Elevated security execution mode for network-accessible devices
US-2024411878-A1 · Dec 12, 2024 · US
Method of detecting and blocking malicious activity
US8959639B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-8959639-B2 |
| Application number | US-13448108-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 6, 2008 |
| Priority date | Jun 18, 2007 |
| Publication date | Feb 17, 2015 |
| Grant date | Feb 17, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method of detecting and blocking malicious activity of processes in computer memory during unpacking of a file after the code and data contained in the file are unpacked is described. The method includes inserting a hook function into one or more un-assessed processes running in the computer memory. A hook is then placed on one or more system calls carried out by the one or more un-assessed processes; the one or more system calls determining an optimal time period in which to detect malicious activity in the un-assessed processes. During the optimal time period the one or more system calls carried out by the one or more un-assessed processes are suspended and attributes of the one or more un-assessed processes are detected and the likely maliciousness of the one or more un-assessed processes is determined from the attributes.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of detecting and blocking malicious activity of processes in computer memory during unpacking of a file after the code and data contained in the file are unpacked, including the steps of: (a) inserting a hook function into a process running in the computer memory, the hook function placing a hook on a system call carried out by the process; (b) receiving a first inter-process communication (IPC) constructed by the hook function, the first IP…
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Next steps
Free tools are coming soon. Tell us what you want to track and we'll notify you.
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US8959639B2 cover?
- A method of detecting and blocking malicious activity of processes in computer memory during unpacking of a file after the code and data contained in the file are unpacked is described. The method includes inserting a hook function into one or more un-assessed processes running in the computer memory. A hook is then placed on one or more system calls carried out by the one or more un-assessed p…
- Who is the assignee on this patent?
- Shevchenko Sergei, Symantec Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/56. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 17 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).