Windows registry modification verification
First Claim
1. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by a processor:
- prepare entry data of a registry entry for a computer system;
create one or more identifiers based on the entry data, wherein the one or more identifiers indicate an attempted change to a registry of the computer system;
package the one or more identifiers;
send the packaged one or more identifiers to a client for verification, wherein the client comprises software configured to process the one or more identifiers in order to determine whether the registry entry is authorized and whether the registry entry is associated with data that is free from malware,wherein the one or more identifiers are merged with at least one other identifier of a different registry entry in order to package the one or more identifiers and the at least one other identifier as either desirable or undesirable registry entries.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and system is provided by which unauthorized changes to the registry may be detected and that provides the capability to verify whether registry, or other system configuration data, changes that occur on a computer system are undesirable or related to possible malware attack before the changes become effective or are saved on the system. A method for verifying changes to system configuration data in a computer system comprises generating an identifier representing an entry in the system configuration data, packaging the identifier, and sending the packaged identifier to a client for verification. The identifier may be generated by hashing the first portion of the entry and the second portion of the entry to generate the identifier, or by filtering the first portion of the entry and hashing the filtered first portion of the entry and the second portion of the entry to generate the identifier.
-
Citations
20 Claims
-
1. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by a processor:
-
prepare entry data of a registry entry for a computer system; create one or more identifiers based on the entry data, wherein the one or more identifiers indicate an attempted change to a registry of the computer system; package the one or more identifiers; send the packaged one or more identifiers to a client for verification, wherein the client comprises software configured to process the one or more identifiers in order to determine whether the registry entry is authorized and whether the registry entry is associated with data that is free from malware, wherein the one or more identifiers are merged with at least one other identifier of a different registry entry in order to package the one or more identifiers and the at least one other identifier as either desirable or undesirable registry entries. - View Dependent Claims (2, 3, 4, 5, 6, 7, 18)
-
-
8. A method for verifying changes to a registry in a computer system comprising:
-
preparing entry data of a registry entry for a computer system; creating one or more identifiers based on the entry data, wherein the one or more identifiers indicate an attempted change to a registry of the computer system; packaging the one or more identifiers; sending the packaged one or more identifiers to a client for verification, wherein the client comprises software configured to process the one or more identifiers in order to determine whether the registry entry is authorized and whether the registry entry is associated with data that is free from malware, wherein the one or more identifiers are merged with at least one other identifier of a different registry entry in order to package the one or more identifiers and the at least one other identifier as either desirable or undesirable registry entries. - View Dependent Claims (9, 10, 11, 19)
-
-
12. A system for verifying changes to a registry in a computer system, comprising:
-
a memory configured to store data; a processor configured to execute instructions associated with the data, wherein the instructions, when executed by the processor; prepare entry data of a registry entry for a computer system; create one or more identifiers based on the entry data, wherein the one or more identifiers indicate an attempted change to a registry of the computer system; package the one or more identifiers; send the packaged one or more identifiers to a client for verification, wherein the client comprises software configured to process the one or more identifiers in order to determine whether the registry entry is authorized and whether the registry entry is associated with data that is free from malware, wherein the one or more identifiers are merged with at least one other identifier of a different registry entry in order to package the one or more identifiers and the at least one other identifier as either desirable or undesirable registry entries. - View Dependent Claims (13, 14, 15, 16, 17, 20)
-
Specification