ARRANGEMENT AND METHOD OF THREAT DETECTION IN A COMPUTER OR COMPUTER NETWORK
An arrangement and a method of threat detection in a computer or computer network in which a virtual machine or a software emulator is started and/or initialized in response to starting a software application at a local machine. The software application is passed to the virtual machine or the softwa...
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | An arrangement and a method of threat detection in a computer or computer network in which a virtual machine or a software emulator is started and/or initialized in response to starting a software application at a local machine. The software application is passed to the virtual machine or the software emulator. The software application is started at the virtual machine or the software emulator, and changes made by the software application run on the local machine to at least one file and/or system configuration value, e.g. registry value, of the local machine are determined and backed-up. Application events and/or behavior is analyzed at the virtual machine or the software emulator to determine malicious behavior of the application. Based on the detected malicious behavior of the software application at the virtual machine or the software emulator, the local machine is notified about the malicious behavior and the virtual machine or the software emulator session is ended. Based on receiving the notification about malicious behavior of the software application, the software application at the local machine is terminated and changes made by the application or to the at least one file or system configuration value are reverted based on the backed-up version of the at least one file and/or system configuration value. |
|---|