Protecting anti-malware processes
First Claim
Patent Images
1. A system for preventing the alteration of a process, comprising:
- a process alteration preventer comprising one or more hardware computer processors, and a computer program having a plurality of sub-programs executable by said computer processors, wherein the sub-programs configure said computer processors to,launch a first process,assign a protection level defined by a signer and a protection type to the first process, wherein the first process has a higher or equal protection level if both the signer and the protection type associated with the first process have a higher or equal protection level than a signer and a protection type associated with another process, andprevent said other process from altering the first process whenever the protection level assigned to the first process is higher or equal to the other process.
2 Assignments
0 Petitions
Accused Products
Abstract
Anti-malware process protection techniques are described. In one or more implementations, an anti-malware process is launched. The anti-malware process is verified based at least in part on an anti-malware driver that contains certificate pairs which contain an identity that is signed with the trusted certificate from a verified source. After the anti-malware process is verified, the anti-malware process may be assigned a protection level, and an administrative user may be prevented from altering the anti-malware process.
-
Citations
16 Claims
-
1. A system for preventing the alteration of a process, comprising:
a process alteration preventer comprising one or more hardware computer processors, and a computer program having a plurality of sub-programs executable by said computer processors, wherein the sub-programs configure said computer processors to, launch a first process, assign a protection level defined by a signer and a protection type to the first process, wherein the first process has a higher or equal protection level if both the signer and the protection type associated with the first process have a higher or equal protection level than a signer and a protection type associated with another process, and prevent said other process from altering the first process whenever the protection level assigned to the first process is higher or equal to the other process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A computer-implemented method for preventing the alteration of a process, the method comprising the actions of:
-
using one or more computing devices to perform the following actions; launching a first process; assigning a protection level defined by a signer and a protection type to the first process, wherein the first process has a higher or equal protection level if both the signer and the protection type associated with the first process have a higher or equal protection level than a signer and a protection type associated with another process; and preventing said other process from altering the first process whenever the protection level assigned to the first process is higher or equal to the other process. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification