Systems and methods for malware evasion management
US9846775B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 5, 2015 |
| Grant date | Dec 19, 2017 |
| Priority date | — |
| Expiry date | Dec 18, 2035 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F16/245
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.