Patent · US Active

Replace malicious driver at boot time

US7917952B1 · kind B1 · utility

0Cited by

0References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Adam Glick · Culver City, US
David Kane · Los Angeles, US
Yung-Shuo Lin · Torrance, US

Key dates

Filing date	Oct 17, 2007
Grant date	Mar 29, 2011
Priority date	—
Expiry date	Dec 23, 2029

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/575
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A malicious driver replacement application is installed on a host computer system and registered as a boot execute application. On notification of a malicious driver detection, the malicious driver replacement application reboots the host computer system and locks the volume of a storage disk containing the malicious driver. The malicious driver is replaced directly on the storage disk with a dummy driver having innocuous code. The malicious driver replacement application reboots the host computer system, and on reboot of the host computer system, the dummy driver is loaded rather than the malicious driver thus preventing the malicious driver from interfering with the standard operating system routines and allowing the malicious driver to be remediated.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.