CN102542207A - 虚拟机的反恶意软件保护 - Google Patents

虚拟机的反恶意软件保护 Download PDF

Info

Publication number
CN102542207A
CN102542207A CN2011104304337A CN201110430433A CN102542207A CN 102542207 A CN102542207 A CN 102542207A CN 2011104304337 A CN2011104304337 A CN 2011104304337A CN 201110430433 A CN201110430433 A CN 201110430433A CN 102542207 A CN102542207 A CN 102542207A
Authority
CN
China
Prior art keywords
malware
objective
subregion
agency
scan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011104304337A
Other languages
English (en)
Chinese (zh)
Inventor
M·S·雅瑞特
J·J·约翰逊
V·卡珀
A·F·托马斯
E·J·尼斯塔德特
D·S·巴彻尔德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN102542207A publication Critical patent/CN102542207A/zh
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)
  • Multi Processors (AREA)
  • Stored Programmes (AREA)
CN2011104304337A 2010-12-07 2011-12-07 虚拟机的反恶意软件保护 Pending CN102542207A (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/961,854 2010-12-07
US12/961,854 US20120144489A1 (en) 2010-12-07 2010-12-07 Antimalware Protection of Virtual Machines

Publications (1)

Publication Number Publication Date
CN102542207A true CN102542207A (zh) 2012-07-04

Family

ID=46163556

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011104304337A Pending CN102542207A (zh) 2010-12-07 2011-12-07 虚拟机的反恶意软件保护

Country Status (7)

Country Link
US (1) US20120144489A1 (https=)
EP (1) EP2649548B1 (https=)
JP (1) JP2013545208A (https=)
CN (1) CN102542207A (https=)
AU (1) AU2011338482B2 (https=)
CA (1) CA2817245A1 (https=)
WO (1) WO2012078690A1 (https=)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103634366A (zh) * 2012-08-27 2014-03-12 北京千橡网景科技发展有限公司 用于识别网络机器人的方法和设备
CN104798080A (zh) * 2012-11-15 2015-07-22 微软公司 反恶意软件签名的动态选择和加载
CN105844162A (zh) * 2016-04-08 2016-08-10 北京北信源软件股份有限公司 一种虚拟化平台下windows虚拟机漏洞扫描的方法
CN107209684A (zh) * 2015-02-27 2017-09-26 惠普发展公司有限责任合伙企业 有助于对被保护资源的扫描
CN107430647A (zh) * 2015-03-25 2017-12-01 国际商业机器公司 软件定义基础架构内的安全性
CN108399332A (zh) * 2017-02-08 2018-08-14 卡巴斯基实验室股份制公司 在虚拟机中针对恶意性对文件进行分析的系统和方法
CN116150797A (zh) * 2023-04-21 2023-05-23 深圳市科力锐科技有限公司 数据保护方法、系统、设备及存储介质

Families Citing this family (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5852103B2 (ja) * 2011-04-27 2016-02-03 パナソニック インテレクチュアル プロパティ コーポレーション オブアメリカPanasonic Intellectual Property Corporation of America 仮想計算機システム、仮想計算機制御方法、仮想計算機制御プログラム、及び半導体集積回路
US10546118B1 (en) 2011-05-25 2020-01-28 Hewlett-Packard Development Company, L.P. Using a profile to provide selective access to resources in performing file operations
US8819062B2 (en) * 2012-01-03 2014-08-26 Yext, Inc. Providing enhanced business listings with structured lists to multiple search providers from a source system
US9203862B1 (en) * 2012-07-03 2015-12-01 Bromium, Inc. Centralized storage and management of malware manifests
US8984641B2 (en) * 2012-10-10 2015-03-17 Honeywell International Inc. Field device having tamper attempt reporting
US9571507B2 (en) 2012-10-21 2017-02-14 Mcafee, Inc. Providing a virtual security appliance architecture to a virtual cloud infrastructure
WO2014116215A1 (en) * 2013-01-23 2014-07-31 Hewlett-Packard Development Company, L.P. Shared resource contention
US9104455B2 (en) 2013-02-19 2015-08-11 International Business Machines Corporation Virtual machine-to-image affinity on a physical server
US9565202B1 (en) * 2013-03-13 2017-02-07 Fireeye, Inc. System and method for detecting exfiltration content
US9430647B2 (en) * 2013-03-15 2016-08-30 Mcafee, Inc. Peer-aware self-regulation for virtualized environments
KR101901911B1 (ko) 2013-05-21 2018-09-27 삼성전자주식회사 악성 프로그램을 탐지하는 방법 및 장치
US9736179B2 (en) * 2013-09-30 2017-08-15 Fireeye, Inc. System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection
US9065854B2 (en) * 2013-10-28 2015-06-23 Citrix Systems, Inc. Systems and methods for managing a guest virtual machine executing within a virtualized environment
US9258324B2 (en) 2013-11-26 2016-02-09 At&T Intellectual Property I, L.P. Methods, systems, and computer program products for protecting a communication network against internet enabled cyber attacks through use of screen replication from controlled internet access points
US20150304343A1 (en) 2014-04-18 2015-10-22 Intuit Inc. Method and system for providing self-monitoring, self-reporting, and self-repairing virtual assets in a cloud computing environment
US9866581B2 (en) * 2014-06-30 2018-01-09 Intuit Inc. Method and system for secure delivery of information to computing environments
US10757133B2 (en) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
RU2568282C2 (ru) * 2014-04-18 2015-11-20 Закрытое акционерное общество "Лаборатория Касперского" Система и способ обеспечения отказоустойчивости антивирусной защиты, реализуемой в виртуальной среде
RU2580030C2 (ru) 2014-04-18 2016-04-10 Закрытое акционерное общество "Лаборатория Касперского" Система и способ распределения задач антивирусной проверки между виртуальными машинами в виртуальной сети
US11294700B2 (en) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
RU2573789C2 (ru) 2014-04-18 2016-01-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ запуска виртуальной машины
US9009836B1 (en) * 2014-07-17 2015-04-14 Kaspersky Lab Zao Security architecture for virtual machines
US10102082B2 (en) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
EP3259665A4 (en) * 2015-02-20 2018-10-10 Pristine Machine, LLC Method to split data operational function among system layers
US10417031B2 (en) * 2015-03-31 2019-09-17 Fireeye, Inc. Selective virtualization for security threat detection
US10395029B1 (en) 2015-06-30 2019-08-27 Fireeye, Inc. Virtual system and method with threat protection
US11113086B1 (en) 2015-06-30 2021-09-07 Fireeye, Inc. Virtual system and method for securing external network connectivity
US10726127B1 (en) 2015-06-30 2020-07-28 Fireeye, Inc. System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer
US10216927B1 (en) 2015-06-30 2019-02-26 Fireeye, Inc. System and method for protecting memory pages associated with a process using a virtualization layer
US10642753B1 (en) 2015-06-30 2020-05-05 Fireeye, Inc. System and method for protecting a software component running in virtual machine using a virtualization layer
US10033759B1 (en) 2015-09-28 2018-07-24 Fireeye, Inc. System and method of threat detection under hypervisor control
US9977894B2 (en) 2015-11-18 2018-05-22 Red Hat, Inc. Virtual machine malware scanning
CN105631320B (zh) * 2015-12-18 2019-04-19 北京奇虎科技有限公司 虚拟机逃逸的检测方法及装置
US10630643B2 (en) * 2015-12-19 2020-04-21 Bitdefender IPR Management Ltd. Dual memory introspection for securing multiple network endpoints
US12339979B2 (en) 2016-03-07 2025-06-24 Crowdstrike, Inc. Hypervisor-based interception of memory and register accesses
US12248560B2 (en) * 2016-03-07 2025-03-11 Crowdstrike, Inc. Hypervisor-based redirection of system calls and interrupt-based task offloading
US9665714B1 (en) 2016-05-31 2017-05-30 AO Kaspersky Lab System and method of detecting malicious files on virtual machines in a distributed network
US20180173526A1 (en) 2016-12-20 2018-06-21 Invensys Systems, Inc. Application lifecycle management system
EP3361406A1 (en) * 2017-02-08 2018-08-15 AO Kaspersky Lab System and method of analysis of files for maliciousness in a virtual machine
WO2020026228A1 (en) * 2018-08-01 2020-02-06 Vdoo Connected Trust Ltd. Firmware verification
US11385766B2 (en) 2019-01-07 2022-07-12 AppEsteem Corporation Technologies for indicating deceptive and trustworthy resources
IL275098A (en) * 2020-06-03 2022-01-01 Kazuar Advanced Tech Ltd A multi-computing environment with the fewest loopholes
US11930019B2 (en) * 2021-04-21 2024-03-12 Saudi Arabian Oil Company Methods and systems for fast-paced dynamic malware analysis
US11954333B2 (en) * 2021-06-23 2024-04-09 Western Digital Technologies, Inc. Secured firmware with anti-malware
US12079339B2 (en) * 2022-05-12 2024-09-03 Vmware, Inc. In-memory scanning for fileless malware on a host device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060224930A1 (en) * 2005-03-31 2006-10-05 Ibm Corporation Systems and methods for event detection
CN101039177A (zh) * 2007-04-27 2007-09-19 珠海金山软件股份有限公司 一种在线查毒的装置和方法
US20080263658A1 (en) * 2007-04-17 2008-10-23 Microsoft Corporation Using antimalware technologies to perform offline scanning of virtual machine images
US20100169972A1 (en) * 2008-12-31 2010-07-01 Microsoft Corporation Shared repository of malware data

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7409719B2 (en) * 2004-12-21 2008-08-05 Microsoft Corporation Computer security management, such as in a virtual machine or hardened operating system
US8619971B2 (en) * 2005-04-01 2013-12-31 Microsoft Corporation Local secure service partitions for operating system security
US20060224623A1 (en) * 2005-04-02 2006-10-05 Microsoft Corporation Computer status monitoring and support
US20110047618A1 (en) * 2006-10-18 2011-02-24 University Of Virginia Patent Foundation Method, System, and Computer Program Product for Malware Detection, Analysis, and Response
US9354927B2 (en) * 2006-12-21 2016-05-31 Vmware, Inc. Securing virtual machine data
US9098347B2 (en) * 2006-12-21 2015-08-04 Vmware Implementation of virtual machine operations using storage system functionality
US9189265B2 (en) * 2006-12-21 2015-11-17 Vmware, Inc. Storage architecture for virtual machines
US7765374B2 (en) * 2007-01-25 2010-07-27 Microsoft Corporation Protecting operating-system resources
US8380987B2 (en) * 2007-01-25 2013-02-19 Microsoft Corporation Protection agents and privilege modes
US20080320594A1 (en) * 2007-03-19 2008-12-25 Xuxian Jiang Malware Detector
US8601124B2 (en) * 2007-06-25 2013-12-03 Microsoft Corporation Secure publishing of data to DMZ using virtual hard drives
US20090007100A1 (en) * 2007-06-28 2009-01-01 Microsoft Corporation Suspending a Running Operating System to Enable Security Scanning
US7797748B2 (en) * 2007-12-12 2010-09-14 Vmware, Inc. On-access anti-virus mechanism for virtual machine architecture
US8839237B2 (en) 2007-12-31 2014-09-16 Intel Corporation Method and apparatus for tamper resistant communication in a virtualization enabled platform
JP2008152796A (ja) * 2008-01-11 2008-07-03 Nec Corp データ複製システム、およびストレージ内のデータを複製するためのプログラム
JP5446167B2 (ja) 2008-08-13 2014-03-19 富士通株式会社 ウイルス対策方法、コンピュータ、及びプログラム
US8954897B2 (en) * 2008-08-28 2015-02-10 Microsoft Corporation Protecting a virtual guest machine from attacks by an infected host

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060224930A1 (en) * 2005-03-31 2006-10-05 Ibm Corporation Systems and methods for event detection
US20080263658A1 (en) * 2007-04-17 2008-10-23 Microsoft Corporation Using antimalware technologies to perform offline scanning of virtual machine images
CN101039177A (zh) * 2007-04-27 2007-09-19 珠海金山软件股份有限公司 一种在线查毒的装置和方法
US20100169972A1 (en) * 2008-12-31 2010-07-01 Microsoft Corporation Shared repository of malware data

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103634366A (zh) * 2012-08-27 2014-03-12 北京千橡网景科技发展有限公司 用于识别网络机器人的方法和设备
CN104798080A (zh) * 2012-11-15 2015-07-22 微软公司 反恶意软件签名的动态选择和加载
CN104798080B (zh) * 2012-11-15 2018-05-18 微软技术许可有限责任公司 反恶意软件签名的动态选择和加载
CN107209684A (zh) * 2015-02-27 2017-09-26 惠普发展公司有限责任合伙企业 有助于对被保护资源的扫描
CN107209684B (zh) * 2015-02-27 2020-11-20 惠普发展公司有限责任合伙企业 有助于对被保护资源的扫描
CN107430647A (zh) * 2015-03-25 2017-12-01 国际商业机器公司 软件定义基础架构内的安全性
CN105844162A (zh) * 2016-04-08 2016-08-10 北京北信源软件股份有限公司 一种虚拟化平台下windows虚拟机漏洞扫描的方法
CN105844162B (zh) * 2016-04-08 2019-03-29 北京北信源软件股份有限公司 一种虚拟化平台下windows虚拟机漏洞扫描的方法
CN108399332A (zh) * 2017-02-08 2018-08-14 卡巴斯基实验室股份制公司 在虚拟机中针对恶意性对文件进行分析的系统和方法
CN108399332B (zh) * 2017-02-08 2022-03-08 卡巴斯基实验室股份制公司 在虚拟机中针对恶意性对文件进行分析的系统和方法
CN116150797A (zh) * 2023-04-21 2023-05-23 深圳市科力锐科技有限公司 数据保护方法、系统、设备及存储介质

Also Published As

Publication number Publication date
EP2649548B1 (en) 2018-08-08
JP2013545208A (ja) 2013-12-19
EP2649548A4 (en) 2014-07-30
AU2011338482B2 (en) 2016-11-03
US20120144489A1 (en) 2012-06-07
EP2649548A1 (en) 2013-10-16
WO2012078690A1 (en) 2012-06-14
CA2817245A1 (en) 2012-06-14
AU2011338482A1 (en) 2013-05-30

Similar Documents

Publication Publication Date Title
CN102542207A (zh) 虚拟机的反恶意软件保护
US10326765B2 (en) System, method, and software for providing access control enforcement capabilities in cloud computing systems
US9659251B2 (en) Systems and methods of autonomic virtual network management
US20220277075A1 (en) Using orchestrators for false positive detection and root cause analysis
US10489232B1 (en) Data center diagnostic information
US20180368007A1 (en) Security orchestration and network immune system deployment framework
US10686791B1 (en) Secure cloud computing framework
US11558265B1 (en) Telemetry targeted query injection for enhanced debugging in microservices architectures
JP2013545208A5 (https=)
CN106911648B (zh) 一种环境隔离方法及设备
WO2010030439A1 (en) Adaptive configuration management system
CN116305136A (zh) 用于微服务体系结构的来源审核跟踪
Lodygensky et al. XtremWeb & Condor: sharing resources between Internet connected Condor pool
CN101673215A (zh) 一种计算机和虚拟环境中用户管理方法
CN105847237A (zh) 一种基于nfv的安全管理方法和装置
US20240370286A1 (en) Composite and reboot-aware health checking of containerized applications
EP3642713B1 (en) Security orchestration and network immune system deployment framework
CN116248404B (zh) 一种拟态安全系统以及云平台安全运维方法
US10326646B2 (en) Architectural design to enable bidirectional service registration and interaction among clusters
Schmieders et al. Architectural runtime models for privacy checks of cloud applications
US12373253B2 (en) Distributed medical software platform
Wang et al. Sensitive data protection based on intrusion tolerance in cloud computing
Rodrigues An adaptive robotics middleware for a cloud-based bridgeOS
Rao Cloud-Native System Engineering for High Availability and Performance
Ardagna et al. Data Pipelines Assessment: The Role of Data Engine Deployment Models

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150727

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20150727

Address after: Washington State

Applicant after: Micro soft technique license Co., Ltd

Address before: Washington State

Applicant before: Microsoft Corp.

RJ01 Rejection of invention patent application after publication

Application publication date: 20120704

RJ01 Rejection of invention patent application after publication