Protecting anti-malware processes
First Claim
Patent Images
1. A method comprising:
- signing an anti-malware driver by one or more computing devices with a signature verifiable to determine authenticity of the anti-malware driver through comparison of the signature to a verified signature from a trusted source to determine if the anti-malware driver originated from the trusted source;
based on the verified signature, associating the anti-malware driver with at least one of a plurality of protection levels associated with anti-malware process protection techniques of the anti-malware driver, the plurality of protection levels defining which processes are permitted access to the anti-malware driver during execution by a computing device; and
providing the anti-malware driver by the one or more computing devices to the computing device for execution.
3 Assignments
0 Petitions
Accused Products
Abstract
Anti-malware process protection techniques are described. In one or more implementations, an anti-malware driver is signed using a hash that identifies a manufacturer of the anti-malware driver. The anti-malware driver is then provided to a computing device. The anti-malware driver may be assigned a protection level based on an agreement between the anti-malware manufacturer and an operating system manufacturer, and this protection level effects the operation of the anti-malware program on the computing device.
20 Citations
20 Claims
-
1. A method comprising:
-
signing an anti-malware driver by one or more computing devices with a signature verifiable to determine authenticity of the anti-malware driver through comparison of the signature to a verified signature from a trusted source to determine if the anti-malware driver originated from the trusted source; based on the verified signature, associating the anti-malware driver with at least one of a plurality of protection levels associated with anti-malware process protection techniques of the anti-malware driver, the plurality of protection levels defining which processes are permitted access to the anti-malware driver during execution by a computing device; and providing the anti-malware driver by the one or more computing devices to the computing device for execution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing device comprising:
-
one or more processors; one or more modules implemented at least partially in hardware and configured to cause the one or more processors to perform operations comprising; signing an anti-malware driver with a signature verifiable to determine authenticity of the anti-malware driver through comparing the signature to a verified signature from a trusted source to determine if the anti-malware driver originated from the trusted source; based on the verified signature, associating the anti-malware driver with at least one of a plurality of protection levels associated with anti-malware process protection techniques of the anti-malware drive, the plurality of protection levels defining which processes of a computing device are permitted to gain an invasive handle to a process executing the anti-malware driver; and
providing the anti-malware driver to the computing device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more computer-readable storage media comprising instructions stored thereon that, responsive to execution by computing device, cause the computing device to perform operations comprising:
-
signing a platform independent anti-malware driver with a signature utilizing a hash that identifies a manufacturer of the anti-malware driver, the signature being verifiable to determine authenticity of the anti-malware driver by comparing the signature to a verified signature from the manufacturer to determine if the anti-malware driver originated from the manufacturer; associating the anti-malware driver with a protection level based at least in part on an agreement between the manufacturer of the anti-malware driver and a manufacturer of an operating system, the associated protection level taken from a plurality of protection levels that define which processes are permitted access to the anti-malware driver during execution by a computing device; and providing the anti-malware driver to the computing device. - View Dependent Claims (20)
-
Specification