| 摘要 |
FIELD: information technology. ^ SUBSTANCE: system employs a data processing apparatus designed to process programs found by a program search tool, and connected to an analyst workstation, which includes: apparatus for checking whether programs found by the search tool belong to a black or white list of programs; apparatus for emulating program code not associated with the black or white list; apparatus for tracking events occurring when executing a program during emulation; and an analyst workstation capable of emulating the program code, processing data, furnishing information, receive physiological reactions of the analyst and classify information. ^ EFFECT: detection of malware which cannot be classified by existing standard technologies. ^ 15 cl, 5 dwg |
