摘要 |
A system and associated method for monitoring the execution of software on one or more computers by receiving traffic from within the monitored computer(s). The monitoring may take place passively, such that the operation of the monitored computer or computers is completely unaffected by the monitoring. More intensive monitoring, such as maintenance of a shadow copy of the RAM of the monitored computer, may be initiated upon recognition of a pattern in the data received from the monitored computer. The execution of software on the monitored computer may be halted by the monitoring module. The monitoring module may also read from or write to the memories of the monitored computer.
|