| 摘要 |
An anomalous process behavior manager uses statistical information concerning running processes to detect and manage process behavioral anomalies. The anomalous process behavior manager collects per process statistical data over time, such as resource allocation statistics and user interaction statistics. Current collected statistical data is analyzed against corresponding historical statistical data to determine whether processes are behaving in expected ways relative to past performance. Appropriate corrective steps are taken when it is determined that a process is behaving anomalously. For example, the process's blocking exclusions can be revoked, the process can be uninstalled, the process and/or the computer can be scanned for malicious code, the user can be alerted and/or relevant information can be shared with other parties. |
