Patent · US Expired

Heuristic detection of malicious computer code by page tracking

US7418729B2 · kind B2 · utility

325Cited by

54References

28Claims

0Family size

Assignee

Symantec Corporation · US

Inventor

Peter Szor · San Fernando, US

Key dates

Filing date	Oct 4, 2002
Grant date	Aug 26, 2008
Priority date	—
Expiry date	Nov 12, 2024

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

To detect a computer virus in a host file (100), an emulating module (414) emulates the host file (100) in a virtual machine (422) having a virtual memory (426). While emulating the host file (100), the system (400) tracks the host file's access of the virtual memory (426). Responsive to an access in a non-normal address range of the virtual memory (426) by the host file (100), a flag recording module (522) sets a flag. A virus reporting module (526) declares a potential virus based on whether the flag is set.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.