Invention Grant
US07730530B2 System and method for gathering exhibited behaviors on a .NET executable module in a secure manner
失效
以安全的方式收集.NET可执行模块的行为的系统和方法
- Patent Title: System and method for gathering exhibited behaviors on a .NET executable module in a secure manner
- Patent Title (中): 以安全的方式收集.NET可执行模块的行为的系统和方法
-
Application No.: US10769097Application Date: 2004-01-30
-
Publication No.: US07730530B2Publication Date: 2010-06-01
- Inventor: Daniel M. Bodorin , Adrian M. Marinescu
- Applicant: Daniel M. Bodorin , Adrian M. Marinescu
- Applicant Address: US WA Redmond
- Assignee: Microsoft Corporation
- Current Assignee: Microsoft Corporation
- Current Assignee Address: US WA Redmond
- Agency: Workman Nydegger
- Main IPC: G06F11/00
- IPC: G06F11/00
Abstract:
A system and method for gathering exhibited behaviors of a .NET executable module in a secure manner is presented. In operation, a .NET behavior evaluation module presents a virtual .NET environment to a Microsoft Corporation .NET code module. The .NET behavior evaluation module implements a sufficient number of aspects of an actual Microsoft Corporation .NET environment that a .NET code module can execute. As the .NET code module executes, the .NET behavior evaluation module records some of the exhibited behaviors, i.e., .NET system supplied libraries/subroutines, that are associated with known malware. The recorded behaviors are placed in a behavior signature for an external determination as to whether the .NET code module is malware, i.e., an unwanted computer attack.
Public/Granted literature
- US20050172115A1 System and method for gathering exhibited behaviors of a .NET executable module in a secure manner Public/Granted day:2005-08-04
Information query
