发明名称 |
SYSTEMS AND METHODS FOR IDENTIFYING A SOURCE OF A SUSPECT EVENT |
摘要 |
A computer-implemented method for identifying a source of a suspect event is described. In one embodiment, system events may be registered in a database. A suspicious event associated with a first process may be detected and the first process may be identified as being one of a plurality of potential puppet processes. The registered system events in the database may be queried to identify a second process, where the second process is detected as launching the first process. |
申请公布号 |
US2015278518(A1) |
申请公布日期 |
2015.10.01 |
申请号 |
US201414231409 |
申请日期 |
2014.03.31 |
申请人 |
Symantec Corporation |
发明人 |
Pereira Shane |
分类号 |
G06F21/55 |
主分类号 |
G06F21/55 |
代理机构 |
|
代理人 |
|
主权项 |
1. A computer-implemented method for identifying a source of a suspect event, comprising:
registering system events in a database; detecting a suspicious event associated with a first process; identifying the first process as being one of a plurality of potential puppet processes; and querying the registered system events in the database to identify a second process, the second process detected as launching the first process. |
地址 |
Mountain View CA US |