发明名称 |
Augmenting system restore with malware detection |
摘要 |
An anti-malware program monitors the behavior of a system after a system restore to determine the likelihood of a hidden infection of malicious code still existing after the system restore. The anti-malware program observes the dynamic behavior of the system by monitoring conditions that are likely to signify the possibility of an infection thereby necessitating the need to initiate anti-malware detection. The anti-malware program may observe the restoration history, system settings, malware infection history, to determine the likelihood of an existing hidden infection after a system restore. |
申请公布号 |
US9613209(B2) |
申请公布日期 |
2017.04.04 |
申请号 |
US201113334060 |
申请日期 |
2011.12.22 |
申请人 |
MICROSOFT TECHNOLOGY LICENSING, LLC. |
发明人 |
Kapoor Vishal;Joyce Jason;Nichols Gregory |
分类号 |
G06F11/00;G06F21/56 |
主分类号 |
G06F11/00 |
代理机构 |
|
代理人 |
|
主权项 |
1. A computer-implemented method, comprising:
executing at least one system restore in a computing device, the system restore restoring a first set of resources stored in the computing device; analyzing a plurality of conditions to determine if malware detection is needed during system restoration, the plurality of conditions including restoration history, system settings and infection history; in response to determining that malware detection is needed, selecting a level of scanning from at least one of a deep scan level or a user scan level, wherein the deep scan level is selected when at least one of the plurality of conditions exceeds a threshold, wherein the user scan level is selected when none of the plurality of conditions exceeds a threshold; and scanning, during the system restoration, a second set of resources that were not restored, at the selected level of scanning. |
地址 |
Redmond WA US |