摘要 |
A method, system, computer readable medium of instructions and/or computer program product. The method comprises receiving, in a proxy server, response data from a remote processing system, according to a request from the client processing system to download data from the remote processing system; using, in one or more emulated operating systems of the proxy server, the downloaded data; monitoring behavior of the use of the data in the one or more emulated operating systems; and in response to detecting malicious behavior indicative of a threat, restricting the client processing system being compromised with the threat of the response data. |
主权项 |
1. A computer-implemented method of restricting a client processing system being compromised by a threat, wherein the method comprises:
receiving, by a processor of a computing device, response data from a remote processing system, according to a request from the client processing system to download data from the remote processing system; determining whether the response data comprises an executable file; upon determining that the response data does not comprise an executable file, analyzing the response data to determine whether the response data is indicative of a threat to the client processing system; generating a wrapper of the analyzed response data, wherein the wrapper is indicative of scan data; upon determining that the response data does comprise an executable file, using, in one or more emulated operating systems of the computing device, the response data; monitoring, by the processor, behavior of the use of the data in the one or more emulated operating systems; analyzing the monitored behavior of the use of the data in the one or more emulated operating systems to determine whether malicious behavior indicative of a threat is detected; and in response to detecting a threat of the response data, restricting, by the processor, the client processing system being compromised with the threat of the response data, wherein restricting the client processing system comprises:
removing a portion of the response data which is associated with malicious activity; andreplacing the portion removed from the response data with a non-malicious portion. |