| 摘要 |
<p>PROBLEM TO BE SOLVED: To provide a method for identifying potentially harmful malware.SOLUTION: The method comprises the steps of: a) identifying an executable that is about to run; b) providing a monitoring agent that monitors all threads that are descendent of a thread initiated by the process of the executable; and c) configuring the monitoring agent to conclude that a high probability of malware presence exists, if one of the descendent threads reaches a target process in which suspicious patches are created.</p> |
