| 发明名称 |
DETECTION OF MALICIOUS THREAD SUSPENSION |
| 摘要 |
In an example, there is disclosed a computing apparatus having one or more logic elements providing a security agent operable for: detecting that a first process has launch a second process and placed the second process in a suspended state; detecting that the first process has modified or attempted to modify the second process; classifying the modification as potentially malicious; and taking a remedial action. There is also disclosed one or more computer-readable storage mediums having stored thereon executable instructions for providing the security agent, and a computer-executable method of providing the security agent. |
| 申请公布号 |
US2016378979(A1) |
申请公布日期 |
2016.12.29 |
| 申请号 |
US201514752890 |
申请日期 |
2015.06.27 |
| 申请人 |
McAfee, Inc. |
发明人 |
Kapoor Aditya;Spurlock Joel R.;Edwards Jonathan L. |
| 分类号 |
G06F21/55 |
主分类号 |
G06F21/55 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computing apparatus, comprising:
one or more logic elements comprising a security agent operable to:
detect that a first process has launch a second process and placed the second process in a suspended state;detect that the first process has modified or attempted to modify the second process;classify the modification as potentially malicious; andtake a remedial action. |
| 地址 |
Santa Clara CA US |
