Detecting malware by monitoring execution of a configured process

Detecting malware by monitoring execution of a configured process

Described herein are various technologies pertaining detecting malware by monitoring execution of an instrumented process. An anti-malware engine can observe code obfuscation, suspicious patterns and/or behavior upon scanning a computer file. Based upon this observation, evidence can be submitted to...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Marinescu, Adrian M, Stepan, Adrian Emil
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Marinescu, Adrian M
Stepan, Adrian Emil
description Described herein are various technologies pertaining detecting malware by monitoring execution of an instrumented process. An anti-malware engine can observe code obfuscation, suspicious patterns and/or behavior upon scanning a computer file. Based upon this observation, evidence can be submitted to a service (e.g., cloud-based service) and, in response, configuration setting(s) for restraining, containing and/or instrumenting a process for executing the file and/or instrumenting a process into which the file is loaded can be received. The configured process can be monitored. Based upon this monitoring, an action can be taken including determining the file to comprise malware and terminating the process. Upon detecting malware, a detection report, and a copy of the computer file, can be sent to a service (e.g., cloud-based). The service can independently verify that the reported file is malicious, and can protect other machines from executing or loading the same malicious file.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US10515213B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US10515213B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US10515213B23</originalsourceid><addsrcrecordid>eNrjZHB0SS1JTS7JzEtXyE3MKU8sSlVIqlTIzc_LLMkvAommVqQml5Zk5ucp5KcpJCok5-elZaaXFqWmKBQU5SenFhfzMLCmJeYUp_JCaW4GRTfXEGcP3dSC_PjU4oLE5NS81JL40GBDA1NDUyNDYycjY2LUAAArazIQ</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Detecting malware by monitoring execution of a configured process</title><source>esp@cenet</source><creator>Marinescu, Adrian M ; Stepan, Adrian Emil</creator><creatorcontrib>Marinescu, Adrian M ; Stepan, Adrian Emil</creatorcontrib><description>Described herein are various technologies pertaining detecting malware by monitoring execution of an instrumented process. An anti-malware engine can observe code obfuscation, suspicious patterns and/or behavior upon scanning a computer file. Based upon this observation, evidence can be submitted to a service (e.g., cloud-based service) and, in response, configuration setting(s) for restraining, containing and/or instrumenting a process for executing the file and/or instrumenting a process into which the file is loaded can be received. The configured process can be monitored. Based upon this monitoring, an action can be taken including determining the file to comprise malware and terminating the process. Upon detecting malware, a detection report, and a copy of the computer file, can be sent to a service (e.g., cloud-based). The service can independently verify that the reported file is malicious, and can protect other machines from executing or loading the same malicious file.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2019</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20191224&amp;DB=EPODOC&amp;CC=US&amp;NR=10515213B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,309,781,886,25569,76552</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20191224&amp;DB=EPODOC&amp;CC=US&amp;NR=10515213B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Marinescu, Adrian M</creatorcontrib><creatorcontrib>Stepan, Adrian Emil</creatorcontrib><title>Detecting malware by monitoring execution of a configured process</title><description>Described herein are various technologies pertaining detecting malware by monitoring execution of an instrumented process. An anti-malware engine can observe code obfuscation, suspicious patterns and/or behavior upon scanning a computer file. Based upon this observation, evidence can be submitted to a service (e.g., cloud-based service) and, in response, configuration setting(s) for restraining, containing and/or instrumenting a process for executing the file and/or instrumenting a process into which the file is loaded can be received. The configured process can be monitored. Based upon this monitoring, an action can be taken including determining the file to comprise malware and terminating the process. Upon detecting malware, a detection report, and a copy of the computer file, can be sent to a service (e.g., cloud-based). The service can independently verify that the reported file is malicious, and can protect other machines from executing or loading the same malicious file.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2019</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZHB0SS1JTS7JzEtXyE3MKU8sSlVIqlTIzc_LLMkvAommVqQml5Zk5ucp5KcpJCok5-elZaaXFqWmKBQU5SenFhfzMLCmJeYUp_JCaW4GRTfXEGcP3dSC_PjU4oLE5NS81JL40GBDA1NDUyNDYycjY2LUAAArazIQ</recordid><startdate>20191224</startdate><enddate>20191224</enddate><creator>Marinescu, Adrian M</creator><creator>Stepan, Adrian Emil</creator><scope>EVB</scope></search><sort><creationdate>20191224</creationdate><title>Detecting malware by monitoring execution of a configured process</title><author>Marinescu, Adrian M ; Stepan, Adrian Emil</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US10515213B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2019</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>Marinescu, Adrian M</creatorcontrib><creatorcontrib>Stepan, Adrian Emil</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Marinescu, Adrian M</au><au>Stepan, Adrian Emil</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Detecting malware by monitoring execution of a configured process</title><date>2019-12-24</date><risdate>2019</risdate><abstract>Described herein are various technologies pertaining detecting malware by monitoring execution of an instrumented process. An anti-malware engine can observe code obfuscation, suspicious patterns and/or behavior upon scanning a computer file. Based upon this observation, evidence can be submitted to a service (e.g., cloud-based service) and, in response, configuration setting(s) for restraining, containing and/or instrumenting a process for executing the file and/or instrumenting a process into which the file is loaded can be received. The configured process can be monitored. Based upon this monitoring, an action can be taken including determining the file to comprise malware and terminating the process. Upon detecting malware, a detection report, and a copy of the computer file, can be sent to a service (e.g., cloud-based). The service can independently verify that the reported file is malicious, and can protect other machines from executing or loading the same malicious file.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US10515213B2
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
title Detecting malware by monitoring execution of a configured process
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-12T11%3A37%3A39IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Marinescu,%20Adrian%20M&rft.date=2019-12-24&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS10515213B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true