System and method for security rating of computer processes
First Claim
1. A method for security rating of a process, the method comprising:
- (a) detecting an attempt to execute a file on a computer;
(b) performing an initial risk assessment of the file;
(c) if the initial security rating is higher than a predetermined value, notifying a user;
(d) starting the process based on code in the file;
(e) monitoring the process for the suspicious activities;
(f) updating the security rating of the process when the process attempts to perform the suspicious activity;
(g) if the updated security rating exceeds a first threshold, notifying a user and continuing execution of the process; and
(h) if the updated security rating exceeds a second threshold, blocking the process'"'"' access to computer resources.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and computer program product for secure rating of processes in an executable file for malware presence comprising: (a) detecting an attempt to execute a file on a computer; (b) performing an initial risk assessment of the file; (c) starting a process from code in the file; (d) analyzing an initial risk pertaining to the process and assigning an initial security rating to the process; (e) monitoring the process for the suspicious activities; (f) updating the security rating of the process when the process attempts to perform the suspicious activity; (g) if the updated security rating exceeds a first threshold, notifying a user and continuing execution of the process; and (h) if the updated security rating exceeds a second threshold, blocking the action and terminating the process.
285 Citations
19 Claims
-
1. A method for security rating of a process, the method comprising:
-
(a) detecting an attempt to execute a file on a computer; (b) performing an initial risk assessment of the file; (c) if the initial security rating is higher than a predetermined value, notifying a user; (d) starting the process based on code in the file; (e) monitoring the process for the suspicious activities; (f) updating the security rating of the process when the process attempts to perform the suspicious activity; (g) if the updated security rating exceeds a first threshold, notifying a user and continuing execution of the process; and (h) if the updated security rating exceeds a second threshold, blocking the process'"'"' access to computer resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for security rating of a process, the system comprising:
-
a processor; memory coupled to the processor; a plurality of risk analysis factors maintained by the system; a plurality of weights, maintained by the system, corresponding to the risk analysis factors; an antivirus program loaded into the memory that assigns an initial security rating based on the risk assessment by comparison of file attributes with the risk analysis factors and weights, and notifies a user if the initial security rating is higher than a predetermined value; a process executing on the processor based on code in the file; wherein the antivirus program continuously monitors the processes for suspicious activities and updates the security rating of the process when the process attempts to perform a suspicious activity; wherein the antivirus program notifies the user and continues execution of the process if the updated security rating exceeds a first threshold; and wherein the antivirus program blocks the process access to computer resources if the updated security rating exceeds a second threshold.
-
Specification