| 摘要 |
PURPOSE: A computer system and a file and action base complex rule written system are provided to collect all action report information generated by the corresponding thread according to the generation of the specific action, to write and distribute an action monitoring rule or a file diagnosis rule using the action report information, and to improve efficiency and speed of a diagnosis. CONSTITUTION: A monitoring rule providing unit (370) provides action monitoring rules including at least one malicious suspicious action to plural computer systems. An information collecting unit (310) collects action report information from the computer systems. A diagnosis rule writing unit (340) checks main action agent files generating at least one malicious suspicious action which are included in the action monitoring rules based on the action report information, and writes file diagnosis rules for diagnosing the main action agent files. [Reference numerals] (310) Information collecting unit; (320) Report information verification unit; (330) White list unit; (340) Diagnosis rule writing unit; (350) Diagnosis rule providing unit; (360) Monitoring rule writing unit; (370) Monitoring rule providing unit |
