ARRANGEMENT AND METHOD OF THREAT DETECTION IN A COMPUTER OR COMPUTER NETWORK

ARRANGEMENT AND METHOD OF THREAT DETECTION IN A COMPUTER OR COMPUTER NETWORK

Disclosed is an arrangement and a method, e.g. a computer implemented method, of threat detection in a computer or computer network, wherein the method includes determining that an application is starting at a computer, such as a network node or an endpoint, intercepting the application start, ident...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: AQUILINO, Broderick, TURBIN, Pavel
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Disclosed is an arrangement and a method, e.g. a computer implemented method, of threat detection in a computer or computer network, wherein the method includes determining that an application is starting at a computer, such as a network node or an endpoint, intercepting the application start, identifying the risk rating of the application, based on the identified risk rating of the application creating a snapshot of the computer if the risk rating of the application is high, such as above a certain risk rating threshold value, and/or if the risk rating of the application is unknown, and allowing the application to run after the identification of the risk rating of the application. If the application is determined to be malware when the application is running, stopping the application, removing the malware and reverting changes made to the computer based on the snapshot of the computer.