Systems and methods for classifying an unclassified process as a potential trusted process based on dependencies of the unclassified process
First Claim
1. A computer-implemented method for classifying an unclassified process as a potentially trusted process based on dependencies of the unclassified process, comprising:
- identifying a component loaded by the unclassified process;
determining whether software code from the unclassified process depends on the component loaded by the unclassified process in order to execute, wherein the determining comprises, at least in part, identifying a file system directory in which the unclassified process is located and a file system directory in which the loaded component is located; and
upon determining that the software code from the unclassified process depends on the loaded component in order to execute, classifying the unclassified process as a potentially trusted process.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for classifying an unclassified process as a potentially trusted process based on dependencies of the unclassified process is described. A component loaded by the unclassified process is identified. A determination is made as to whether a hard dependency exists between the unclassified process and the loaded component. A hard dependency exists if the unclassified process depends on the loaded component in order to execute. The unclassified process is classified as a potentially trusted process if a hard dependency exists between the unclassified process and the loaded component.
30 Citations
18 Claims
-
1. A computer-implemented method for classifying an unclassified process as a potentially trusted process based on dependencies of the unclassified process, comprising:
-
identifying a component loaded by the unclassified process; determining whether software code from the unclassified process depends on the component loaded by the unclassified process in order to execute, wherein the determining comprises, at least in part, identifying a file system directory in which the unclassified process is located and a file system directory in which the loaded component is located; and upon determining that the software code from the unclassified process depends on the loaded component in order to execute, classifying the unclassified process as a potentially trusted process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system configured to classify an unclassified process as a potentially trusted process based on dependencies of the unclassified process, comprising:
-
a processor; memory in electronic communication with the processor; instructions stored in the memory, the instructions being executable by the processor to; identify a component loaded by the unclassified process; determine whether software code from the unclassified process depends on the component loaded by the unclassified process in order to execute, wherein the instruction to determine comprises, at least in part, an instruction to identify a file system directory in which the unclassified process is located and a file system directory in which the loaded component is located; and upon determining that the software code from the unclassified process depends on the loaded component in order to execute, classify the unclassified process as a potentially trusted process. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-program product for classifying an unclassified process as a potentially trusted process based on dependencies of the unclassified process, the computer-program product comprising a non-transitory computer-readable medium storing instructions thereon, the instructions being executable by the processor to:
-
identify a component loaded by the unclassified process; determine whether software code from the unclassified process depends on the component loaded by the unclassified process in order to execute, wherein the instruction to determine comprises, at least in part, an instruction to identify a file system directory in which the unclassified process is located and a file system directory in which the loaded component is located; and upon determining that the software code from the unclassified process depends on the loaded component in order to execute, classify the unclassified process as a potentially trusted process. - View Dependent Claims (18)
-
Specification