| 发明名称 | System and method of limiting the operation of trusted applications in presence of suspicious programs | ||
| 摘要 | Disclosed are systems and methods for limiting the operation of trusted applications in presence of suspicious programs. An example method includes: identifying one or more trusted applications installed on a computer; collecting data about applications and programs installed on the computer; checking for the presence of one or more suspicious programs using suspicious program detection rules, wherein a program is considered to be suspicious when it can access protected information of a trusted application without authorization; and when at least one suspicious program is found, limiting the operation of the trusted application until the suspicious program is terminated or removed from the computer. | ||
| 申请公布号 | US9183383(B1) | 申请公布日期 | 2015.11.10 |
| 申请号 | US201514623901 | 申请日期 | 2015.02.17 |
| 申请人 | AO Kaspersky Lab | 发明人 | Yablokov Victor V.;Filatov Konstantin M.;Eliseev Evgeny Y.;Unuchek Roman S. |
| 分类号 | G06F21/56;G06F21/62;G06F21/55;G06F12/14;G06F21/74;G06F21/88;G06F21/12;G06F21/44;G06F21/50;G06F12/16 | 主分类号 | G06F21/56 |
| 代理机构 | Arent Fox LLP | 代理人 | Arent Fox LLP ;Fainberg Michael |
| 主权项 | 1. A method for limiting the operation of trusted applications in presence of suspicious programs, the method comprising: identifying, by a hardware processor, one or more trusted applications installed on a computer; collecting, by the hardware processor, data relating to the identified one or more trusted applications and to programs installed on the computer; detecting, based at least partially on the collected data, one or more suspicious programs using suspicious program detection rules indicating that the one or more suspicious programs can access protected information of a given trusted application of the identified one or more trusted applications without authorization; upon detecting at least one suspicious program, temporarily limiting an operation of the given trusted application; producing, based on both the data relating to the identified one or more trusted applications and data relating to the detected at least one suspicious program, a list of actions to remove or terminate the at least one suspicious program from the computer; and removing limitation of the operation of the given trusted application after the list of actions are performed to remove or terminate the at least one suspicious program from the computer. | ||
| 地址 | Moscow RU | ||