Method and apparatus for automatically protecting a computer against a harmful program
First Claim
Patent Images
1. A method for automatically protecting a computer, comprising:
- restricting an object program from accessing some resources in a computer system based on predetermined resource access rules;
scanning computer resources accessed by the object program to determine whether the accessed computer resources are infected by the object program;
analyzing malicious behaviors based on behavior characteristics of the object program to determine whether the object program is a harmful program;
creating a new resource access rule based on results of the scanning step, the analyzing step, or both, wherein when the analyzing step determines that the object program is a harmful program, the created new resource access rule includes instructions for disallowing a program file associated with the harmful object program from being started by any program; and
automatically adding the new resource access rule created to the predetermined resource access rules.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention discloses a method and apparatus for automatically protecting computers against harmful programs. The method comprises: restricting an object program from accessing some resources in a computer system based on predetermined resource access rules; scanning computer resources accessed by the object program to determine whether the accessed computer resources are infected by the object program; and analyzing malicious behaviors based on behavior characteristics of the object program to determine whether the object program is a harmful program.
14 Citations
12 Claims
-
1. A method for automatically protecting a computer, comprising:
-
restricting an object program from accessing some resources in a computer system based on predetermined resource access rules; scanning computer resources accessed by the object program to determine whether the accessed computer resources are infected by the object program; analyzing malicious behaviors based on behavior characteristics of the object program to determine whether the object program is a harmful program; creating a new resource access rule based on results of the scanning step, the analyzing step, or both, wherein when the analyzing step determines that the object program is a harmful program, the created new resource access rule includes instructions for disallowing a program file associated with the harmful object program from being started by any program; and automatically adding the new resource access rule created to the predetermined resource access rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a processor, wherein the processor is configured to; restrict an object program from accessing some resources in a computer system based on predetermined resource access rules; scan computer resources accessed by the object program to determine whether the accessed computer resources are infected by the object program; and analyze malicious behaviors based on behavior characteristics of the object program to determine whether the object program is a harmful program; create a new resource access rule based on results of scanning the computer resources, analyzing the malicious behaviors, or both, wherein when the analyzing determines that the object program is a harmful program, the created new resource access rule includes instructions for disallowing a program file associated with the harmful object program from being started by any program; and automatically add the created new resource access rule to the predetermined resource access rules. - View Dependent Claims (11, 12)
-
Specification