CN114036519A - Process management method, device and equipment and readable storage medium - Google Patents

Process management method, device and equipment and readable storage medium Download PDF

Info

Publication number
CN114036519A
CN114036519A CN202111415322.9A CN202111415322A CN114036519A CN 114036519 A CN114036519 A CN 114036519A CN 202111415322 A CN202111415322 A CN 202111415322A CN 114036519 A CN114036519 A CN 114036519A
Authority
CN
China
Prior art keywords
operation behavior
value information
key value
target key
registry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111415322.9A
Other languages
Chinese (zh)
Inventor
王启超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN202111415322.9A priority Critical patent/CN114036519A/en
Publication of CN114036519A publication Critical patent/CN114036519A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a process management method, a device, equipment and a readable storage medium. The method and the device monitor the operation behaviors aiming at the registry based on a system kernel, judge whether the current operation behaviors are used for changing the target key value information of the safety protection process recorded in the registry before the corresponding operation behaviors are executed if the operation behaviors aiming at the registry are monitored, and refuse to execute the current operation behaviors under the condition that the current operation behaviors are determined to be used for changing the target key value information of the safety protection process recorded in the registry, so that the safety protection process is prevented from being deleted or forbidden due to the execution of the current operation behaviors, the normal operation of the safety protection process can be guaranteed, and the system risk can be reduced when the safety protection process is the safety protection process. Accordingly, the process management device, the process management equipment and the readable storage medium provided by the application also have the technical effects.

Description

Process management method, device and equipment and readable storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a process management method, an apparatus, a device, and a readable storage medium.
Background
At present, process services for security protection in a system may be disabled or deleted by a user, so that the process services for security protection lose protection and control capability of the system, and risk of the system is increased.
Therefore, how to avoid disabling or deleting process services for security protection is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, an object of the present application is to provide a process management method, apparatus, device and readable storage medium, so as to prevent process services for security protection from being disabled or deleted. The specific scheme is as follows:
in a first aspect, the present application provides a process management method, applied to a system kernel, including:
if the operation behavior aiming at the registry is monitored, before the operation behavior is executed, the operation behavior is refused to be executed under the condition that the operation behavior is determined to be used for changing the target key value information of the safety protection process recorded in the registry.
Preferably, the monitoring of the operation behavior for the registry comprises:
and monitoring the operation behavior by utilizing a Cm callback framework.
Preferably, the determining that the operation behavior is used for changing target key value information of a security protection process recorded in the registry includes:
judging the operation type of the operation behavior, and judging whether the target key value information belongs to the safety protection process;
and if the operation type of the operation behavior is write operation and/or delete operation and the target key value information belongs to the safety protection process, determining that the operation behavior is used for changing the target key value information.
Preferably, the write operation comprises: a write value operation and/or a key rename operation; the deleting operation comprises: a value delete operation and/or a key delete operation.
Preferably, the determining whether the target key value information belongs to the security protection process includes:
determining a registration path corresponding to the target key value information;
if the registration path is consistent with the registration path of the safety protection process, determining that the target key value information belongs to the safety protection process; otherwise, determining that the target key value information does not belong to the safety protection process.
Preferably, if the operation type of the operation behavior is not a write operation and/or a delete operation, and/or the target key value information does not belong to the security protection process, it is determined that the operation behavior is not used to change the target key value information.
Preferably, the operating action is allowed to be executed in case that the operating action is determined not to be used for changing the target key value information.
In a second aspect, the present application provides a process management apparatus, applied to a system kernel, including:
and the management module is used for refusing to execute the operation behavior under the condition that the operation behavior is determined to be used for changing the target key value information of the safety protection process recorded in the registry before the operation behavior is executed if the operation behavior aiming at the registry is monitored.
In a third aspect, the present application provides an electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the process management method disclosed in the foregoing.
In a fourth aspect, the present application provides a readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the process management method disclosed above.
According to the scheme, the application provides a process management method, which is applied to a system kernel and comprises the following steps: if the operation behavior aiming at the registry is monitored, before the operation behavior is executed, the operation behavior is refused to be executed under the condition that the operation behavior is determined to be used for changing the target key value information of the safety protection process recorded in the registry.
It can be seen that, in the present application, an operation behavior for a registry is monitored based on a system kernel, and if the operation behavior for the registry is monitored, before the corresponding operation behavior is executed, it is determined whether the current operation behavior is used for changing the target key value information of the security protection process recorded in the registry, and under the condition that it is determined that the current operation behavior is used for changing the target key value information of the security protection process recorded in the registry, the current operation behavior is refused to be executed, thereby avoiding that the security protection process is deleted or disabled due to the execution of the current operation behavior, and being capable of ensuring the normal operation of the security protection process. Therefore, the process service for safety protection in the system can be prevented from being forbidden or deleted by the user, the protection and control capability of the safety protection process service on the system is guaranteed, and the system risk is reduced.
Accordingly, the process management device, the process management equipment and the readable storage medium provided by the application also have the technical effects.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a process management method disclosed herein;
FIG. 2 is a detailed flowchart of step S102 in FIG. 1;
FIG. 3 is a schematic diagram of another process management method disclosed herein;
FIG. 4 is a schematic diagram of a process management apparatus disclosed herein;
FIG. 5 is a schematic diagram of an electronic device disclosed herein;
fig. 6 is a schematic view of another electronic device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, process services for security protection in a system may be disabled or deleted by a user, so that the process services for security protection lose protection and control capability of the system, and risk of the system is increased. Therefore, the application provides a process management scheme, which can prevent process services for safety protection from being forbidden or deleted.
Referring to fig. 1, an embodiment of the present application discloses a process management method, applied to a system kernel, including:
s101, monitoring the operation behavior aiming at the registry.
In this embodiment, the operation behavior of the registry is monitored based on the system kernel, and specifically, the Cm callback framework may be used for monitoring. Thus, in one embodiment, monitoring operational behavior with respect to the registry comprises: and monitoring operation behaviors by utilizing the Cm callback framework.
It should be noted that the system kernel has the highest processing right for various resources in the system, so that the embodiment can monitor the corresponding operation behavior no matter whether the operation behavior for the registry is triggered by the application layer or the driver layer.
S102, under the condition that the operation behavior aiming at the registry is monitored and before the operation behavior is executed, judging whether the operation behavior is used for changing target key value information of a safety protection process recorded in the registry; if yes, executing S103; if not, S104 is executed.
It should be noted that, the registry in the system records key value information corresponding to each process service.
In this embodiment, the operation behaviors for the registry are not all rejected, and therefore, it is necessary to determine whether the currently occurring operation behavior for the registry belongs to the operation that the embodiment wants to reject.
Specifically, the embodiment determines whether the current operation behavior is used to change target key value information of a security protection process recorded in a registry; if the current operation behavior is used for changing the target key value information of the safety protection process recorded in the registry, it indicates that the current operation behavior wants to change the operation condition of the safety protection process, that is: indicating that the current operating behavior intends to disable or delete the security protection process. However, such operation may cause the security protection process to lose the protection capability of the system, and increase the risk of the system, which is not allowed, so that the present embodiment refuses to execute the current operation behavior, thereby ensuring the normal operation of the security protection process.
If the current operation behavior is not used for changing the target key value information of the safety protection process recorded in the registry, it indicates that the current operation behavior does not affect the operation condition of the safety protection process, that is: the current operation behavior is indicated to be not to disable or delete the security protection process, so that the security protection process cannot lose the protection capability of the system, and the risk of the system cannot be increased, so that the current operation behavior is executed in the embodiment.
And S103, refusing to execute the operation behavior.
And S104, allowing the operation behavior to be executed.
In this embodiment, an operation behavior for a registry is monitored based on a system kernel, and if the operation behavior for the registry is monitored, before the corresponding operation behavior is executed, it is determined whether the current operation behavior is used for changing the target key value information of the security protection process recorded in the registry, and under the condition that the current operation behavior is determined to be used for changing the target key value information of the security protection process recorded in the registry, the current operation behavior is refused to be executed, so that the security protection process is prevented from being deleted or forbidden due to the execution of the current operation behavior, and the normal operation of the security protection process can be ensured.
Therefore, the embodiment can prevent the process service for safety protection in the system from being forbidden or deleted by the user, ensure the protection and control capability of the safety protection process service on the system, and reduce the risk of the system.
Based on the above embodiments, it should be noted that in order to determine whether an operation behavior is used to change the target key value information of the security protection process recorded in the registry, two conditions need to be defined, first: whether the operation behavior is used for changing certain key value information recorded in the registry or not; secondly, the method comprises the following steps: and whether the key value information changed by the operation behavior belongs to the safety protection process.
Therefore, in a specific embodiment, in a case that an operation behavior for the registry is monitored and before the operation behavior is executed, the determining that the operation behavior is used for changing target key value information of the security protection process recorded in the registry includes:
s201, judging the operation type of the operation behavior, and judging whether the target key value information belongs to a safety protection process.
S202, if the operation type of the operation behavior is write operation and/or delete operation and the target key value information belongs to the safety protection process, determining that the operation behavior is used for changing the target key value information.
S203, if the operation type of the operation behavior is not a write operation and/or a delete operation, and/or the target key value information does not belong to the safety protection process, determining that the operation behavior is not used for changing the target key value information.
In one embodiment, the write operation comprises: a write value operation and/or a key rename operation; the deletion operation includes: a value delete operation and/or a key delete operation.
Wherein, the write value operation is: RegNtPreSetValueKey. The key renaming operation is: RegNtPreRenameKey. The value delete operation is: regntprendeleevaluekey. The key delete operation is: regntpreneletekey.
It should be noted that the two determination steps in S201 may be executed simultaneously or may be executed in no order.
As can be seen from fig. 2, if the operation type of the operation behavior is a write operation and/or a delete operation, and the target key value information belongs to the security protection process, it is determined that the operation behavior is used to change the target key value information. And if the operation type of the operation behavior is not the write operation, and/or the operation type of the operation behavior is not the delete operation, and/or the target key value information does not belong to the safety protection process, determining that the operation behavior is not used for changing the target key value information.
Wherein, judging whether the target key value information belongs to the safety protection process comprises: and determining a registration path corresponding to the target key value information. If the registration path is consistent with the registration path of the safety protection process, determining that the target key value information belongs to the safety protection process; otherwise, determining that the target key value information does not belong to the safety protection process.
Specifically, the registration path of the security protection process may be recorded in advance so as to be compared with the registration path operated by the current operation behavior. The number of the security protection processes can be more than one, and one security protection process corresponds to one key value information and one registration path.
According to the scheme provided by the application, a kernel driver with a process management function can be designed and realized, and the kernel driver is installed on the corresponding equipment, so that the normal operation of the safety protection process on the corresponding equipment can be ensured by utilizing the kernel driver.
Referring to fig. 3, the process of using the kernel driver by the user includes:
1. installing a kernel driver to the target device;
2. and starting and running the kernel driver to monitor the operation behavior aiming at the registry on the equipment, and refusing or fraudulently returning corresponding information when monitoring the operation of forbidding or deleting the security protection process.
The fraudulent return of the corresponding information may be: refusing to execute the corresponding operation, and returning a message that the operation is successfully executed.
In this embodiment, a Cm callback framework is added to the kernel driver to monitor the operation of all the registries.
And the Cm callback function in the Cm callback framework describes a registry key corresponding to the service needing to be protected. The registry key corresponding to the service needing protection is: and key value information corresponding to the safety protection process needing protection.
When the Cm callback function is triggered, there must be an operation behavior for the registry, and at this time, the kernel driver pays attention to and filters the following behaviors:
(1) the write processing operation type-RegNtPresetValueKey of the registry write value;
(2) the pretreatment operation type of the registry deletion value-RegNtPreDeleteValueKey;
(3) the pretreatment operation type-RegNtPreDeleteKey of the registry deletion key;
(4) the pre-processing operation type of the registry renaming key, RegNtPreRenameKey.
If the operation behavior aiming at the registry is one of the above operations, the registry key Handle (HKEY) operated by the current operation behavior is reversely solved into the registration path, and whether the current registration path is the registration path corresponding to the service needing protection or not is continuously judged.
For example: the service name to be protected is DemoSrv, and it needs to determine whether the current registration path is HKEY _ LOCAL _ MACHINE \ SYSTEM \ Control set001\ Control \ DemoSrv.
If the above-mentioned judgments are all true, that is: and if the operation behavior aiming at the registry is used for changing the key value information, and the changed key value information is of the protected process, directly returning to STATUS _ ACCESS _ DENIED so as to directly reject the execution of the operation at the bottom layer of the system and play a role of protecting the registry operation, thereby protecting the service purpose of the corresponding process.
In this embodiment, no matter the Cm callback function is triggered based on a process manager in the system, or the Cm callback function is triggered by security antivirus software such as 360 degrees, the kernel driver in this embodiment can monitor the corresponding behavior, thereby realizing the monitoring and interception of the operation behavior of the registry.
It can be seen that, in the embodiment, the registry key and value corresponding to the service are protected based on the kernel layer Cm callback, so that the change of the registry can be rejected, the security protection process is prevented from being deleted or forbidden due to the execution of the current operation behavior, and the normal operation of the security protection process can be guaranteed.
In the following, a process management device provided in an embodiment of the present application is introduced, and a process management device described below and a process management method described above may be referred to each other.
Referring to fig. 4, an embodiment of the present application discloses a process management apparatus, applied to a system kernel, including:
and the management module is used for refusing to execute the operation behavior under the condition that the operation behavior is determined to be used for changing the target key value information of the safety protection process recorded in the registry before the operation behavior is executed if the operation behavior aiming at the registry is monitored.
In a specific embodiment, the management module is specifically configured to:
and monitoring operation behaviors by utilizing the Cm callback framework.
In a specific embodiment, the management module is specifically configured to:
judging the operation type of the operation behavior, and judging whether the target key value information belongs to a safety protection process;
and if the operation type of the operation behavior is write operation and/or delete operation and the target key value information belongs to the safety protection process, determining that the operation behavior is used for changing the target key value information.
In one embodiment, the write operation comprises: a write value operation and/or a key rename operation; the deletion operation includes: a value delete operation and/or a key delete operation.
In a specific embodiment, the management module is specifically configured to:
determining a registration path corresponding to the target key value information;
if the registration path is consistent with the registration path of the safety protection process, determining that the target key value information belongs to the safety protection process; otherwise, determining that the target key value information does not belong to the safety protection process.
In a specific embodiment, the management module is specifically configured to:
and if the operation type of the operation behavior is not the write operation and/or the delete operation, and/or the target key value information does not belong to the safety protection process, determining that the operation behavior is not used for changing the target key value information.
In a specific embodiment, the management module is specifically configured to:
and in the case that the operation behavior is determined not to be used for changing the target key value information, allowing the operation behavior to be executed.
For more specific working processes of each module and unit in this embodiment, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not described here again.
Therefore, the embodiment provides a process management device, which can prevent the process service for security protection in the system from being disabled or deleted by a user, ensure the protection and control capability of the security protection process service on the system, and reduce the risk of the system.
In the following, an electronic device provided by an embodiment of the present application is introduced, and the electronic device described below and the process management method and apparatus described above may refer to each other.
Referring to fig. 5, an embodiment of the present application discloses an electronic device, including:
a memory 501 for storing a computer program;
a processor 502 for executing the computer program to implement the method disclosed in any of the embodiments above.
Referring to fig. 6, fig. 6 is a schematic diagram of another electronic device provided in this embodiment, which may have a larger difference due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) storing an application 342 or data 344. Memory 332 and storage media 330 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the storage medium 330 to execute a series of instruction operations in the storage medium 330 on the electronic device 301.
The electronic device 301 may also include one or more power sources 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341. Such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
In fig. 6, the application 342 may be a program that performs a process management method, and the data 344 may be data required for or generated by performing the process management method.
The steps in the process management method described above may be implemented by the structure of an electronic device.
In the following, a readable storage medium provided by an embodiment of the present application is introduced, and a readable storage medium described below and a process management method, an apparatus, and a device described above may be referred to each other.
A readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the process management method disclosed in the foregoing embodiments. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
References in this application to "first," "second," "third," "fourth," etc., if any, are intended to distinguish between similar elements and not necessarily to describe a particular order or sequence. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, or apparatus.
It should be noted that the descriptions in this application referring to "first", "second", etc. are for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of readable storage medium known in the art.
The principle and the implementation of the present application are explained herein by applying specific examples, and the above description of the embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A process management method is applied to a system kernel and comprises the following steps:
if the operation behavior aiming at the registry is monitored, before the operation behavior is executed, the operation behavior is refused to be executed under the condition that the operation behavior is determined to be used for changing the target key value information of the safety protection process recorded in the registry.
2. The process management method of claim 1, wherein the monitoring of operational behavior with respect to the registry comprises:
and monitoring the operation behavior by utilizing a Cm callback framework.
3. The method according to claim 1, wherein the determining the operation behavior is used to change target key value information of a security protection process recorded in the registry, and comprises:
judging the operation type of the operation behavior, and judging whether the target key value information belongs to the safety protection process;
and if the operation type of the operation behavior is write operation and/or delete operation and the target key value information belongs to the safety protection process, determining that the operation behavior is used for changing the target key value information.
4. The process management method according to claim 3, wherein the write operation comprises: a write value operation and/or a key rename operation; the deleting operation comprises: a value delete operation and/or a key delete operation.
5. The process management method according to claim 3, wherein the determining whether the destination key information belongs to the security protection process comprises:
determining a registration path corresponding to the target key value information;
if the registration path is consistent with the registration path of the safety protection process, determining that the target key value information belongs to the safety protection process; otherwise, determining that the target key value information does not belong to the safety protection process.
6. The process management method according to claim 3,
and if the operation type of the operation behavior is not write operation and/or deletion operation, and/or the target key value information does not belong to the safety protection process, determining that the operation behavior is not used for changing the target key value information.
7. The process management method according to any one of claims 1 to 6,
and in the case that the operation behavior is determined not to be used for changing the target key value information, allowing the operation behavior to be executed.
8. A process management device applied to a system kernel comprises the following steps:
and the management module is used for refusing to execute the operation behavior under the condition that the operation behavior is determined to be used for changing the target key value information of the safety protection process recorded in the registry before the operation behavior is executed if the operation behavior aiming at the registry is monitored.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the process management method of any of claims 1 to 7.
10. A readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the process management method of any of claims 1 to 7.
CN202111415322.9A 2021-11-25 2021-11-25 Process management method, device and equipment and readable storage medium Pending CN114036519A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111415322.9A CN114036519A (en) 2021-11-25 2021-11-25 Process management method, device and equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111415322.9A CN114036519A (en) 2021-11-25 2021-11-25 Process management method, device and equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN114036519A true CN114036519A (en) 2022-02-11

Family

ID=80138875

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111415322.9A Pending CN114036519A (en) 2021-11-25 2021-11-25 Process management method, device and equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN114036519A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105893847A (en) * 2016-04-22 2016-08-24 北京金山安全软件有限公司 Method and device for protecting safety protection application program file and electronic equipment
CN105930739A (en) * 2016-04-14 2016-09-07 北京金山安全软件有限公司 Method and terminal for preventing file from being deleted

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105930739A (en) * 2016-04-14 2016-09-07 北京金山安全软件有限公司 Method and terminal for preventing file from being deleted
CN105893847A (en) * 2016-04-22 2016-08-24 北京金山安全软件有限公司 Method and device for protecting safety protection application program file and electronic equipment

Similar Documents

Publication Publication Date Title
US8161563B2 (en) Running internet applications with low rights
AU2004218703B2 (en) Security-related programming interface
US8341736B2 (en) Detection and dynamic alteration of execution of potential software threats
US7533413B2 (en) Method and system for processing events
EP3014515B1 (en) Systems and methods for directing application updates
EP3416083B1 (en) System and method of detecting anomalous events
CN102081722A (en) Method and device for protecting appointed application program
CN108334404B (en) Application program running method and device
EP1361496B1 (en) Alteration of executable code module load locations
US9390275B1 (en) System and method for controlling hard drive data change
US9552481B1 (en) Systems and methods for monitoring programs
CN116611066B (en) Lesovirus identification method, device, equipment and storage medium
EP3308274A1 (en) Executing services in containers
CN114036519A (en) Process management method, device and equipment and readable storage medium
EP3535681B1 (en) System and method for detecting and for alerting of exploits in computerized systems
CN111159701B (en) Third-party page loading method and device, electronic equipment and storage medium
CN113783850A (en) Network protection method, device, equipment and machine readable storage medium
CN111158937B (en) Kernel-driven software core file endophytic protection method and device
CN109947673B (en) Memory protection method, protection device and single chip microcomputer
CN113849246B (en) Plug-in identification method, plug-in loading method, computing device and storage medium
JP2007034341A (en) Computer system, program execution environmental implementation used for computer system, and program therefor
CN107247641B (en) Method and device for restoring operating system on line
CN115048643A (en) Data processing method and device, electronic equipment and storage medium
CN116578968A (en) Method and device for providing safety protection for application program in power control system
CN114692157A (en) Method and system for judging malicious execution of shellcode

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination