis when executed in an emulated computer system, the method comprising:
- determining if an executable file should be identified as being legitimate; and
if not, executing the executable file whilst providing indications to the executable file that it is being executed within an emulated computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
According to a first aspect of the present invention there is provided a method of protecting a computer system from malware, which malware attempts to prevent detection or analysis when executed in an emulated computer system. The method comprises determining if an executable file should be identified as being legitimate and, if not, executing the executable file whilst providing indications to the executable file that it is being executed within an emulated computer system.
-
Citations
27 Claims
-
1. A method of protecting a computer system from malware, which malware attempts to prevent detection or analysis when executed in an emulated computer system, the method comprising:
-
determining if an executable file should be identified as being legitimate; and if not, executing the executable file whilst providing indications to the executable file that it is being executed within an emulated computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system comprising:
-
a memory, the memory storing an executable file; and a processor for determining if the executable file should be identified as being legitimate, and, if it is determined that the executable file should not be identified as being legitimate, for executing the executable file in the computer system whilst providing indications to the executable file that it is being executed within an emulated computer system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of detecting potential malware, the method comprising:
-
executing an executable file whilst providing indications to the executable file that it is being executed within an emulated computer system; monitoring the behaviour of the executable file; and determining if this behaviour corresponds with that expected of malware executed in an emulated computer system. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A computer system comprising:
-
a memory, the memory storing an executable file; and a processor for executing an executable file whilst providing indications to the executable file that it is being executed within an emulated computer system, for monitoring the behaviour of the executable file, and for determining if this behaviour corresponds with that expected of malware executed in an emulated computer system.
-
-
22. A method of maintaining a database of information relating to executable files, the database including values representing the legitimacy of each executable file, for the purpose of enabling any of a plurality of computer devices to determine if an executable file should be identified as being legitimate, the method comprising:
at a network based service, receiving data regarding an executable file from a computer device of the plurality of computer devices that has executed the executable file, using the data to determine a value representing the legitimacy of the executable file, and providing the value to any of the plurality of computer devices. - View Dependent Claims (23, 24, 25, 26)
-
27. A server for use in maintaining database of information relating to executable files, the database including values representing the legitimacy of each executable file, for the purpose of enabling any of a plurality of computer devices to determine if an executable file should be identified as being legitimate, the server comprising:
-
a receiver for receiving data regarding an executable file from one or more of a plurality of computer devices that have executed the executable file; a processor for using the data to determine a value representing the legitimacy of the executable file; and a transmitter for providing the value to one or more of the plurality of computer devices.
-
Specification