Method and apparatus for determination of the non-replicative behavior of a malicious program
May 8, 2022. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.Patent ReferencesAutomatic immune system for computers and computer networks Automatic analysis of a computer virus structure and means of attachment to its hosts Generic disinfection of programs infected with a computer virus System and method for recovering PC configurations Polymorphic virus detection module Emulation repair system Automated sample creation of polymorphic and non-polymorphic marcro viruses Patent #: 6108799 InventorsApplicationNo. 10141896 filed on 05/08/2002US Classes:726/22, MONITORING OR SCANNING OF SOFTWARE OR DATA INCLUDING ATTACK PREVENTION726/23, Intrusion detection726/24, Virus detection726/25, Vulnerability assessment713/188, COMPUTER VIRUS DETECTION BY CRYPTOGRAPHY714/38, Of computer software714/3By masking or reconfigurationExaminersPrimary: Song, HosukAssistant: To, Baoquoc N. Attorney, Agent or FirmInternational ClassG06F 11/00AbstractDisclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity. The result of the analysis can also be used for informing a user of an anti-virus system of the non-replicative changes made to the environment.Field of SearchBy masking or reconfigurationOf computer software Virus detection PREVENTION OF UNAUTHORIZED USE OF DATA INCLUDING PREVENTION OF PIRACY, PRIVACY VIOLATIONS, OR UNAUTHORIZED DATA MODIFICATION MONITORING OR SCANNING OF SOFTWARE OR DATA INCLUDING ATTACK PREVENTION Intrusion detection Vulnerability assessment COMPUTER VIRUS DETECTION BY CRYPTOGRAPHY | |
