System and method for preventing detection of a selected process running on a computer
First Claim
Patent Images
1. A method for concealing from a user a monitoring process running on a computer, comprising:
- receiving from a user a request to access a process file concerning a process running on a computer;
determining, using a processor of the computer, whether the process file relates to a monitoring process, wherein if a process file is related to the monitoring process the process file is associated with a process information pseudo file system and contains process information about the monitoring process usable to identify the existence of the monitoring process;
in the event that the process file does not relate to the monitoring process, providing the user with access to the process file; and
providing a log to a remote console using packets containing a hashed message authentication code via a connectionless protocol;
wherein in the event a packet is transmitted without the hashed message authentication code a message is received from the remote console indicating that a port used to transmit the packet is not in use.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for preventing detection of a monitoring process running on a computer. A request to access a process file concerning a process running on the computer is received from a user. It is determined whether the process file requested by the user relates to the selected process. If the requested process file does not relate to the selected process, the user is provided with access to the file.
168 Citations
19 Claims
-
1. A method for concealing from a user a monitoring process running on a computer, comprising:
-
receiving from a user a request to access a process file concerning a process running on a computer; determining, using a processor of the computer, whether the process file relates to a monitoring process, wherein if a process file is related to the monitoring process the process file is associated with a process information pseudo file system and contains process information about the monitoring process usable to identify the existence of the monitoring process; in the event that the process file does not relate to the monitoring process, providing the user with access to the process file; and providing a log to a remote console using packets containing a hashed message authentication code via a connectionless protocol; wherein in the event a packet is transmitted without the hashed message authentication code a message is received from the remote console indicating that a port used to transmit the packet is not in use. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for concealing from a user a monitoring process running on a computer, comprising:
-
a computer configured to monitor an interaction of a user with a deception environment, receive from the user a request to access a process file concerning a process running on the computer, determine whether the process file relates to a monitoring process, in the event that the process file does not relate to the monitoring process, provide the user with access to the process file, and provide a log to a remote console over a port using packets containing a hashed message authentication code via a connectionless protocol;
wherein in the event a packet is transmitted without the hashed message authentication code a message is received from the remote console indicating that a port used to transmit the packet is not in use; andwherein a determination of whether the process file is related to the monitoring process is based at least in part on whether the process file contains process information about the monitoring process usable to identify the existence of the monitoring process. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer program product for concealing from a user a selected process running on a computer, the computer program product being embodied in a computer readable storage medium comprising computer instructions for:
-
monitoring an interaction of a user with a deception environment; receiving from the user a request to access a process file concerning a process running on the computer; determining whether the process file relates to a monitoring process, wherein if the process file is related to the monitoring process the process file is associated with a process information pseudo file system and contains process information about the monitoring process usable to identify the existence of the monitoring process; in the event that the process file does not relate to the monitoring process, providing the user with access to the process file; and providing a log to a remote console over a port using packets containing a hashed message authentication code via a connectionless protocol;
wherein in the event a packet is transmitted without the hashed message authentication code a message is received from the remote console indicating that a port used to transmit the packet is not in use. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification