Patent · US Active

System and method of performing an antivirus scan of a file on a virtual machine

US9679139B1 · kind B1 · utility

8Cited by

6References

21Claims

0Family size

Assignee

AO Kaspersky Lab · RU

Inventors

Alexey V. Monastyrsky · Moscow, RU
Vitaly V. Butuzov · Moscow, RU
Maxim Y. Golovkin · Moscow, RU
Dmitry V. Karasovsky · Moscow, RU
Vladislav V. Pintiysky · Moscow, RU
Denis Y. Kobychev · Moscow, RU

Key dates

Filing date	May 31, 2016
Grant date	Jun 13, 2017
Priority date	—
Expiry date	May 31, 2036

Classification

Technology area (CPC G)Physics
CPC primaryG06F2009/45587
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method and system are provided for performing an antivirus scan of a file on a virtual machine. An example method includes performing a first execution of the file on the virtual machine, recording a first log that includes an API function call and an internal event detected during execution, and determining if any signatures in the log are stored in a signatures database. Moreover, if no signatures in the first log are found in the first database of signatures, the file is classified as not malicious. In contrast, if at least one signature is found, a second execution of the file is perform and a second log is recorded that includes a detected internal event. Moreover, the method includes determining if any signatures in the second log are stored in a second database of signatures; and classifying the file as not malicious if no signatures are found.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.