| 摘要 |
<p>Disclosed are systems and methods for protecting a computer from activities of malicious objects. The method comprises: monitoring events of execution of one or more processes on the computer; identifying auditable events among the monitored events, including events of creation, alteration or deletion of files, events of alteration of system registry, and events of network access by processes executed on the computer; recording the identified auditable events in separate file, registry and network event logs; performing a malware check of one or more software objects on the computer; if an object is determined to be malicious, identifying from the file, registry and network event logs the events associated with the malicious object; performing rollback of file events associated with the malicious object; performing rollback of registry events associated with the malicious object; terminating network connections associated with the malicious object.</p> |
