CN105426753A - Method, device and system for detecting installed software in agentless guest virtual machine - Google Patents

Method, device and system for detecting installed software in agentless guest virtual machine Download PDF

Info

Publication number
CN105426753A
CN105426753A CN201510795822.8A CN201510795822A CN105426753A CN 105426753 A CN105426753 A CN 105426753A CN 201510795822 A CN201510795822 A CN 201510795822A CN 105426753 A CN105426753 A CN 105426753A
Authority
CN
China
Prior art keywords
virtual machine
guest virtual
software
user
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510795822.8A
Other languages
Chinese (zh)
Other versions
CN105426753B (en
Inventor
何伟
张诵
赵亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing VRV Software Corp Ltd
Original Assignee
Beijing VRV Software Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing VRV Software Corp Ltd filed Critical Beijing VRV Software Corp Ltd
Priority to CN201510795822.8A priority Critical patent/CN105426753B/en
Publication of CN105426753A publication Critical patent/CN105426753A/en
Application granted granted Critical
Publication of CN105426753B publication Critical patent/CN105426753B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a method, a device and a system for detecting installed software in an agentless guest virtual machine. The method comprises the following steps: mounting an operating system mirror image file of the agentless guest virtual machine to be detected in a pre-established Linux virtual machine, and mapping the operating system mirror image file into a virtual disk in an operating system of the Linux virtual machine; obtaining a system registry file in the virtual disk; analyzing the system registry file to obtain the information of software installed under the system in the guest virtual machine; obtaining a user registry file in the virtual disk; and analyzing the user registry file to obtain the information of the software installed under the user in the guest virtual machine. The method can be used for avoiding the interference generated by the self protection mechanism of the detected software, human factors of the user and the operation state of the detected guest virtual machine system, no agent client is provided in the detected guest virtual machine system, and detailed information of the software installed in the guest virtual machine can be detected comprehensively, accurately and effectively.

Description

Without acting on behalf of guest virtual machine mounting software detection method, Apparatus and system
Technical field
The present invention relates to virtual safety applications technical field, particularly relating to a kind of without acting on behalf of guest virtual machine mounting software detection method, Apparatus and system.
Background technology
At present, in virtualized environment, existing intranet safety system detects software in violation of rules and regulations, is all in guest virtual machine operating system, to install fail-safe software client carry out the software that detection computations machine installs.Under fail-safe software client software and other softwares are all arranged on same platform, be visible to user.
Fail-safe software client software and other softwares are in same environment, may there is following problem: one, user's energy malicious damage intranet security client, causes client normally not run, cannot detect; Two, the hook under Malware, can forbid client software scanning registration table, the operation of the inspection software such as scanning hard disk; Three, Malware can be revised client and run authority, makes client lack of competence access registration table etc.; Four, detected system must be in running status.
Given this, how to avoid the interference of the self-protection of detected software mechanism itself, user's human factor and detected guest virtual machine operating system state, comprehensive, accurate and effective detection is carried out to guest virtual machine mounting software become the current technical issues that need to address.
Summary of the invention
For solving above-mentioned technical matters, the invention provides a kind of without acting on behalf of guest virtual machine mounting software detection method, Apparatus and system, the interference of the self-protection of detected software mechanism itself, user's human factor and detected guest virtual machine operating system state can be avoided, inner without agent client in detected guest virtual machine operating system, the details of comprehensive, accurate and effective detection guest virtual machine institute mounting software.
First aspect, the invention provides a kind of without acting on behalf of guest virtual machine mounting software detection method, comprising:
The operating system image file of guest virtual machine to be detected is mounted in the Linux virtual machine set up in advance, and described operating system image file is mapped as a virtual disk in described Linux VME operating system;
Obtain the system registry list file in described virtual disk;
Described system registry list file is resolved, obtains in described guest virtual machine the software information under the system that is arranged on;
Obtain the user's registry file in described virtual disk;
Described user's registry file is resolved, obtains in described guest virtual machine the software information be arranged under user.
Alternatively, described guest virtual machine is Windows virtual machine.
Alternatively, described described system registry list file to be resolved, obtains in described guest virtual machine the software information under the system that is arranged on, comprising:
Adopt HIVE nido data structure algorithm, described system registry list file is resolved, obtains in described guest virtual machine the software information under the system that is arranged on.
Alternatively, described described user's registry file to be resolved, obtains in described guest virtual machine the software information be arranged under user, comprising:
Adopt HIVE nido data structure algorithm, described user's registry file is resolved, obtain in described guest virtual machine the software information be arranged under user.
Alternatively, be arranged on the software information under user in the described guest virtual machine of described acquisition after, also comprise:
Scan described virtual disk, obtain the application information in described guest virtual machine;
Get rid of the application information that described in described application information, guest virtual machine operating system comprises self;
By the application information after getting rid of and be describedly arranged on the software information under system and the software information under the described user of being arranged on is compared, obtain the "Green" software information in described guest virtual machine.
Second aspect, the invention provides a kind of without acting on behalf of guest virtual machine mounting software pick-up unit, comprising:
Carry module, for being mounted to by the operating system image file of guest virtual machine to be detected in the Linux virtual machine set up in advance, and is mapped as a virtual disk in described Linux VME operating system by described operating system image file;
First acquisition module, for obtaining the system registry list file in described virtual disk;
First parsing module, for resolving described system registry list file, obtains in described guest virtual machine the software information under the system that is arranged on;
Second acquisition module, for obtaining the user's registry file in described virtual disk;
Second parsing module, for resolving described user's registry file, obtains in described guest virtual machine the software information be arranged under user.
Alternatively, described guest virtual machine is Windows virtual machine.
Alternatively, described first parsing module, specifically for
Adopt HIVE nido data structure algorithm, described system registry list file is resolved, obtains in described guest virtual machine the software information under the system that is arranged on;
And/or,
Described second parsing module, specifically for
Adopt HIVE nido data structure algorithm, described user's registry file is resolved, obtain in described guest virtual machine the software information be arranged under user.
Alternatively, described device also comprises:
3rd acquisition module, for scanning described virtual disk, obtains the application information in described guest virtual machine;
Get rid of module, for getting rid of the application information that described in described application information, guest virtual machine operating system comprises self;
Comparing module, for by the application information after getting rid of and be describedly arranged on the software information under system and the software information under the described user of being arranged on is compared, obtains the "Green" software information in described guest virtual machine.
The third aspect, the invention provides a kind of without acting on behalf of guest virtual machine mounting software detection system, comprising: the Linux virtual machine set up on same virtual platform and at least one guest virtual machine;
Described Linux virtual machine, comprising: above-mentioned nothing acts on behalf of guest virtual machine mounting software pick-up unit.
As shown from the above technical solution, nothing of the present invention acts on behalf of guest virtual machine mounting software detection method, Apparatus and system, the interference of the self-protection of detected software mechanism itself, user's human factor and detected guest virtual machine operating system state can be avoided, inner without agent client in detected guest virtual machine operating system, the details of comprehensive, accurate and effective detection guest virtual machine institute mounting software.
Accompanying drawing explanation
Fig. 1 acts on behalf of the schematic flow sheet of guest virtual machine mounting software detection method for a kind of nothing that one embodiment of the invention provides;
Fig. 2 acts on behalf of the structural representation of guest virtual machine mounting software pick-up unit for a kind of nothing that one embodiment of the invention provides;
Fig. 3 acts on behalf of the structural representation of guest virtual machine mounting software detection system for a kind of nothing that one embodiment of the invention provides;
Fig. 4 is guest virtual machine when being Windows virtual machine shown in Fig. 3 without the structural representation acting on behalf of guest virtual machine mounting software detection system.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, clear, complete description is carried out to the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Fig. 1 show that one embodiment of the invention provides without the schematic flow sheet acting on behalf of guest virtual machine mounting software detection method, as shown in Figure 1, the present embodiment without acting on behalf of guest virtual machine, mounting software detection method is as described below.
101, the operating system image file of guest virtual machine to be detected is mounted in the Linux virtual machine set up in advance, and described operating system image file is mapped as a virtual disk in described Linux VME operating system.
102, the system registry list file in described virtual disk is obtained.
103, described system registry list file is resolved, obtain in described guest virtual machine the software information under the system that is arranged on.
In a particular application, in described step 103, HIVE nido data structure algorithm can be adopted, described system registry list file is resolved, obtain in described guest virtual machine the software information under the system that is arranged on.
Will be understood that, this HIVE nido data structure algorithm those skilled in the art can oneself realize, and also can use existing algorithm to realize.
104, the user's registry file in described virtual disk is obtained.
105, described user's registry file is resolved, obtain in described guest virtual machine the software information be arranged under user.
For example, the software information be arranged on described under user can comprise: the information such as digital signature, Google Chrome browser.
In a particular application, in described step 105, HIVE nido data structure algorithm can be adopted, described user's registry file is resolved, obtain in described guest virtual machine the software information be arranged under user.
Will be understood that, this HIVE nido data structure algorithm those skilled in the art can oneself realize, and also can use existing algorithm to realize.
In a particular application, method described in the present embodiment, can also comprise not shown step 106-108:
106, scan described virtual disk, obtain the application information in described guest virtual machine.
107, the application information that described in described application information, guest virtual machine operating system comprises self is got rid of.
108, by the application information after getting rid of and be describedly arranged on the software information under system and the software information under the described user of being arranged on is compared, the "Green" software information in described guest virtual machine is obtained.
In a particular application, guest virtual machine described in the present embodiment can be Windows virtual machine, but the present embodiment is not limited, and described guest virtual machine also can be other operating system virtual machines.
The nothing of the present embodiment acts on behalf of guest virtual machine mounting software detection method, virtual platform is built a Linux virtual machine, by detected Windows virtual machine carry on Linux virtual machine, all detection operations are all complete in Linux, detected system is only equivalent to a mirrored disk, the software to be detected of the inside is in non-operating state, the self-protection mechanism of detected software itself can be avoided, the interference of user's human factor and detected guest virtual machine operating system state, inner without agent client in detected guest virtual machine operating system, comprehensively, accurately, the details of effective detection guest virtual machine institute mounting software.
This method is of value to fast in virtual platform deploy, can be quick, efficiently, accurately, and the software installation situation of the detection virtual system of unaware, and whether virtual machine starts irrelevant; Not be used in detected system and arrange client-side program, in testing process, do not take detected system resource, on user's use procedure without impact; If in cooperation enterprise trusted software list, the violation software that user installs can be gone out by express statistic, save customer resources, protection customer data.
For example, with described guest virtual machine for Windows virtual machine instance is described, wherein, described system registry list file is SOFTWARE file, described user's registry file is NTUSER.DAT, without acting on behalf of guest virtual machine mounting software detection method described in the present embodiment, can comprise:
S1, the operating system image file of guest virtual machine to be detected to be mounted in the Linux virtual machine set up in advance, and described operating system image file to be mapped as a virtual disk in described Linux VME operating system.
S2, in the virtual disk of carry, find Windows system partitioning, will " C: Windows System32 config " catalogue is converted to linux catalogue.
S3, in " config " catalogue, with HIVE nido data structure algorithm by SOFTWARE document analysis out.
S4, in the SOFTWARE file parsed enumerate Registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall;
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall;
The key assignments of UninstallString, SystemComponent and DisplayName is read respectively in the item enumerating out, carry out determining whether software according to the value read out, and add up, the software information under the system that is arranged on can be obtained in described guest virtual machine.
S5, in the virtual disk of carry, find Windows system partitioning, " C: Users { user } " catalogue is converted to linux catalogue.
S6, " { user } " in catalogue, with HIVE nido data structure algorithm by NTUSER.DAT document analysis out.
S7, in the NTUSER.DAT file parsed enumerate Registry key:
HKEY_USERS { user } Software Microsoft Windows CurrentVersion Uninstall
The key assignments of UninstallString, SystemComponent and DisplayName is read respectively in the item enumerating out, carry out determining whether software according to the value read out, and add up, the software information be arranged under user can be obtained in described guest virtual machine.
Alternatively, when described guest virtual machine is Windows virtual machine, without acting on behalf of guest virtual machine mounting software detection method described in the present embodiment, can also comprise:
S8, the described virtual disk of scanning traversal, all last one deck catalogues comprising exe program are found according to suffix, the exe program in described guest virtual machine of obtaining is ((as Windows in nonsystematic catalogue, system32 etc.), acquiescence same file folder is same software);
S9, read the digital signature information of described exe program, get rid of the digital signature of Microsoft;
The inside title of S10, reading residue exe program, compare as the software information be arranged under user obtained in the software information under the system that is arranged on that title and the above-mentioned steps S4 of software obtain and step S7, get rid of mounting software, remaining as "Green" software.
The nothing of the present embodiment acts on behalf of guest virtual machine mounting software detection method, the interference of the self-protection of detected software mechanism itself, user's human factor and detected guest virtual machine operating system state can be avoided, inner without agent client in detected guest virtual machine operating system, the details of comprehensive, accurate and effective detection guest virtual machine institute mounting software.
A kind of nothing that Fig. 2 shows one embodiment of the invention to be provided acts on behalf of the structural representation of guest virtual machine mounting software pick-up unit, as shown in Figure 3, the nothing of the present embodiment acts on behalf of guest virtual machine mounting software pick-up unit, comprising: carry module 21, first acquisition module 22, first parsing module 23, second acquisition module 24 and the second parsing module 25;
Carry module 21, for being mounted to by the operating system image file of guest virtual machine to be detected in the Linux virtual machine set up in advance, and is mapped as a virtual disk in described Linux VME operating system by described operating system image file;
First acquisition module 22, for obtaining the system registry list file in described virtual disk;
First parsing module 23, for resolving described system registry list file, obtains in described guest virtual machine the software information under the system that is arranged on;
Second acquisition module 24, for obtaining the user's registry file in described virtual disk;
Second parsing module 25, for resolving described user's registry file, obtains in described guest virtual machine the software information be arranged under user.
In a particular application, the first parsing module 23 described in the present embodiment, can be specifically for
Adopt HIVE nido data structure algorithm, described system registry list file is resolved, obtains in described guest virtual machine the software information under the system that is arranged on.
In a particular application, the second parsing module 25 described in the present embodiment, can be specifically for
Adopt HIVE nido data structure algorithm, described user's registry file is resolved, obtain in described guest virtual machine the software information be arranged under user.
In a particular application, device described in the present embodiment, can also comprise not shown:
3rd acquisition module, for scanning described virtual disk, obtains the application information in described guest virtual machine;
Get rid of module, for getting rid of the application information that described in described application information, guest virtual machine operating system comprises self;
Comparing module, for by the application information after getting rid of and be describedly arranged on the software information under system and the software information under the described user of being arranged on is compared, obtains the "Green" software information in described guest virtual machine.
In a particular application, guest virtual machine described in the present embodiment can be Windows virtual machine, but the present embodiment is not limited, and described guest virtual machine also can be other operating system virtual machines.
The nothing of the present embodiment acts on behalf of guest virtual machine mounting software pick-up unit, the interference of the self-protection of detected software mechanism itself, user's human factor and detected guest virtual machine operating system state can be avoided, inner without agent client in detected guest virtual machine operating system, the details of comprehensive, accurate and effective detection guest virtual machine institute mounting software.
This device is of value to fast in virtual platform deploy, can be quick, efficiently, accurately, and the software installation situation of the detection virtual system of unaware, and whether virtual machine starts irrelevant; Not be used in detected system and arrange client-side program, in testing process, do not take detected system resource, on user's use procedure without impact; If in cooperation enterprise trusted software list, the violation software that user installs can be gone out by express statistic, save customer resources, protection customer data.
The nothing of the present embodiment acts on behalf of guest virtual machine mounting software pick-up unit, and may be used for the technical scheme performing embodiment of the method shown in earlier figures 1, it realizes principle and technique effect is similar, repeats no more herein.
A kind of nothing that Fig. 3 shows one embodiment of the invention to be provided acts on behalf of the structural representation of guest virtual machine mounting software detection system, as shown in Figure 3, the nothing of the present embodiment acts on behalf of guest virtual machine mounting software detection system, comprising: the Linux virtual machine set up on same virtual platform and at least one guest virtual machine;
Described Linux virtual machine, comprising: described nothing embodiment illustrated in fig. 2 acts on behalf of guest virtual machine mounting software pick-up unit 2.
For example, as shown in Figure 4, the present embodiment can be Windows virtual machine without acting on behalf of the guest virtual machine of guest virtual machine in mounting software pick-up unit 2, but the present embodiment is not limited, and described guest virtual machine also can be other operating system virtual machines.
The nothing of the present embodiment acts on behalf of guest virtual machine mounting software detection system, the interference of the self-protection of detected software mechanism itself, user's human factor and detected guest virtual machine operating system state can be avoided, inner without agent client in detected guest virtual machine operating system, the details of comprehensive, accurate and effective detection guest virtual machine institute mounting software.
Native system is of value to fast in virtual platform deploy, can be quick, efficiently, accurately, and the software installation situation of the detection virtual system of unaware, and whether virtual machine starts irrelevant; Not be used in detected system and arrange client-side program, in testing process, do not take detected system resource, on user's use procedure without impact; If in cooperation enterprise trusted software list, the violation software that user installs can be gone out by express statistic, save customer resources, protection customer data.
" first ", " second " and " the 3rd " etc. are not make regulation to sequencing in embodiments of the present invention, just make difference to title, in embodiments of the present invention, do not make any restriction.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can have been come by the hardware that programmed instruction is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program, when performing, performs the step comprising above-mentioned each embodiment of the method; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.

Claims (10)

1. nothing acts on behalf of a guest virtual machine mounting software detection method, it is characterized in that, comprising:
The operating system image file of guest virtual machine to be detected is mounted in the Linux virtual machine set up in advance, and described operating system image file is mapped as a virtual disk in described Linux VME operating system;
Obtain the system registry list file in described virtual disk;
Described system registry list file is resolved, obtains in described guest virtual machine the software information under the system that is arranged on;
Obtain the user's registry file in described virtual disk;
Described user's registry file is resolved, obtains in described guest virtual machine the software information be arranged under user.
2. method according to claim 1, is characterized in that, described guest virtual machine is Windows virtual machine.
3. method according to claim 1, is characterized in that, describedly resolves described system registry list file, obtains in described guest virtual machine the software information under the system that is arranged on, comprising:
Adopt HIVE nido data structure algorithm, described system registry list file is resolved, obtains in described guest virtual machine the software information under the system that is arranged on.
4. method according to claim 1, is characterized in that, describedly resolves described user's registry file, obtains in described guest virtual machine the software information be arranged under user, comprising:
Adopt HIVE nido data structure algorithm, described user's registry file is resolved, obtain in described guest virtual machine the software information be arranged under user.
5. the method according to any one of claim 1-4, is characterized in that, after being arranged on the software information under user, also comprises in the described guest virtual machine of described acquisition:
Scan described virtual disk, obtain the application information in described guest virtual machine;
Get rid of the application information that described in described application information, guest virtual machine operating system comprises self;
By the application information after getting rid of and be describedly arranged on the software information under system and the software information under the described user of being arranged on is compared, obtain the "Green" software information in described guest virtual machine.
6. nothing acts on behalf of a guest virtual machine mounting software pick-up unit, it is characterized in that, comprising:
Carry module, for being mounted to by the operating system image file of guest virtual machine to be detected in the Linux virtual machine set up in advance, and is mapped as a virtual disk in described Linux VME operating system by described operating system image file;
First acquisition module, for obtaining the system registry list file in described virtual disk;
First parsing module, for resolving described system registry list file, obtains in described guest virtual machine the software information under the system that is arranged on;
Second acquisition module, for obtaining the user's registry file in described virtual disk;
Second parsing module, for resolving described user's registry file, obtains in described guest virtual machine the software information be arranged under user.
7. device according to claim 6, is characterized in that, described guest virtual machine is Windows virtual machine.
8. device according to claim 6, is characterized in that, described first parsing module, specifically for
Adopt HIVE nido data structure algorithm, described system registry list file is resolved, obtains in described guest virtual machine the software information under the system that is arranged on;
And/or,
Described second parsing module, specifically for
Adopt HIVE nido data structure algorithm, described user's registry file is resolved, obtain in described guest virtual machine the software information be arranged under user.
9. the device according to any one of claim 6-8, is characterized in that, also comprises:
3rd acquisition module, for scanning described virtual disk, obtains the application information in described guest virtual machine;
Get rid of module, for getting rid of the application information that described in described application information, guest virtual machine operating system comprises self;
Comparing module, for by the application information after getting rid of and be describedly arranged on the software information under system and the software information under the described user of being arranged on is compared, obtains the "Green" software information in described guest virtual machine.
10. nothing acts on behalf of a guest virtual machine mounting software detection system, it is characterized in that, comprising: the Linux virtual machine set up on same virtual platform and at least one guest virtual machine;
Described Linux virtual machine, comprising: the nothing according to any one of claim 6-9 acts on behalf of guest virtual machine mounting software pick-up unit.
CN201510795822.8A 2015-11-18 2015-11-18 Software detecting method, apparatus and system have been installed without guest virtual machine is acted on behalf of Active CN105426753B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510795822.8A CN105426753B (en) 2015-11-18 2015-11-18 Software detecting method, apparatus and system have been installed without guest virtual machine is acted on behalf of

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510795822.8A CN105426753B (en) 2015-11-18 2015-11-18 Software detecting method, apparatus and system have been installed without guest virtual machine is acted on behalf of

Publications (2)

Publication Number Publication Date
CN105426753A true CN105426753A (en) 2016-03-23
CN105426753B CN105426753B (en) 2019-06-21

Family

ID=55504958

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510795822.8A Active CN105426753B (en) 2015-11-18 2015-11-18 Software detecting method, apparatus and system have been installed without guest virtual machine is acted on behalf of

Country Status (1)

Country Link
CN (1) CN105426753B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112667361A (en) * 2020-12-31 2021-04-16 北京北信源软件股份有限公司 Management method and device based on system virtual machine, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101454765A (en) * 2006-05-22 2009-06-10 微软公司 Updating virtual machine with patch or the like
CN104182257A (en) * 2011-11-22 2014-12-03 华为数字技术(成都)有限公司 Application software installation method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101454765A (en) * 2006-05-22 2009-06-10 微软公司 Updating virtual machine with patch or the like
CN104182257A (en) * 2011-11-22 2014-12-03 华为数字技术(成都)有限公司 Application software installation method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
凤舞科技: "《电脑组装和维护入门与提高(Windows 8版)》", 14 May 2014 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112667361A (en) * 2020-12-31 2021-04-16 北京北信源软件股份有限公司 Management method and device based on system virtual machine, electronic equipment and storage medium
CN112667361B (en) * 2020-12-31 2023-10-17 北京北信源软件股份有限公司 Management method and device based on system virtual machine, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN105426753B (en) 2019-06-21

Similar Documents

Publication Publication Date Title
EP2304560B1 (en) A method and system for improvements in or relating to off-line virtual environments
US9129115B2 (en) System, method, and computer program product for mounting an image of a computer system in a pre-boot environment for validating the computer system
US9779240B2 (en) System and method for hypervisor-based security
US9223966B1 (en) Systems and methods for replicating computing system environments
US7546638B2 (en) Automated identification and clean-up of malicious computer code
US20140259169A1 (en) Virtual machines
US9015814B1 (en) System and methods for detecting harmful files of different formats
US9804948B2 (en) System, method, and computer program product for simulating at least one of a virtual environment and a debugging environment to prevent unwanted code from executing
US8424093B2 (en) System and method for updating antivirus cache
EP2237154A2 (en) Facilitated introspection of virtualized environments
US20170076094A1 (en) System and method for analyzing patch file
US20130179971A1 (en) Virtual Machines
US20090288082A1 (en) System and method for performing designated service image processing functions in a service image warehouse
CN102024113B (en) Method and system for quickly detecting malicious code
US8171272B1 (en) Critical pre-OS driver verification
US8583709B2 (en) Detailed inventory discovery on dormant systems
CN107357908B (en) Method and device for detecting system file of virtual machine
US9330260B1 (en) Detecting auto-start malware by checking its aggressive load point behaviors
US9734330B2 (en) Inspection and recovery method and apparatus for handling virtual machine vulnerability
EP3029564B1 (en) System and method for providing access to original routines of boot drivers
JPWO2019013033A1 (en) Call stack acquisition device, call stack acquisition method, and call stack acquisition program
US8561195B1 (en) Detection of malicious code based on its use of a folder shortcut
US20180341770A1 (en) Anomaly detection method and anomaly detection apparatus
CN105426753A (en) Method, device and system for detecting installed software in agentless guest virtual machine
US9342694B2 (en) Security method and apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant