×

System and method for proactive computer virus protection

  • US 7,376,970 B2
  • Filed: 02/20/2004
  • Issued: 05/20/2008
  • Est. Priority Date: 02/20/2004
  • Status: Expired due to Fees
First Claim
Patent Images

1. A computer-implementable method for determining the behavior of an executable comprising:

  • selecting evaluation calls made by the executable to the interface of an operating system;

    loading stubs into a virtual address space, the stubs;

    mirroring the calls made to the interface of an operating system wherein mirroring the calls made to the interface of the operating system includes mirroring a set of full implemented DLLs; and

    determining a behavior signature for the selected calls;

    wherein the calls are included in dynamic link libraries (DLLs) and wherein loading stubs include loading stub DLLs into said virtual address space;

    executing the selected calls inside of a virtual operating environment using the loaded stubs dynamically linked libraries; and

    determining the behavior signatures resulting from said execution of the selected calls inside of a virtual operating environment.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×