| 发明名称 | System and method for below-operating system trapping and securing loading of code into memory | ||
| 摘要 | A system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access of a resource of the electronic device, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic device accessing the memory. The attempted access includes attempting to write instructions to the memory and attempting to execute the instructions. | ||
| 申请公布号 | US9038176(B2) | 申请公布日期 | 2015.05.19 |
| 申请号 | US201113076480 | 申请日期 | 2011.03.31 |
| 申请人 | McAfee, Inc. | 发明人 | Sallam Ahmed Said |
| 分类号 | G06F11/00;G06F12/14;G06F12/16;G08B23/00;G06F9/455;G06F21/56;G06F21/55 | 主分类号 | G06F11/00 |
| 代理机构 | Baker Botts L.L.P. | 代理人 | Baker Botts L.L.P. |
| 主权项 | 1. A system for protecting an electronic device against malware, comprising: a memory; one or more operating systems an operating system configured to execute on the electronic device; a below operating-system security agent configured to: identify an attempted access of a resource of the electronic device, the attempted access comprising: attempting to write instructions to the memory; andattempting to execute the instructions;trap the attempted access based upon an identification of the attempt to write instructions to the memory and an identification of the attempt to execute the instructions;access one or more security rules to determine whether the attempted access is indicative of malware; andoperate at a higher priority than all of the operating systems of the electronic device; wherein the trapping of the attempted access and determining whether the attempted access is indicative of malware is conducted at a higher priority than all of the operating systems of the electronic device, wherein the below operating-system security agent is further configured to: identify the attempted access based on an attempt to access a portion of the memory containing a memory page data structure entry for a driver;determine that the malware status of the driver is unknown; andthe below operating-system security agent is configured to trap the attempted access further based upon an identification of the attempted access of the portion of the memory containing the memory page data structure for the driver and a determination that the malware status of the driver is unknown. | ||
| 地址 | Santa Clara CA US | ||