Patent · US Active

Systems, methods and media for managing process image hijacks

US9104860B2 · kind B2 · utility

0Cited by

4References

20Claims

0Family size

Assignee

AppSense Limited · GB

Inventor

Stephen Jones · San Francisco, US

Key dates

Filing date	Mar 6, 2013
Grant date	Aug 11, 2015
Priority date	—
Expiry date	Mar 6, 2033

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/52
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Disclosed is a method of checking the authenticity of an executable process including at least one section. The method includes, when an initial thread of the executable process is created in a suspended state, mapping from storage a copy of the executable process into a spare memory area, where it will not be executed. The method also includes comparing a header of a first section of the executable process with a header of a first section of the copy. The method further includes terminating the executable process when the header of the first section of the executable process and the header of the first section of the copy are not identical.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.