Invention Grant
US08214900B1 Method and apparatus for monitoring a computer to detect operating system process manipulation
有权
用于监测计算机以检测操作系统过程操纵的方法和装置
- Patent Title: Method and apparatus for monitoring a computer to detect operating system process manipulation
- Patent Title (中): 用于监测计算机以检测操作系统过程操纵的方法和装置
-
Application No.: US12338587Application Date: 2008-12-18
-
Publication No.: US08214900B1Publication Date: 2012-07-03
- Inventor: Sourabh Satish , William Sobel , Bruce McCorkendale
- Applicant: Sourabh Satish , William Sobel , Bruce McCorkendale
- Applicant Address: US CA Mountain View
- Assignee: Symantec Corporation
- Current Assignee: Symantec Corporation
- Current Assignee Address: US CA Mountain View
- Agency: Wilmer Cutler Pickering Hale and Dorr LLP
- Main IPC: G06F12/14
- IPC: G06F12/14
Abstract:
A method and apparatus for monitoring a computer to detect operating system process manipulation by malicious software programs is disclosed. In one embodiment, a method for detecting operating system process manipulation through unexpected process behavior includes accessing process behavior indicia regarding memory addresses used by at least one user mode process to request computer resources and comparing the process behavior indicia with a user mode request to identify operating system process manipulation.
Information query
