PREEMPTIVE EVENT HANDLING
First Claim
1. A computerized method of preemptive event handling, comprising:
- monitoring, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device;
detecting, in run time, a first event of said plurality of events, said first event being performed by a first process of said plurality of processes on said computing device;
classifying, in run time, said first process as a malware in response to said detection of said first event; and
preventing, in run time, said first process from running on said computing device before said first event is processed by said OS.
1 Assignment
0 Petitions
Accused Products
Abstract
A computerized method of preemptive event handling, The method comprises monitoring, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device, detecting, in run time, a first event of the plurality of events, the first event being performed by a first process of the plurality of processes on the computing device, classifying, in run time, the first process as a malware in response to the detection of the first event, and preventing, in run time, the first process from running on the computing device before the first event is processed by the OS.
-
Citations
13 Claims
-
1. A computerized method of preemptive event handling, comprising:
-
monitoring, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device; detecting, in run time, a first event of said plurality of events, said first event being performed by a first process of said plurality of processes on said computing device; classifying, in run time, said first process as a malware in response to said detection of said first event; and preventing, in run time, said first process from running on said computing device before said first event is processed by said OS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system of reverting system data effected by a malware, comprising:
-
a processor; a threat monitoring module which monitors, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device and detects, in run time, a first event of said plurality of events, said first event being performed by a first process of said plurality of processes on said computing device, said threat monitoring module uses said processor to classify, in run time, said first process as a malware in response to said detection of said first event; and an event dispatcher module which prevents, in run time, said first process from running on said computing device before said first event is processed by said OS. - View Dependent Claims (12)
-
-
13. A computerized method of preemptive event handling, comprising:
-
a computer readable storage medium; first program instructions to monitor, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device; second program instructions to detect, in run time, a first event of said plurality of events, said first event being performed by a first process of said plurality of processes on said computing device; third program instructions to classify, in run time, said first process as a malware in response to said detection of said first event; and fourth program instructions to prevent, in run time, said first process from running on said computing device before said first event is processed by said OS; wherein said first, second, third, and fourth program instructions are stored on said computer readable storage medium.
-
Specification