Real-time detection of and protection from malware and steganography in a kernel mode
US11082444B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 30, 2018 |
| Grant date | Aug 3, 2021 |
| Priority date | — |
| Expiry date | Dec 19, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1416
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for real-time detection of malware in a Kernel mode includes detecting a file operation request initiated by a process running in user mode. Malware detection analytics is performed on a file buffer associated with the detected file operation request to detect behavior indicating presence of malware. Responsive to detecting the behavior indicating the presence of the malware, the process responsible for initiating the detected file operation request is identified. A search for the identified process is performed on one or more of a blacklist of programs and a whitelist of programs to determine whether the identified process is a trusted process. Responsive to determining that the identified process is not a trusted process, a malware remediation action is executed against the identified process. Information describing the malware is transmitted to a client device.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.