Invention Grant
US08578345B1 Malware detection efficacy by identifying installation and uninstallation scenarios
有权
通过识别安装和卸载方案来检测恶意软件的功能
- Patent Title: Malware detection efficacy by identifying installation and uninstallation scenarios
- Patent Title (中): 通过识别安装和卸载方案来检测恶意软件的功能
-
Application No.: US12761364Application Date: 2010-04-15
-
Publication No.: US08578345B1Publication Date: 2013-11-05
- Inventor: Mark Kennedy , Sourabh Satish , Alexander Danileiko , Ming-Jen Wang
- Applicant: Mark Kennedy , Sourabh Satish , Alexander Danileiko , Ming-Jen Wang
- Applicant Address: US CA Mountain View
- Assignee: Symantec Corporation
- Current Assignee: Symantec Corporation
- Current Assignee Address: US CA Mountain View
- Agency: Brill Law Office
- Agent Jeffrey Brill
- Main IPC: G06F9/44
- IPC: G06F9/44 ; G06F9/445 ; G06F11/00
Abstract:
The launch of an installer or uninstaller is detected. A process lineage tree is created representing the detected launched installer/uninstaller process, and all processes launched directly and indirectly thereby. The detected installer/uninstaller process is represented by the root node in the process lineage tree. Launches of child processes by the installer/uninstaller process and by any subsequently launched child processes are detected. The launched child processes are represented by child nodes in the tree. As long as the installer/uninstaller process represented by the root node in the tree is running, the processes represented by nodes in tree are exempted from anti-malware analysis. The termination of the installer/uninstaller process is detected, after which the processes represented by nodes in the process lineage tree are no longer exempted from anti-malware analysis.
Information query
