Negative light-weight rules
First Claim
1. A method for securing an electronic device, comprising:
- trapping, at a level below all of the operating systems of an electronic device, a first attempt to access sensitive system resources of the electronic device;
identifying the first attempt as malicious;
trapping, at a level below all of the operating systems of an electronic device, a second attempt to access sensitive system resources of the electronic device, the second attempt trapped after the first attempt, the first attempt and second attempt originating from code of the same operating entity;
identifying the second attempt as malicious;
comparing the sequence of the first attempt and second attempt against a first anti-malware rule, the first anti-malware rule including a requirement of a sequence of attempts including the first attempt followed by the second attempt; and
based on the comparison of the sequence of the first attempt and second attempt against the first anti-malware rule, allowing the second attempt.
10 Assignments
0 Petitions
Accused Products
Abstract
A method for securing an electronic device includes, at a level below all of the operating systems of an electronic device, trapping a first attempt and second attempt to access sensitive system resources of the electronic device. The method also includes identifying the first attempt and second attempt as representing a potential malware attack, comparing the sequence of the first attempt and second attempt against a first anti-malware rule, and, based on the comparison of the sequence of the first attempt and second attempt against the first anti-malware rule, allowing the second attempt. The first attempt and second attempt originate from code of the same operating entity. The first anti-malware rule includes a requirement of a sequence of attempts including the first attempt followed by the second attempt.
-
Citations
16 Claims
-
1. A method for securing an electronic device, comprising:
-
trapping, at a level below all of the operating systems of an electronic device, a first attempt to access sensitive system resources of the electronic device; identifying the first attempt as malicious; trapping, at a level below all of the operating systems of an electronic device, a second attempt to access sensitive system resources of the electronic device, the second attempt trapped after the first attempt, the first attempt and second attempt originating from code of the same operating entity; identifying the second attempt as malicious; comparing the sequence of the first attempt and second attempt against a first anti-malware rule, the first anti-malware rule including a requirement of a sequence of attempts including the first attempt followed by the second attempt; and based on the comparison of the sequence of the first attempt and second attempt against the first anti-malware rule, allowing the second attempt. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for securing an electronic device, comprising:
-
a memory; a processor; a plurality of sensitive system resources; and one or more security agents including instructions resident in the memory and operable for execution by the processor, wherein; one of the security agents is configured to; trap, at a level below all of the operating systems of the electronic device, a first attempt to access one of the sensitive system resources; and trap, at a level below all of the operating systems of the electronic device, a second attempt to access one of the sensitive system resources, the second attempt trapped after the first attempt, the first attempt and second attempt originating from code of the same operating entity; and one of the security agents is configured to; identify the first attempt as malicious; identify the second attempt as malicious; compare the sequence of the first attempt and second attempt against a first anti-malware rule, the first anti-malware rule including a requirement of a sequence of attempts including the first attempt followed by the second attempt; and based on the comparison of the sequence of the first attempt and second attempt against the first anti-malware rule, allow the second attempt. - View Dependent Claims (8, 9, 10, 11)
-
-
12. At least one non-transitory computer readable medium, comprising
computer-executable instructions, the instructions readable by a processor, the instructions, when executed, for causing the processor to: -
trap, at a level below all of the operating systems of an electronic device, a first attempt to access one of a plurality of sensitive system resources of the electronic device; and trap, at a level below all of the operating systems of the electronic device, a second attempt to access one of the sensitive system resources, the second attempt trapped after the first attempt, the first attempt and second attempt originating from code of the same operating entity; and identify the first attempt as malicious; identify the second attempt as malicious; compare the sequence of the first attempt and second attempt against a first anti-malware rule, the first anti-malware rule including a requirement of a sequence of attempts including the first attempt followed by the second attempt; and based on the comparison of the sequence of the first attempt and second attempt against the first anti-malware rule, allow the second attempt. - View Dependent Claims (13, 14, 15, 16)
-
Specification