Invention Grant
- Patent Title: Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system
- Patent Title (中): 使用内核模式协助检测和删除正在积极阻止从运行系统中检测和删除的威胁的方法
-
Application No.: US11348854Application Date: 2006-02-06
-
Publication No.: US08239947B1Publication Date: 2012-08-07
- Inventor: Adam Glick , Patrick Gardner , Pieter Viljoen
- Applicant: Adam Glick , Patrick Gardner , Pieter Viljoen
- Applicant Address: US CA Mountain View
- Assignee: Symantec Corporation
- Current Assignee: Symantec Corporation
- Current Assignee Address: US CA Mountain View
- Agency: McKay and Hodgson, LLP
- Agent Serge J. Hodgson; Sean P. Lewis
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
A user mode application component invokes the assistance of a kernel mode driver component to detect and/or remediate malicious code on a computer system. The user mode application may include code that detects, for example, spyware and computer viruses, from user mode and when appropriate takes protective action when malicious code is detected. In one aspect, when the user mode application is unable to perform a selected operation in attempting to detect and/or take protective action, the user mode application invokes a kernel mode driver for assistance. The kernel mode driver assists user mode application in detecting malicious code and/or taking protective action by enabling or otherwise performing a selected operation for the user mode application.
Information query
