CN102902913A - Preservation method for preventing software in computer from being damaged maliciously - Google Patents
Preservation method for preventing software in computer from being damaged maliciously Download PDFInfo
- Publication number
- CN102902913A CN102902913A CN201210349015XA CN201210349015A CN102902913A CN 102902913 A CN102902913 A CN 102902913A CN 201210349015X A CN201210349015X A CN 201210349015XA CN 201210349015 A CN201210349015 A CN 201210349015A CN 102902913 A CN102902913 A CN 102902913A
- Authority
- CN
- China
- Prior art keywords
- computing machine
- software
- relevant information
- damage
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a preservation method for preventing software in a computer from being damaged maliciously. The method at least comprises the steps of 1) extracting relevant information of at least one software in the computer, wherein the software comprises a first process which operates in the computer, procedures which are installed in the computer and folders/files which are stored in the computer; 2) determining at least one relevant information from all relevant information, and enabling the corresponding software of the determined relevant information to serve as a preservation object to be preserved; and 3) starting at least one second process which monitors the preservation object, so that a user is prevented from operating the preservation object maliciously. Thus, the user is effectively prevented from damaging the key software maliciously.
Description
Technical field
The present invention relates to a kind of defence method of computing machine, particularly relate to a kind of security method that prevents the software in the malicious sabotage computing machine.
Background technology
In today that network prevails, the security of data more and more receives the concern of enterprise.At present, the mode that improves data security mainly is that monitoring or encryption software are installed in computing machine, to provide corresponding data based on user's authority as the user.Yet in the enterprise that uses monitoring or encryption software, part employee can have the psychology of repulsion, and destroy the operation of this software by the whole bag of tricks owing to a variety of causes to this software, even the system of directly reforming, and thoroughly avoids data monitored with this.
In order to address the above problem, adopt the installation of software in each computing machine of remote-control and the privately destruction that the user is avoided in unloading during present way commonly used.But this kind mode has only been protected the installation of software and unloading, and is helpless to other destruction operations of user, so that the monitoring of the units up to ten thousand of enterprise procurement or encryption software do not play any effect, similarly is chicken ribs.
Therefore, need to improve the existing method of the software in the malicious sabotage computing machine that prevents, so that the software in the omnibearing protection calculation machine, special so that monitoring or encryption software can normally move.
Summary of the invention
The shortcoming of prior art the object of the present invention is to provide a kind of security method that prevents the software in the malicious sabotage computing machine in view of the above, destroys the problem of software for solving prior art user's malicious operation.
Reach for achieving the above object other relevant purposes, the invention provides a kind of security method that prevents the software in the malicious sabotage computing machine, it comprises at least: the relevant information of 1) extracting at least one software in the computing machine, wherein, described software comprises following a kind of at least: operate in the first process in the described computing machine, be installed in the program of described computing machine or be stored in file/file in the described computing machine; 2) from each described relevant information, determine at least one relevant information, and with the corresponding software of determined relevant information as the object of saving from damage that will save from damage; 3) open and to save at least one second process that object is monitored from damage to described, to prevent the user the described object of saving from damage is carried out malicious operation.
Preferably, described relevant information comprises following a kind of at least: the folder information/fileinfo of the progress information of described the first process, the registry information of described program or described file/file.
Preferably, it is characterized in that, described step 1) also comprises: each described relevant information of extracting is sent to the network equipment.
Preferably, described step 2) also comprise: from each described relevant information, determine at least one relevant information by the described network equipment, and the definite relevant information of institute is back to described computing machine; And by described computing machine with the corresponding software of determined relevant information as the object of saving from damage that will save from damage.
Preferably, described step 3) also comprises: described the second process is a plurality of, and each other monitoring between described the second process, and when monitoring wherein at least one described second process end, other described second processes restart described second process of this end.
Preferably, described step 3) also comprises: when in the end described second process receives END instruction, forbid that described user operates described computing machine.
Preferably, forbid that the mode that described user operates described computing machine comprises following a kind of at least: make described computing machine blue screen, described computing machine is restarted.
Preferably, described step 3) also comprises: monitor described user to described operation of saving object from damage by described the second process based on the described corresponding rule of saving from damage of type of saving object from damage, and stop this malicious operation when having monitored malicious operation.
Preferably, described step 3) also comprises: the operation of the file of described computing machine being stored by the described user of described the second process monitoring, forbid that at least a file with default file suffix is performed.
As mentioned above, the security method that prevents the software in the malicious sabotage computing machine of the present invention, has following beneficial effect: by extracting the relevant information of all kinds of softwares in the described computing machine, and choose wherein the corresponding software of at least one described relevant information and save from damage, can effectively defend the user to the malicious sabotage of critical software; In addition, each second process that is used for monitoring is monitored each other, when at least one prime number second process is moved to end, other second processes can restart described the second process that is moved to end, and can prevent effectively that so FEFO is saved described second process of this critical software from damage to the user for the malicious operation critical software; Also have, finish simultaneously all situations of described the second process for the user, last described second process is when receiving END instruction, and described the second process is forbidden user's every operation, to avoid the user to the malicious sabotage of critical software; In addition, described the second process is also defendd the execution of the file of default suffix, utilizes the Hacker Program of corresponding suffix to destroy critical software in the described computing machine in order to prevent the user.
Description of drawings
Fig. 1 is shown as the process flow diagram that prevents the security method of the software in the malicious sabotage computing machine of the present invention.
Fig. 2 is shown as the process flow diagram of a kind of preferred implementation of the security method that prevents the software in the malicious sabotage computing machine of the present invention.
The element numbers explanation
S1 ~ S3, S21 ~ S23 step
Embodiment
Below by specific instantiation explanation embodiments of the present invention, those skilled in the art can understand other advantages of the present invention and effect easily by the disclosed content of this instructions.The present invention can also be implemented or be used by other different embodiment, and the every details in this instructions also can be based on different viewpoints and application, carries out various modifications or change under the spirit of the present invention not deviating from.
Fig. 1 is shown as a kind of process flow diagram that prevents the security method of the software in the malicious sabotage computing machine of the present invention.Wherein, described security method is mainly carried out by safety system, and described safety system is the application module that is installed in the computing machine.This computing machine is a kind ofly can carry out automatically, at high speed the modernized intelligent electronic device of massive values computation and various information processings according to the program of prior storage, and its hardware includes but not limited to microprocessor, FPGA, DSP, embedded device etc.
In step S1, described safety system extracts the relevant information of at least one software in the described computing machine.Wherein, described software comprises any program, script or configuration file etc. that can operate in the described computing machine, and it includes but not limited to: operate in the first process in the described computing machine, be installed in described computing machine program, be stored at least a in file in the described computing machine or the file.Wherein, described the first process comprises process that process, operating system that the program moved opens are required etc.Described relevant information comprises any information that can reflect described software, and it includes but not limited to: the progress information of described the first process, be installed in described computing machine program registry information or be stored in the folder information/fileinfo of the file/file in the described computing machine.
Particularly, described step S1 comprises step S11. at least
In step S11, described safety system extracts the progress information that operates at least one described the first process in the described computing machine in the described computing machine.Wherein, described progress information includes but not limited to: the process name of described the first process, handle count, Thread Count etc.
For example, described safety system travels through all first processes in the task manager of described computing machine, and obtains the progress information of current each described the first process from described task manager.
And for example, the progress information that comprises appointed information in all first processes in the described safety system search task management device.
Preferably, described step S1 also comprises: step S12.
In step S12, described safety system also extracts the registry information of at least one program in the computing machine.Wherein, described registry information includes but not limited to: the title of described program, the type of described program, the corresponding numerical value of described type etc.
For example, described safety system travels through the program listing of the registration table of described computing machine, and obtains whole registry information of each program in the described program listing.
And for example, described safety system is based on the registry information of all programs in the default conditional search registration table.
More preferably, described step S1 also comprises: step S13.
In step S13, at least one file of storing in the hard disk of described safety system extraction computing machine or folder information or the fileinfo of file.Wherein, described folder information includes but not limited to Folder Name, and described fileinfo includes but not limited to file name, filename suffix etc.
For example, described safety system scans the file of storing in each hard disk of described computing machine, and the fileinfo of obtaining the folder information of each file and being stored in the file in the described file.
And for example, described safety system is searched for the file in each hard disk of described computing machine, to obtain qualified folder information or fileinfo based on default condition.
Need to prove, it should be appreciated by those skilled in the art that above-mentioned steps S11, S12 and S13 are not certain continuously execution, can carry out simultaneously yet, described step S11, S12 and S13 are not Exactly-once yet, can repeat.
In step S2, described safety system is determined at least one relevant information from each described relevant information, and with the corresponding software of determined relevant information as the object of saving from damage that will save from damage.
Particularly, described safety system mates each described relevant information of extracting by default rule, determine at least one relevant information that the match is successful.
For example, described safety system mates the process name in each the described progress information that extracts and the process name of presetting, to obtain comprising corresponding first process of progress information of described process name as the object of saving from damage that will save from damage.
Preferably, as shown in Figure 2, described step S2 comprises step S21, step S22 and step S23.
In step S21, described safety system is sent to the network equipment with each described relevant information of extracting.Wherein, the described network equipment is can be with described compunication, and can deal with data or the electronic equipment of information, and it includes but not limited to: embedded system, the network equipment etc.
In step S22, the described network equipment is determined at least one relevant information from each described relevant information, and the definite relevant information of institute is back to described computing machine.
Need to prove, those skilled in the art should understand that, the mode of the described network equipment definite at least one relevant information from each described relevant information and aforementioned described safety system determine that from each described relevant information the mode of at least one relevant information is same or similar, are not described in detail in this.
In step S23, described safety system with the corresponding software of determined relevant information as the object of saving from damage that will save from damage.
For example, described safety system is sent to the described network equipment with progress information a1, a2, the a3 that extracts, the described network equipment extracts corresponding process title from each progress information, and default process title and each process title of extracting mated, progress information a1, a2 that the process title of choosing can be mated, and selected progress information a1, a2 returned to described safety system, save each self-corresponding first process of progress information a1, a2 from damage for described safety system.
Need to prove, those skilled in the art should understand that, the above-mentioned network equipment determines that the mode of the relevant information of software only is for example, in fact, and the registry information of all right determine procedures of the described network equipment and/or the folder information/fileinfo of file/file.
Also need to prove, those skilled in the art should understand that, the mode of the registry information of described network equipment determine procedures and/or the folder information/fileinfo of file/file and aforementioned network equipment determine that the mode of progress information of described the first process is same or similar, are not described in detail in this.
In step S3, described safety system is opened and is saved at least one second process that object is monitored from damage to described, to prevent the user the described object of saving from damage is carried out malicious operation.Wherein, described the second process can be one, also can be a plurality of.
Particularly, described safety system is opened corresponding the second process based on described kind of saving object from damage, and save the described user of rule monitoring from damage to described operation of saving object from damage by described the second process based on each described type is corresponding, and when having monitored malicious operation, stop this malicious operation.
Wherein, the corresponding rule of saving from damage of each described type includes but not limited to: forbid deleting and describedly save object from damage, forbid revising the described object etc. of saving from damage.
For example, the determined object of saving from damage of described safety system comprises: the first process b1, program b2, file b3 under the C dish, then described safety system is based on the default rule that first process of saving from damage is deleted of forbidding, open the second process B1 of described the first process b1 of monitoring, and by the operation of the second process B1 supervisory user to task manager, when the user chooses the first process b1 in the described task manager, and when clicking end process button, described the second process B1 monitors this operation, and determine that this is operating as malicious operation, then intercept and capture this operation, make this operation invalid, in order to forbid finishing the first process b1; Described safety system is based on the default rule of forbidding revising, deleting the program of saving from damage, open the second process B2 of the described program b2 of monitoring, and by the operation of the second process B2 supervisory user to the corresponding registry information of program b2, when the user revises numerical value in the registry information of described program b2, then described the second process B2 monitors this operation, and determines that this is operating as malicious operation, then intercepts and captures this operation, make this operation invalid, be modified in order to forbid the registry information of described program b2; The file saved from damage or the rule of file are deleted, revised to described safety system based on default forbidding, open the second process B3 of described each fdisk of computing machine of monitoring, and by the operation of the second process B31 supervisory user to the file b3 under the C dish, when user's deletion is positioned at the operation of the file b3 ' under the file b3, described the second process B3 monitors this operation, and determines that this is operating as malicious operation, then intercepts and captures this operation, make this operation invalid, in order to forbid deleting described file b3 '.
Preferably, described safety system is opened second process, wherein, described the second process is saved the described user of rule monitoring from damage to all described operations of saving object from damage based on the kind of each default described software is corresponding, and stops this malicious operation when having monitored malicious operation.
Need to prove, above-mentioned the second process is saved the described user of rule monitoring from damage to all described operations of saving object from damage based on the kind of each default described software is corresponding, and when monitoring malicious operation, stop the mode of this malicious operation and the corresponding rule of saving from damage of the kind based on each default described software described in the abovementioned steps S3 to monitor described user to all described operations of saving object from damage, and when monitoring malicious operation, stop the mode of this malicious operation same or similar, be not described in detail in this.
As a kind of preferred version, described step S3 also comprises, described the second process that described safety system is opened is a plurality of, and each other monitoring between described the second process, when monitoring wherein at least one described second process end, other described second processes restart described second process of this end.
Need to prove, it should be appreciated by those skilled in the art that between described the second process that the mode of each other monitoring and the first mode of going down town that aforementioned described the second process monitoring is saved from damage are same or similar, be not described in detail in this.
For example, described safety system is opened three the second process c1, c2, c3, and the second process c1 monitors, and the second process c2, the second process c2 monitor the second process c3, the second process c3 monitors the second process c1, then when the second process c2 monitored the second process c3 end, described the second process c2 restarted described the second process c3.
More preferably, when described step S3 also comprises described safety system in the end described second process receives END instruction, forbid that described user operates described computing machine.Wherein, forbid that the mode that described user operates described computing machine includes but not limited to: make described computing machine blue screen, described computing machine is restarted etc.
For example, described safety system is only opened described second process, when described user carries out end operation by task manager to described the second process, described the second process is based on described end operation, restart described computing machine, to prevent after described the second process of the described user's FEFO determined object of saving from damage being carried out malicious operation.
And for example, described safety system has been opened a plurality of described the second processes, when described user carries out end operation by the instruction of forcing to finish to all described second processes, each described second process is searched current task manager when receiving end operation, to determine whether also having other described the second process moving, until last described second process is when receiving END instruction, start the program that makes described computing machine blue screen, to forbid described user described computing machine is carried out any operation.
As another preferred version, described the second process that described safety system is opened is also monitored the operation of the file that described user stores described computing machine, forbids that at least a file with default file suffix is performed.Wherein, the suffix of described default file includes but not limited to: bat, msi, iso, exe etc.
Wherein, the mode of the operation of the described user of described the second process monitoring file that described computing machine is stored includes but not limited to: 1) directly monitor the operation of the file that described user stores described computing machine.2) described the second process determines by all first processes of task manager of monitoring described computing machine whether the suffix of the program moved comprises default file suffixes, if comprise, then force to finish this document, if do not comprise, then allow the operation of each described the first process.
In sum, the security method that prevents the software in the malicious sabotage computing machine of the present invention, by extracting the relevant information of all kinds of softwares in the described computing machine, and choose wherein the corresponding software of at least one described relevant information and save from damage, can effectively defend the user to the malicious sabotage of critical software; In addition, each second process that is used for monitoring is monitored each other, when at least one prime number second process is moved to end, other second processes can restart described the second process that is moved to end, and can prevent effectively that so FEFO is saved described second process of this critical software from damage to the user for the malicious operation critical software; Also have, finish simultaneously all situations of described the second process for the user, last described second process is when receiving END instruction, and described the second process is forbidden user's every operation, to avoid the user to the malicious sabotage of critical software; In addition, described the second process is also defendd the execution of the file of default suffix, utilizes the Hacker Program of corresponding suffix to destroy critical software in the described computing machine in order to prevent the user.So the present invention has effectively overcome various shortcoming of the prior art and the tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not is used for restriction the present invention.Any person skilled in the art scholar all can be under spirit of the present invention and category, and above-described embodiment is modified or changed.Therefore, have in the technical field under such as and know that usually the knowledgeable modifies or changes not breaking away from all equivalences of finishing under disclosed spirit and the technological thought, must be contained by claim of the present invention.
Claims (9)
1. a security method that prevents the software in the malicious sabotage computing machine is characterized in that, comprises at least:
1) extract the relevant information of at least one software in the computing machine, wherein, described software comprises following a kind of at least: operate in the first process in the described computing machine, be installed in described computing machine program, be stored in the file/file in the described computing machine;
2) from each described relevant information, determine at least one relevant information, and with the corresponding software of determined relevant information as the object of saving from damage that will save from damage;
3) open and to save at least one second process that object is monitored from damage to described, to prevent the user the described object of saving from damage is carried out malicious operation.
2. the security method that prevents the software in the malicious sabotage computing machine according to claim 1, it is characterized in that, described relevant information comprises following a kind of at least: the folder information/fileinfo of the progress information of described the first process, the registry information of described program or described file/file.
3. the security method that prevents the software in the malicious sabotage computing machine according to claim 1 is characterized in that, described step 1) also comprises: each described relevant information of extracting is sent to the network equipment.
4. the security method that prevents the software in the malicious sabotage computing machine according to claim 3, it is characterized in that, described step 2) also comprises: from each described relevant information, determine at least one relevant information by the described network equipment, and the definite relevant information of institute is back to described computing machine; And by described computing machine with the corresponding software of determined relevant information as the object of saving from damage that will save from damage.
5. the security method that prevents the software in the malicious sabotage computing machine according to claim 1, it is characterized in that, described step 3) also comprises: described the second process is a plurality of, and each other monitoring between described the second process, when monitoring wherein at least one described second process end, other described second processes restart described second process of this end.
6. the security method that prevents the software in the malicious sabotage computing machine according to claim 5 is characterized in that, described step 3) also comprises: when in the end described second process receives END instruction, forbid that described user operates described computing machine.
7. the security method that prevents the software in the malicious sabotage computing machine according to claim 6 is characterized in that, forbids that the mode that described user operates described computing machine comprises following a kind of at least: make described computing machine blue screen, described computing machine is restarted.
8. the security method that prevents the software in the malicious sabotage computing machine according to claim 1, it is characterized in that, described step 3) also comprises: monitor described user to described operation of saving object from damage by described the second process based on the described corresponding rule of saving from damage of kind of saving object from damage, and stop this malicious operation when having monitored malicious operation.
9. the security method that prevents the software in the malicious sabotage computing machine according to claim 1, it is characterized in that, described step 3) also comprises: the operation of the file of described computing machine being stored by the described user of described the second process monitoring, forbid that at least a file with default file suffix is performed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210349015.XA CN102902913B (en) | 2012-09-19 | 2012-09-19 | Prevent the security method of software in malicious sabotage computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210349015.XA CN102902913B (en) | 2012-09-19 | 2012-09-19 | Prevent the security method of software in malicious sabotage computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102902913A true CN102902913A (en) | 2013-01-30 |
| CN102902913B CN102902913B (en) | 2016-08-03 |
Family
ID=47575140
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210349015.XA Expired - Fee Related CN102902913B (en) | 2012-09-19 | 2012-09-19 | Prevent the security method of software in malicious sabotage computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102902913B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106096391A (en) * | 2016-06-02 | 2016-11-09 | 北京金山安全软件有限公司 | Process control method and user terminal |
| CN106203107A (en) * | 2016-06-29 | 2016-12-07 | 北京金山安全软件有限公司 | Method and device for preventing system menu from being maliciously modified and electronic equipment |
| CN108268771A (en) * | 2014-09-30 | 2018-07-10 | 瞻博网络公司 | The malicious objects that Behavior-based control increment identifier is hidden |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090077664A1 (en) * | 2006-04-27 | 2009-03-19 | Stephen Dao Hui Hsu | Methods for combating malicious software |
| CN101895540A (en) * | 2010-07-12 | 2010-11-24 | 中兴通讯股份有限公司 | Daemon system and method for application service |
| CN101894243A (en) * | 2010-06-24 | 2010-11-24 | 北京安天电子设备有限公司 | Immunization method of malicious plugins aiming at network browser |
| CN102222183A (en) * | 2011-04-28 | 2011-10-19 | 奇智软件(北京)有限公司 | Mobile terminal software package safety detection method and system thereof |
| CN102629310A (en) * | 2012-02-29 | 2012-08-08 | 卡巴斯基实验室封闭式股份公司 | System and method for protecting computer system from being infringed by activities of malicious objects |
-
2012
- 2012-09-19 CN CN201210349015.XA patent/CN102902913B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090077664A1 (en) * | 2006-04-27 | 2009-03-19 | Stephen Dao Hui Hsu | Methods for combating malicious software |
| CN101894243A (en) * | 2010-06-24 | 2010-11-24 | 北京安天电子设备有限公司 | Immunization method of malicious plugins aiming at network browser |
| CN101895540A (en) * | 2010-07-12 | 2010-11-24 | 中兴通讯股份有限公司 | Daemon system and method for application service |
| CN102222183A (en) * | 2011-04-28 | 2011-10-19 | 奇智软件(北京)有限公司 | Mobile terminal software package safety detection method and system thereof |
| CN102629310A (en) * | 2012-02-29 | 2012-08-08 | 卡巴斯基实验室封闭式股份公司 | System and method for protecting computer system from being infringed by activities of malicious objects |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108268771A (en) * | 2014-09-30 | 2018-07-10 | 瞻博网络公司 | The malicious objects that Behavior-based control increment identifier is hidden |
| CN108268771B (en) * | 2014-09-30 | 2024-03-08 | 瞻博网络公司 | Apparatus and method for indicating malicious object and non-transitory computer readable medium |
| CN106096391A (en) * | 2016-06-02 | 2016-11-09 | 北京金山安全软件有限公司 | Process control method and user terminal |
| CN106096391B (en) * | 2016-06-02 | 2019-05-03 | 珠海豹趣科技有限公司 | A kind of course control method and user terminal |
| CN106203107A (en) * | 2016-06-29 | 2016-12-07 | 北京金山安全软件有限公司 | Method and device for preventing system menu from being maliciously modified and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102902913B (en) | 2016-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7665139B1 (en) | Method and apparatus to detect and prevent malicious changes to tokens | |
| CN104239786B (en) | Exempt from ROOT Initiative Defenses collocation method and device | |
| RU2723665C1 (en) | Dynamic reputation indicator for optimization of computer security operations | |
| CN103020524A (en) | Computer virus monitoring system | |
| US10162653B2 (en) | Capturing components of an application using a sandboxed environment | |
| CN102567659B (en) | File security active protection method based on double-drive linkage | |
| CN102208004B (en) | Method for controlling software behavior based on least privilege principle | |
| CN109815700B (en) | Application program processing method and device, storage medium and computer equipment | |
| CN109800571B (en) | Event processing method and device, storage medium and electronic device | |
| JP2010146457A (en) | Information processing system and program | |
| KR101369251B1 (en) | Apparatus, method, terminal and system for recovery protection of system files | |
| CN103049695A (en) | Computer virus monitoring method and device | |
| CN111651754A (en) | Intrusion detection method and device, storage medium and electronic device | |
| CN104660606A (en) | Method for remotely monitoring safety of application program | |
| CN103428212A (en) | Malicious code detection and defense method | |
| RU2645265C2 (en) | System and method of blocking elements of application interface | |
| KR101974989B1 (en) | Method and apparatus for determining behavior information corresponding to a dangerous file | |
| US8978150B1 (en) | Data recovery service with automated identification and response to compromised user credentials | |
| CN102902913A (en) | Preservation method for preventing software in computer from being damaged maliciously | |
| CN106682493B (en) | A kind of method, apparatus for preventing process from maliciously being terminated and electronic equipment | |
| US20170357492A1 (en) | Capturing and deploying applications using maximal and minimal sets | |
| US20220358226A1 (en) | Network edge storage apparatus having security feature | |
| US8578495B2 (en) | System and method for analyzing packed files | |
| CN115086081B (en) | Escape prevention method and system for honeypots | |
| US20150326583A1 (en) | Mobile device, program, and control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160803 Termination date: 20190919 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |