摘要 |
A method and system for detecting whether a computer program, sent to a first computer having an operating environment including a plurality of files, includes malware is provided. A second computer lists in a file a plurality of environment details of the operating environment of the first computer. The second computer simulates in the second computer the presence of the plurality of files in the operating environment by exhibiting the plurality of environment details without installing the plurality of files in the second computer. The second computer executes the computer program in the second computer with the simulation and determines whether the computer program attempts to access or utilize the plurality of files in a manner indicative of malware. If not, the second computer records and generates a notification that the computer program is not malware.
|