Invention Grant
- Patent Title: System and method of performing an antivirus scan of a file on a virtual machine
-
Application No.: US15168794Application Date: 2016-05-31
-
Publication No.: US09679139B1Publication Date: 2017-06-13
- Inventor: Alexey V. Monastyrsky , Vitaly V. Butuzov , Maxim Y. Golovkin , Dmitry V. Karasovsky , Vladislav V. Pintiysky , Denis Y. Kobychev
- Applicant: AO Kaspersky Lab
- Applicant Address: RU Moscow
- Assignee: AO Kaspersky Lab
- Current Assignee: AO Kaspersky Lab
- Current Assignee Address: RU Moscow
- Agency: Arent Fox LLP
- Agent Michael Fainberg
- Priority: RU2016109928 20160318
- Main IPC: G06F21/56
- IPC: G06F21/56 ; G06F17/30 ; G06F9/455
Abstract:
A method and system are provided for performing an antivirus scan of a file on a virtual machine. An example method includes performing a first execution of the file on the virtual machine, recording a first log that includes an API function call and an internal event detected during execution, and determining if any signatures in the log are stored in a signatures database. Moreover, if no signatures in the first log are found in the first database of signatures, the file is classified as not malicious. In contrast, if at least one signature is found, a second execution of the file is perform and a second log is recorded that includes a detected internal event. Moreover, the method includes determining if any signatures in the second log are stored in a second database of signatures; and classifying the file as not malicious if no signatures are found.
Information query
