公开(公告)号：US20190188380A1

公开(公告)日：2019-06-20

申请号：US15844453

申请日：2017-12-15

Applicant: Microsoft Technology Licensing, LLC

Inventor： Gowtham R. ANIMIREDDYGARI ,  Karthik SELVARAJ ,  Adrian M. MARINESCU ,  Catalin D. SANDU

IPC: G06F21/56 ,  G06F11/14

CPC classification number: G06F21/564 ,  G06F11/1451 ,  G06F11/1464 ,  G06F11/1469 ,  G06F21/568 ,  G06F2201/80 ,  G06F2201/805 ,  G06F2201/82 ,  G06F2221/034

Abstract: A system for operating system remediation intercepts input/output (I/O) requests to write to one or more files and stores, as file restore data, (i) a restore copy of the one or more files to the system cache prior to performing write operations of the I/O requests and (ii) identification information for one or more processes or entities making the corresponding I/O requests in the system cache. The system reverts to the restore copy of the one or more files using the file restore data and based at least on a later determination that one or more processes making the corresponding I/O requests was malware. A current version of the one or more files is thereby replaced with the restore copy of the one or more files with improved automatic remediation support and a greater likelihood that data can be restored from the cache in the case of malware attacks.