SYSTEM AND METHOD FOR BELOW-OPERATING SYSTEM TRAPPING OF DRIVER LOADING AND UNLOADING
First Claim
1. A system for protecting an electronic device against malware, comprising:
- a memory;
an operating system configured to execute on the electronic device;
a below-operating-system security agent configured to;
trap an attempted access of one or more resources of the operating system, the attempted access comprising an attempted loading or unloading of a driver in the operating system;
access one or more security rules to determine whether the attempted access is indicative of malware; and
operate at a level below all of the operating systems of the electronic device accessing the one or more resources.
10 Assignments
0 Petitions
Accused Products
Abstract
A system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access of one or more resources of the operating system, access one or more security rules to determine whether the attempted access is indicative of malware, operate at a level below all of the operating systems of the electronic device accessing the one or more resources. The attempted access includes an attempted loading or unloading of a driver in the operating system.
72 Citations
21 Claims
-
1. A system for protecting an electronic device against malware, comprising:
-
a memory; an operating system configured to execute on the electronic device; a below-operating-system security agent configured to; trap an attempted access of one or more resources of the operating system, the attempted access comprising an attempted loading or unloading of a driver in the operating system; access one or more security rules to determine whether the attempted access is indicative of malware; and operate at a level below all of the operating systems of the electronic device accessing the one or more resources. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for protecting an electronic device against malware, comprising:
-
trapping an attempted access of one or more resources of an operating system, the attempted access comprising an attempted loading or unloading of a driver in the operating system; and accessing one or more security rules to determine whether the attempted access is indicative of malware; wherein the trapping of the attempted access and determining whether the attempted access is indicative of malware are conducted at a level below all of the operating systems of the electronic device accessing the one or more resources. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An article of manufacture, comprising:
-
a computer readable medium; and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to; trap an attempted access of one or more resources of an operating system, the attempted access comprising an attempted loading or unloading of a driver in the operating system; and access one or more security rules to determine whether the attempted access is indicative of malware; wherein the trapping of the attempted access and determining whether the attempted access is indicative of malware are conducted at a level below all of the operating systems of the electronic device accessing the one or more resources. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification