| 发明名称 |
Filtering kernel-mode network communications |
| 摘要 |
Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system. |
| 申请公布号 |
US8839407(B2) |
申请公布日期 |
2014.09.16 |
| 申请号 |
US201213690528 |
申请日期 |
2012.11.30 |
| 申请人 |
Microsoft Corporation |
发明人 |
Abzarian David;Khan Salahuddin;Yariv Eran;Cuellar Gerardo Diaz |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Jardine John;Sanders Andrew;Minhas Micky |
| 主权项 |
1. A method executed by a processor for controlling network communications, comprising:
detecting an attempted communication between a process and a network via a network port of a computing device that is assigned to the process; determining whether the process is executing in an operating system kernel mode; and selectively allowing the attempted communication based at least in part on the determination. |
| 地址 |
Redmond WA US |
