Suspicious process detection method, device and equipment and storage medium

The invention discloses a suspicious process detection method. The method comprises the following steps of: when a target process is started, monitoring operation behaviors, for a user file, of the target process; aiming at each monitored operation behavior, for the user file, of the target process, determining whether the operation behavior accords with a preset abnormal operation behavior mode or not; and if the determination result is positive, determining the target process as a suspicious process. By applying the method provided by the invention, suspicious processes can be timely detected before greater harm is caused to systems and users in the initial execution stages of malicious software such as ransomware, and the suspicious processes can be kept away to decrease the loss. The invention furthermore discloses a suspicious process detection device and equipment and a storage medium, which have corresponding technological effects. 本发明公开了种可疑进程检测方法，该方法包括以下步骤：在有目标进程启动时，监测目标进程对用户文件的操作行为；针对监测到的目标进程对用户文件的每个