摘要 |
<p>A kernel- level security agent is described herein. The kernel -level security agent is configured to observe events, filter the observed events using configurable filters , route the filtered events to one or more event consumers , and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel- level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code ,performs a preventative action. The kernel- level security agent may also deceive an adversary associated with malicious code. Further, the kernel -level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.</p> |