| 主权项 |
1. A method for creating list of infected, malicious, and unclassified software or modules or applications on a computing device for a purpose of obtaining a classification and remedial action on the applications, software or modules from a remote computing node, comprising steps of:
assigning a unique identifier to the computing device; listing items in file system, registry, and memory of the computing device; listing attributes of the listed items; computing cryptographic hash of the listed items; matching the attributes of the listed items with a local black/white list database; applying a filter to reduce the listed items;storing the unique identifier and filtered items along with the attributes of the listed items;classifying the filtered items and storing the classified items in graphical user interface or machine readable format and taking the remedial action on the classified items;
transmitting the stored the classified items and application files to the remote computing node; based on the classification of the classified items, placing plurality of the application files of a computer system placed into a sandbox using intercepting API function calls using imported or exported functions table patching and inline hooking of functions that restrict actions on the classified items while the application files are in the computing device until a cleanup task is completed; and placing the computing device in a restricted mode that limits modifications of the application files until the task of repairing infected application files of the computer device is completed. |
