摘要 |
In a method for assessing threats within a computer system, hidden processes are detected in the system's memory, with each hidden process being identified as an associated assessment object. A reboot check is performed to identify any registry keys modified during shut down, and each modified registry key is also identified as an associated assessment object. A threat assessment is then performed on each identified assessment object to ascertain a threat level corresponding thereto.
|