| 发明名称 | Dynamic rule management for kernel mode filter drivers | ||
| 摘要 | A method for providing rules for a plurality of processes from a user mode to a kernel mode of a computer is disclosed. The method includes providing to the kernel mode a policy for at least a first process of the plurality of processes, the policy indicating at least when and/or how notifications are to be provided from the kernel mode to the user mode upon detection in the kernel mode of launching of the first process. The method further includes selecting, from the rules stored in the user mode, rules related to the launching of the first process, in response to receiving from the kernel mode a first notification in accordance with the policy, and providing the selected rules related to the launching of the first process from the user mode to at least one of the one or more filter drivers in the kernel mode. | ||
| 申请公布号 | US9043812(B2) | 申请公布日期 | 2015.05.26 |
| 申请号 | US201313924879 | 申请日期 | 2013.06.24 |
| 申请人 | Real Enterprise Solutions Development B.V. | 发明人 | Janssen Bob;Van Bommel Henri |
| 分类号 | G06F9/54;G06F9/44;G06F9/445 | 主分类号 | G06F9/54 |
| 代理机构 | Westman, Champlin & Koehler, P.A. | 代理人 | Koehler Steven M.;Westman, Champlin & Koehler, P.A. |
| 主权项 | 1. A method for providing rules for a plurality of processes launchable in a user mode of a computer from the user mode to one or more filter drivers implemented in a kernel mode of the computer, the method comprising: providing, from the user mode to the kernel mode, a policy for at least a first process of the plurality of processes, the policy indicating at least when and/or how notifications are to be provided from the kernel mode to the user mode upon detection in the kernel mode of launching of the first process and when and/or how notifications are to be provided from the kernel mode to the user mode upon detection in the kernel mode of rundown of the first process; in response to receiving from the kernel mode a first notification in accordance with the policy for the first process, selecting, from the rules stored in the user mode, one or more rules related to the launching of the first process; providing the selected one or more rules related to the launching of the first process from the user mode to at least one of the one or more filter drivers in the kernel mode; in response to receiving from the kernel mode a third notification in accordance with the policy for the first process, selecting, from the rules stored in the user mode, one or more rules related to the rundown of the first process; if the rules stored in the user mode include at least one rule related to the rundown of the first process, replacing, in at least one of the one or more filter drivers to which the selected one or more rules related to the launching of the first process were provided, the provided one or more rules related to the launching of the first process with the selected one or more rules related to the rundown of the first process; and if the rules stored in the user mode do not include any rules related to the rundown of the first process, removing the one or more rules related to the launching of the first process from at least one of the one or more filter drivers to which the selected one or more rules related to the launching of the first process were provided. | ||
| 地址 | 'S-Hertogenbosch NL | ||