Patent · US Active

Malware detection efficacy by identifying installation and uninstallation scenarios

US8578345B1 · kind B1 · utility

25Cited by

13References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Mark Kennedy · Redondo Beach, US
Sourabh Satish · Fremont, US
Alexander Danileiko · Laguna Beach, US
Ming-Jen Wang · Colorado Springs, US

Key dates

Filing date	Apr 15, 2010
Grant date	Nov 5, 2013
Priority date	—
Expiry date	Jun 24, 2032

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/57
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

The launch of an installer or uninstaller is detected. A process lineage tree is created representing the detected launched installer/uninstaller process, and all processes launched directly and indirectly thereby. The detected installer/uninstaller process is represented by the root node in the process lineage tree. Launches of child processes by the installer/uninstaller process and by any subsequently launched child processes are detected. The launched child processes are represented by child nodes in the tree. As long as the installer/uninstaller process represented by the root node in the tree is running, the processes represented by nodes in tree are exempted from anti-malware analysis. The termination of the installer/uninstaller process is detected, after which the processes represented by nodes in the process lineage tree are no longer exempted from anti-malware analysis.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.