摘要 |
Systems and methods for managing pestware on a protected computer are described. One embodiment is configured to reroute a call to create a process to a kernel-level process monitor, identify a file associated with the process and analyze the file so as to determine whether the file is a pestware file. If the file is a pestware file, then the process is prevented from being created. In variations, the kernel-level process monitor is a kernel-mode driver adapted to communicate with a pestware application residing in a user-level of memory.
|