Protecting anti-malware processes
First Claim
Patent Images
1. A method comprising:
- launching an anti-malware process associated with an anti-malware drive;
verifying the anti-malware process based at least in part on certificates contained in the anti-malware driver;
responsive to extracting the certificates from the anti-malware driver, registering the certificates with an operating system;
assigning a protection level defined by a signer and a protection type to the process based at least in part on said verification of the anti-malware process, wherein the anti-malware process has a higher protection level if both the signer and the protection type associated with the anti-malware process have a higher protection level than a signer and a protection type associated with another process; and
preventing the user from altering the anti-malware process, the altering including terminating the anti-malware process, injecting code, or loading binaries related to the anti-malware process.
2 Assignments
0 Petitions
Accused Products
Abstract
Anti-malware process protection techniques are described. In one or more implementations, an anti-malware process is launched. The anti-malware process is verified based at least in part on an anti-malware driver that contains certificates which contain an identity that is signed with the trusted certificate from a verified source. After the anti-malware process is verified, the anti-malware process may be assigned a protection level, and an administrative user may be prevented from altering the anti-malware process.
20 Citations
19 Claims
-
1. A method comprising:
-
launching an anti-malware process associated with an anti-malware drive; verifying the anti-malware process based at least in part on certificates contained in the anti-malware driver; responsive to extracting the certificates from the anti-malware driver, registering the certificates with an operating system; assigning a protection level defined by a signer and a protection type to the process based at least in part on said verification of the anti-malware process, wherein the anti-malware process has a higher protection level if both the signer and the protection type associated with the anti-malware process have a higher protection level than a signer and a protection type associated with another process; and preventing the user from altering the anti-malware process, the altering including terminating the anti-malware process, injecting code, or loading binaries related to the anti-malware process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing device comprising:
-
one or more processors; critical operating system components; regular operating system components; anti-malware components; components associated with applications signed by recognized entities; DRM hosting components; and unprotected components. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more hardware-based processors; and computer-readable storage media comprising instructions stored thereon that, responsive to execution by the one or more processors, cause operations to be performed comprising; verifying, during a boot process, an anti-malware driver associated with an anti-malware program based at least in part on certificates contained in the anti-malware driver, the certificates containing an identity that is signed with a trusted certificate from a verified source; responsive to extracting the certificates from the anti-malware driver, registering the certificates with a kernel of an operating system; one or more modules implemented at least partially in hardware configured to; launch an anti-malware process; assign a protection level defined by a signer and a protection type to the anti-malware process based at least in part on anti-malware-verification certificates that are contained in an anti-malware driver and registered with an operating system of the computing device, wherein the anti-malware process has a higher protection level if both the signer and the protection type associated with the anti-malware process have a higher protection level than a signer and a protection type associated with another process; and execute the anti-malware process on the computing device. - View Dependent Claims (16, 17, 18, 19)
-
Specification