| 发明名称 |
Securing anti-virus software with virtualization |
| 摘要 |
The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day. |
| 申请公布号 |
US9230100(B2) |
申请公布日期 |
2016.01.05 |
| 申请号 |
US201213660808 |
申请日期 |
2012.10.25 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Wang Jiahe Helen;Lorch Jacob R.;Parno Bryan Jeffrey |
| 分类号 |
G06F11/00;G06F21/53 |
主分类号 |
G06F11/00 |
| 代理机构 |
|
代理人 |
Corie Alin;Drakos Kate;Minhas Micky |
| 主权项 |
1. An anti-virus system, comprising:
a memory having stored thereon instructions that when executed on the system cause the system to: operate a first virtual machine configured to execute a user environment; and operate a second virtual machine configured to:
execute an anti-virus scanning component on the second virtual machine;copying the first virtual machine upon an expiration of a timer while the first virtual machine is operating, to create an operating forked copy of the first virtual machine;initiate a shutdown procedure of a forked copy of the first virtual machine; anddetect a disk writing operation of a malware component in response to the initiation of the shutdown procedure, wherein the shutdown procedure of the operating forked copy of the first virtual machine is indistinguishable from a shutdown procedure of the first virtual machine. |
| 地址 |
Redmond WA US |
