System and method for preventing malware evasion
US10747872B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 27, 2017 |
| Grant date | Aug 18, 2020 |
| Priority date | — |
| Expiry date | Jan 10, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A computerized method that assists in preventing malware from evading detection through analysis of the virtual hardware components operating within a malware detection system is described. First, a virtual machine (VM) is provisioned in accordance with a guest image, which includes a guest operating system and one or more virtual hardware component. The virtual hardware component including an identifier, and the guest operating system includes a software driver that controls access to the virtual hardware component and features the identifier of the virtual hardware component. Responsive to processing an object within the VM and issuance of a request for an identifier of a hardware component, the identifier of the first virtualized hardware component (virtualization of the hardware component) is received. The first identifier of the first virtual hardware component being an identifier substituted for a prior identifier of the first virtual hardware component before creation of the guest image.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.