Patent · US Active

Behavioral detection based on uninstaller modification or removal

US8099784B1 · kind B1 · utility

13Cited by

2References

16Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Joseph Chen · Los Angeles, US
Jamie Jooyoung Park · Los Angeles, US

Key dates

Filing date	Feb 13, 2009
Grant date	Jan 17, 2012
Priority date	—
Expiry date	May 16, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/554
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

To evade heuristic detection, malware is often designed to trick users into installing the malware by being packaged in a standard installer known to the user's computer for typically installing legitimate software. To prevent removal of the malware, the malware modifies or removes its uninstaller. A security module manages this type of evasion technique by monitoring and detecting installations performed on a computer. The module detects attempts to remove or modify the uninstaller for the application to render the uninstaller incapable of uninstalling the application. The module can intercept and block such attempts, and then analyze the application for malicious code. Where the application is determined to be malware, the module prevents malicious activity. The module can also use the malware's own uninstaller to uninstall the malware from the computer.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.