Realtime Kernel Object Table and Type Protection
First Claim
Patent Images
1. A method for detecting malware, comprising:
- determining one or more object-oriented components of an electronic device;
trapping, at a level below all of the operating systems of the electronic device, an attempt to access an object-oriented component of the electronic device;
determining an entity causing the attempt;
accessing one or more security rules; and
based on the security rules, the entity causing the attempt, and the object-oriented component, determining whether the attempted access is indicative of malware.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for detecting malware includes determining one or more object-oriented components of an electronic device, trapping at a level below all of the operating systems of the electronic device an attempt to access an object-oriented component of the electronic device, determining an entity causing the attempt, accessing one or more security rules, and, based on the security rules, the entity causing the attempt, and the object-oriented component, determining whether the attempted access is indicative of malware.
115 Citations
18 Claims
-
1. A method for detecting malware, comprising:
-
determining one or more object-oriented components of an electronic device; trapping, at a level below all of the operating systems of the electronic device, an attempt to access an object-oriented component of the electronic device; determining an entity causing the attempt; accessing one or more security rules; and based on the security rules, the entity causing the attempt, and the object-oriented component, determining whether the attempted access is indicative of malware. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for securing an electronic device, comprising:
-
one or more memories; one or more processors coupled to the memories; an object-oriented operating system including instructions resident within the memories for execution by the processors; a plurality of object-oriented components associated with the object-oriented operating system; and one or more security agents, each including instructions resident within the memories for execution by the processors, wherein the one or more security agents are configured to; determine one or more of the object-oriented components; and trap, at a level below all of the operating systems of the electronic device, an attempt to access one of the object-oriented components of the electronic device; and access one or more security rules; and based on the security rules, the entity causing the attempt, and the object-oriented component, determine whether the attempted access is indicative of malware. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An article of manufacture, comprising:
-
a computer readable medium; computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when executed, for causing the processor to; determine one or more object-oriented components of an electronic device; trap, at a level below all of the operating systems of the electronic device, an attempt to access one of the object-oriented components; access one or more security rules; and based on the security rules, the entity causing the attempt, and the object-oriented component, determine whether the attempted access is indicative of malware. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification