×

Kernel-level security agent

  • US 9,904,784 B2
  • Filed: 04/10/2017
  • Issued: 02/27/2018
  • Est. Priority Date: 06/08/2012
  • Status: Active Grant
First Claim
Patent Images

1. A computing system comprising:

  • at least one memory configured to store a situational model and computer-executable instructions of a kernel-level security agent; and

    one or more processors that, upon executing the computer-executable instructions, perform operations comprising;

    observing a first event associated with one or more processes executing on the computing system;

    accessing, from a kernel mode of the computing system, the situational model;

    determining that the first event passes a first filter;

    updating the situational model based at least in part on the first event to provide an updated situational model;

    observing a second event associated with one or more processes executing on the computing system;

    determining that the second event passes a second filter based at least in part on the updated situational model;

    determining a preventative action to take based on at least one of the second event and the updated situational model; and

    performing the preventative action.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×