Patent · US Active

Automated rootkit detector

US7571482B2 · kind B2 · utility

45Cited by

6References

19Claims

0Family size

Assignee

Microsoft Corporation · US

Inventors

Alexey Polyakov · Sammamish, US
Gretchen L. Loihle · Redmond, US
Mihai Costea · Redmond, US
Robert John Hensing · York, US
Scott A. Field · Redmond, US
Vincent R. Orgovan · Bellevue, US
Yi-Min Wang · Shanghai, CN
Yun Lin · Kirkland, US

Key dates

Filing date	Jun 28, 2005
Grant date	Aug 4, 2009
Priority date	—
Expiry date	Jul 26, 2027

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.