摘要 |
<p>In a computer system, a method for detecting a suspected malware behavior, according to which a plurality of activities on a computer system that were conducted within a given time frame are monitored during the installation of a suspected file. The monitored activities are recorded and the monitored/recorded activities are compared with patterns of malware behavior, stored in a database. Upon detecting a suspicious program, the recorded monitored activities are provided for further analysis to be performed by appropriate software removal tools.</p> |