CN114816447B - White list-based dynamic deployment software installation method and device, electronic equipment and medium - Google Patents

White list-based dynamic deployment software installation method and device, electronic equipment and medium Download PDF

Info

Publication number
CN114816447B
CN114816447B CN202210227247.1A CN202210227247A CN114816447B CN 114816447 B CN114816447 B CN 114816447B CN 202210227247 A CN202210227247 A CN 202210227247A CN 114816447 B CN114816447 B CN 114816447B
Authority
CN
China
Prior art keywords
installation
file
record
current
release
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210227247.1A
Other languages
Chinese (zh)
Other versions
CN114816447A (en
Inventor
黄勇
吴慧海
袁志勇
谢通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shengborun High Tech Co ltd
Original Assignee
Beijing Shengborun High Tech Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shengborun High Tech Co ltd filed Critical Beijing Shengborun High Tech Co ltd
Priority to CN202210227247.1A priority Critical patent/CN114816447B/en
Publication of CN114816447A publication Critical patent/CN114816447A/en
Application granted granted Critical
Publication of CN114816447B publication Critical patent/CN114816447B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/73Program documentation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5022Mechanisms to release resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Library & Information Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)

Abstract

The application relates to a white list-based dynamic deployment software installation method, a white list-based dynamic deployment software installation device, electronic equipment and a medium, wherein the method comprises the following steps: detecting whether a process execution file path of a current process is stored in a white list or not; if yes, creating an installation process record, wherein the installation process record comprises a process ID of the current process and an installation release file path; if not, searching a parent process ID of the current process from the installation process record; if the parent process ID is found, writing the process ID of the current process and the installation release file path into an installation process record; if the parent process ID is not found, judging whether the execution file of the current process is an installation release file or not; if the release file is installed, judging whether the parent process of the current process is a special trust process or a script interpretation process; if the current process ID and the installation release file path are the special trust process or script interpretation process, the current process ID and the installation release file path are written into the installation process record. The application monitors the software installation process, so that the software is smoothly installed.

Description

White list-based dynamic deployment software installation method and device, electronic equipment and medium
Technical Field
The present application relates to the field of software installation, and in particular, to a method, an apparatus, an electronic device, and a medium for dynamically deploying software installation based on a white list.
Background
In a computer system, users (or IP addresses, IP packets, mails, etc.) provided in a white list system may pass preferentially, and users other than the white list may not pass. During the process of installing software, the installation package releases new executable files or script files, none of the files are in a white list, if the files cannot be normally operated, the installation process is failed, and if all the files are allowed to be operated, other illegal programs may be allowed to be operated.
At present, a method for analyzing an installation package before installation and deployment to obtain key file information and adding the key file information into a white list and then allowing a user to install the installation package exists, but executable files or script files which are not in the white list can be automatically generated in the process of installing software, the positions or names of the files can be changed in the process of installing the software, the files can not be effectively tracked, and then the software installation can be influenced.
In view of the above related art, the inventor considers how to solve the problem of tracking and recording all files generated in the software installation process, so that the software installation process is successfully completed, which is a key problem.
Disclosure of Invention
In order to monitor the software installation process and enable software to be installed smoothly, the application provides a method, a device, electronic equipment and a medium for dynamically deploying software installation based on a white list.
In a first aspect, an embodiment of the present application provides a method for dynamically deploying software installation based on a whitelist, including:
detecting whether a process execution file path of a current process is stored in a white list or not;
if yes, creating an installation process record, wherein the installation process record comprises a process ID of the current process and an installation release file path;
if not, searching a parent process ID of the current process from the installation process record;
if the parent process ID is found, writing the process ID of the current process and the installation release file path into the installation process record;
If the parent process ID is not found, judging whether the execution file of the current process is an installation release file or not;
If the release file is installed, judging whether the parent process of the current process is a special trust process or a script interpretation process;
if the current process ID and the installation release file path are the special trust process or script interpretation process, the current process ID and the installation release file path are written into the installation process record.
By adopting the technical scheme, the white list system in the electronic equipment judges whether the process execution file path of the current process is stored in the white list, if so, an installation process record is created, and the current process ID and the installation release file path generated in the installation process are stored in the installation process record. If the process execution file of the current process is not stored in the white list, the white list system searches the father process ID of the current process in the installation process record, if the father process ID is stored in the installation process record, the current process ID is written into the installation process record, if the father process ID is not found, whether the execution file of the current process is an installation release file is further judged, if yes, whether the father process of the current process is a special trust process or a script interpretation process is judged, and if yes, the current process ID is written into the installation process record. And in the process of installing the software, the white list system records all process IDs and installation release file paths, and judges whether the current process can be added into the white list according to whether process execution files of the processes are stored in the installation process records or the father-son relationship of the processes, and in the process of installing the software, the white list dynamic deployment is completed, so that the software installation process runs smoothly, and illegal programs are prevented from starting the installation release files.
Further, the installation process record includes a plurality of process chains, the process chains include at least one first process chain, and if the parent process ID is found, writing the current process ID and the installation release file path into the installation process record includes:
If the parent process ID is found, the current process ID is written into the parent process ID, and then a first process chain is generated.
By adopting the technical scheme, the first process chain is used for recording the father-son relationship of the process, so that whether the child process is added into the white list or not can be determined conveniently through the father-son relationship of the process, and the installation process can be recorded more completely.
Further, the installation process record includes a first process chain and a second process chain, and if the parent process of the current process is a special trust process or a script interpretation process, writing the current process ID into the installation process record includes:
If the father process of the current process is a special trust process, creating a second process chain in the installation process record, and writing the current process ID into the second process chain;
If the parent process of the current process is a script interpretation process, a third process chain is created in the installation process record, and the current process ID is written into the third process chain.
By adopting the technical scheme, when the father process of the current process is a special trust process, the current process ID is written into the second process chain, when the father process of the current process is a script interpretation process, the current process ID is written into the third process chain, and the white list system respectively sets different process chains according to different types of processes, so that the process ID recording precision is improved.
The installation process records an installer file in exe format and/or msi format and a plurality of process chains, wherein the process chains comprise a fourth process chain, and the method further comprises:
if msiexec the installer loads the msi file to generate a first installation process, creating a fourth process chain, and writing the ID of the first installation process into the fourth process chain;
and if the msiexec installer loads an exe file to generate a second installation process, writing the ID of the second installation process into the fourth process chain.
By adopting the technical scheme, when msiexec installer loads msi file to generate first installation process, writing first installation process ID into fourth process chain, and when msiexec installer loads other exe file to generate second installation process, writing second installation process ID into fourth process chain, monitoring condition of mutually nested operation of exe format and msi format installer file in the process of installer, and recording process ID generated in mutually nested operation.
In another possible implementation, the installation process record includes a release file path record for recording the installation release file path, the method further including:
if a process in any process chain initiates a release file operation to generate an installation release file, writing a file path of the installation release file into a release file path record;
When the installation release file is closed, if the installation release file is a PE file or a script file, writing the PE file or the script file into a white list;
If the file path of the installation release file is determined to be abbreviated as an abbreviated path, writing the file path of the installation release file and the abbreviated path into a release file path record.
By adopting the technical scheme, the white list system monitors the operation of releasing files in the software installation process, writes the installation release file path into the release file path record when the installation release file is generated, and stores PE files and script files when the installation release file is closed; and the abbreviation operation of the installation release file is monitored, the path of the installation release file is recorded in time, the generation, closing and movement of the installation release file in the installation process of the installation software are tracked, the possibility of file loss is reduced, and the software is installed smoothly.
In another possible implementation, the method further includes:
acquiring a file path before and after the installation and release file is moved;
if the installation release file belongs to the release file of any process based on the file path before the installation release file moves, writing the file path after the installation release file moves into a release file path record.
By adopting the technical scheme, the white list system monitors the movement operation of the installation release file, when a new path is generated after the installation release file moves, the white list system writes the file path after the installation release file moves into the release file path record, and the possibility of losing the file due to movement is reduced.
In another possible implementation, the method further includes:
When the installation process finishes running, an installation process ID corresponding to the installation process is cleared from a process chain;
And when all the processes in the process chain are finished running, the installation process record is cleared.
By adopting the technical scheme, the white list system clears the ID of the installation process from the process chain when the installation process is finished, releases the memory in time, clears the temporary files such as the installation process record and the like when all processes in the process chain are finished running, and avoids the problem of difficult system running caused by excessive memory.
In another possible implementation, the method further includes:
If the system needs to be restarted after the installation process is finished, the shutdown time of the system is delayed until the installation release file is completely stored in the database;
If the current process is explorer.exe, not adding the explorer.exe into a white list;
and if the installation process is finished, starting a deployment process, and adding the deployment process into a white list.
By adopting the technical scheme, the white list system delays the shutdown time of the system when restarting the system, reserves time for installing and releasing files and storing the files to the database, reduces the possibility of file loss, ignores the starting of an explorer process, avoids the operation of a user in the software installation process, improves the safety of the software installation process, and adds the deployment process into the white list, so that the software is successfully deployed after the software installation is completed.
In a second aspect, the present application provides a white list-based dynamic deployment software installation apparatus, including:
the detection module is used for detecting whether a process execution file path of the current process is stored in the white list or not;
The system comprises a creation module, a setting module and a setting module, wherein the creation module is used for creating an installation process record when detecting that a process execution file path of a current process is stored in a white list, and the installation process record comprises a process ID of the current process and an installation release file path;
The searching module is used for searching the father process ID of the current process from the installation process record when detecting that the process execution file path of the current process is not stored in the white list;
The first writing module is used for writing the process ID of the current process and the installation release file path into the installation process record if the father process ID is found;
The first judging module is used for judging whether the execution file of the current process is an installation release file or not if the parent process ID is not found;
The second judging module is used for judging whether the father process of the current process is a special trust process or a script interpretation process when the execution file of the current process is an installation release file;
And the second writing module is used for writing the ID of the current process and the installation release file path into the installation process record when judging that the execution file of the current process is a special trust process or a special trust process.
By adopting the technical scheme, in the process of installing software, the software installation device is dynamically deployed based on the white list to record all process IDs and installation release file paths, and meanwhile, whether the current process can be added into the white list is judged according to whether the process execution files of the process are stored in the installation process record or the father-son relationship of the process, and in the process of installing the software, the white list is dynamically deployed, so that the software installation process runs smoothly, and illegal programs are prevented from starting the installation release files.
In another possible implementation manner, the installation process record includes a plurality of process chains, the process chains include at least one first process chain, and the first writing module specifically includes:
If the parent process ID is found, the current process ID is written into the parent process ID, and then a first process chain is generated.
In another possible implementation manner, the installation process record includes a plurality of process chains, the process chains include a second process chain and a third process chain, and the second writing module specifically includes:
If the father process of the current process is a special trust process, creating a second process chain in the installation process record, and writing the current process ID into the second process chain;
If the parent process of the current process is a special trust process, a third process chain is created in the installation process record, and the current process ID is written into the third process chain.
In another possible implementation manner, the installation process record includes an installer file in exe format and/or msi format and a fourth process chain, and the dynamic deployment software installation device based on the white list further includes:
the first installation process ID recording module is used for creating a fourth process chain when msiexec installation programs load msi files to generate a first installation process, and writing the first installation process ID into the fourth process chain;
And the second installation process ID recording module is used for writing the second installation process ID into the fourth process chain when the msiexec installation program loads an exe file to generate a second installation process.
In another possible implementation, the installation process record includes a release file path record for recording the installation release file path, and the dynamic deployment software installation apparatus based on the whitelist further includes:
The first recording module is used for writing a file path of the installation release file into a release file path record if a process in any process chain initiates a release file operation to generate the installation release file;
The second recording module is used for writing the PE file or the script file into a white list if the installation release file is the PE file or the script file when the installation release file is closed;
and the third recording module is used for writing the file path of the release file and the file abbreviated path into a release file path record if the corresponding file abbreviated path is determined based on the file path of the release file.
In another possible implementation manner, the dynamically deploying software installation device based on the white list further includes:
The mobile file path acquisition module is used for acquiring file paths before and after the installation release file is moved;
And the mobile file recording module is used for writing the file path after the installation release file is moved into the release file path record if the installation release file is judged to belong to the release file of any process based on the file path before the installation release file is moved.
In another possible implementation manner, the dynamically deploying software installation device based on the white list further includes:
The first clearing module is used for clearing the installation process ID corresponding to the installation process from a process chain when the installation process is finished running;
and the second clearing module is used for clearing the installation process record when all the processes in the process chain are finished running.
In another possible implementation manner, the dynamically deploying software installation device based on the white list further includes:
The restarting module is used for deferring the shutdown time of the system until the installation release file is completely stored in the database if the system needs to be restarted after the installation process is finished;
The processing module is used for not adding the explorer.exe into the white list if the current process is the explorer.exe;
and the deployment module is used for starting the deployment process if the installation process is finished, and adding the deployment process into the white list.
In a third aspect, the present application provides an electronic device comprising:
At least one processor;
A memory;
At least one application program, wherein the at least one application program is stored in the memory and configured to be executed by the at least one processor, the at least one application program configured to: a whitelist-based dynamic deployment software installation method according to any one of the first aspects is performed.
By adopting the technical scheme, in the process of installing software, the processor loads and executes the application program stored in the memory, records all process IDs and installation release file paths, and simultaneously judges whether the current process can be added into the white list according to whether the process execution file of the process is stored in the installation process record or the father-son relationship of the process, and in the process of installing the software, the white list dynamic deployment is completed, so that the software installation process runs smoothly, and illegal programs are prevented from starting the installation release file.
In a fourth aspect, the present application provides a computer readable storage medium storing a computer program capable of being loaded by a processor and executing any of the whitelist-based dynamic deployment software installation methods as in the first aspect.
By adopting the technical scheme, in the process of installing software, a processor loads and executes a computer program in a computer readable storage medium, records all process IDs and installation release file paths, and simultaneously judges whether the current process can be added into a white list according to whether a process execution file of the process is stored in an installation process record or a father-son relationship of the process, and completes dynamic deployment of the white list in the process of installing the software, so that the software installation process runs smoothly, and illegal programs are prevented from starting the installation release file.
In summary, the present application includes at least one of the following beneficial technical effects:
1. in the process of installing software, the white list system records all process IDs and installation release file paths, and judges whether the current process can be added into the white list according to whether process execution files of the processes are stored in the installation process records or the father-son relationship of the processes at the same time, and in the process of installing the software, the white list dynamic deployment is completed, so that the software installation process runs smoothly, and illegal programs are prevented from starting the installation release files;
2. The first process chain is used for recording father-son relations of the processes, whether the child processes are added into the white list or not is determined through the father-son relations of the processes, and the installation process is recorded more completely.
Drawings
Fig. 1 is a schematic flow chart of a method for dynamically deploying software installation based on a white list in an embodiment of the application.
FIG. 2 is a schematic diagram of a process chain in an embodiment of the application.
Fig. 3 is a schematic structural diagram of a dynamic deployment software installation device based on a white list in an embodiment of the application.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In this context, unless otherwise specified, the term "/" generally indicates that the associated object is an "or" relationship.
The embodiment of the application discloses a method for dynamically deploying software installation based on a white list. Executed by an electronic device, in particular by a whitelist system installed on the electronic device, referring to fig. 1, the method comprises:
Step S101: detecting whether a process execution file path of the current process is stored in a white list, if so, executing step S102; otherwise, step S103 is performed.
Specifically, after the software installation package to be installed is uploaded to the server, an administrator checks the installation package and confirms the security, the installation package is stored, and then the installation package is added into a white list, so that the installation package can be legally operated.
When the installation package runs, a plurality of processes and/or a plurality of installation release files can be generated, wherein the release files comprise executable files, script files and the like, and the installation release files are all stored in a white list. The process generated by the installation package can directly run, and the generated process IDs, the execution file paths of the process and/or the installation release file paths are not stored in the white list, so that further processing is required.
If the white list system detects that the process execution file path of the current process is stored in the white list, the current process is a process running the installation package, and the white list system executes step S102; otherwise, if the current process is a new process generated after the installation package is executed, it needs to be further determined whether the new process is related to the installation of the software, and step S103 is executed.
Step S102: and creating an installation process record, wherein the installation process record comprises a process ID of the current process and an installation release file path.
Specifically, when the white list system monitors that the installation package is started, judging whether the installation package is started legally, namely, confirming whether the installation package is in the white list again, and if the installation package is confirmed to be legal, creating an installation process record.
The installation process record is used for recording the installation program file, the installation process ID and the release file path record of the installation package in the installation process, and comprehensively recording the software installation process, so that the installation process is completed successfully.
Step S103: and searching the parent process ID of the current process from the installation process record.
Referring to fig. 2, for example, the deployment program name is install. Exe, which releases step1.Exe during execution and runs it, then step1.Exe is a subroutine of install. Exe. The process ID in the process of installing the software is recorded in the process record, so that the white list system can search the corresponding parent process ID according to the current process ID.
If the parent process ID is found, step S104 is executed; otherwise, step S105 is performed.
Step S104: and writing the process ID of the current process and the installation release file path into an installation process record.
Specifically, if the white list system finds the parent process ID in the installation process record, the current process is generated by its parent process, i.e. the current process is generated by a legal process, it may be considered that the current process may also write into the installation process record.
Step S105: judging whether an execution file of the current process is an installation release file or not; if the release file is installed, executing step S106; otherwise, not operate.
Specifically, in the software installation process, the installation release file paths generated by the installation process are all stored in the installation process record, so that the white list system can compare the execution file paths of the current process with the installation release file paths in the installation process record, and if the comparison is consistent, the execution file of the current process is determined to be the installation release file.
Step S106: judging whether a parent process of the current process is a special trust process or a script interpretation process; if yes, executing step S107; otherwise, not operate.
Step S107: and writing the current process ID and the installation release file path into an installation process record.
Specifically, in the software installation process, there is a problem that the deployment program runs through a specific system program Service, and the specific trust process may be any one of a Service device, a svchost, a session, a exe (Console Host Process), and other system start programs, so that in order to make the installation process smoothly complete, when the white list system determines that the parent process is the specific trust process, the current process ID is written into an installation process record, that is, recorded in the white list, so that the installation process smoothly proceeds. If the white list system does not operate the current installation process after judging that the installation release file is operated by the illegal program, the current process is not added into the white list, and the safety of the installation process is improved.
Or when the white list system judges that the father process is the script interpreter, the father process loads the script file released in the installation process, and the current process ID is written into the installation process record, namely in the white list, so that the installation process is smoothly carried out. If the white list system does not operate the current process after judging that the script file is operated by the illegal program, the current process is not added into the white list, and the safety of the installation process is improved.
If the installation release file is generated in the running process of the process, the installation release file path is written into the release file path record.
The application provides an implementation principle of a white list-based dynamic deployment software installation method, which comprises the following steps: the white list system judges whether a process execution file path of the current process is stored in the white list, if so, an installation process record is created, and the current process ID and an installation release file path generated in the installation process are stored in the installation process record. If the process execution file of the current process is not stored in the white list, the white list system searches the father process ID of the current process in the installation process record, if the father process ID is stored in the installation process record, the current process ID is written into the installation process record, if the father process ID is not found, whether the execution file of the current process is an installation release file is further judged, if yes, whether the father process of the current process is a special trust process or a script interpretation process is judged, and if yes, the current process ID is written into the installation process record. And in the process of installing the software, the white list system records all process IDs and installation release file paths, and judges whether the current process can be added into the white list according to whether process execution files of the processes are stored in the installation process records or the father-son relationship of the processes, and in the process of installing the software, the white list dynamic deployment is completed, so that the software installation process runs smoothly, and illegal programs are prevented from starting the installation release files.
In another possible implementation manner, the installation process record includes a plurality of process chains, the process chains include at least one first process chain, and if the whitelist system finds the parent process ID, the executing step S104 writes the process ID and the installation release file path of the current process into the installation process record, specifically includes: if the parent process ID is found, the current process ID is written into the parent process ID, and then a first process chain is generated.
Specifically, the installation process record further includes a plurality of process chains, the process chains are used for recording relationships among the installation processes, if the white list system determines that the father process ID belongs to a certain installation process record, namely, the father process is recorded in the white list, the current installation process can also be added into the white list, in order to facilitate querying of father-son relationships of the installation process, after the current installation process ID is written into the father process ID, a first process chain for recording father-son relationships of the process is generated, not only the positions of all the installation processes can be clearly located, but also files can be prevented from being lost in the moving process.
Referring to fig. 2, for example, a deployment program named install.exe releases step1.exe during running and runs it, then install.exe is the parent process of step1.exe, and after writing the ID of step1.exe to the ID of install.exe, a first process chain is generated.
In another possible implementation manner, in order to facilitate distinguishing and recording the installation process generated by different sources, if the parent process of the current process is a special trust process or a script interpretation process, the installation process record includes a plurality of process chains, the process chains include a second process chain and a third process chain, and step S107 writes the current process ID into the installation process record, including (step S1071 to step S1072) (not shown in the figure):
Step S1071: if the parent process of the current process is a special trust process, a second process chain is created in the installation process record, and the current process ID is written into the second process chain.
Step S1072: if the parent process of the current process is a script interpretation process, a third process chain is created in the installation process record, and the current process ID is written into the third process chain.
Specifically, if the categories of the parent processes of the current process are different, the white list system records the current process ID according to the categories, so that the recording precision of the process chain is improved.
Referring to fig. 2, for example, if the service.exe runs the install release file a to generate step2.exe, the ID of step2.exe is written to the second process chain. If the script interpreter runs the installation release file B to generate step3.exe, the ID of step3.exe is written into the third process chain.
In another possible implementation manner, the installation process record includes an installer file in exe format and/or msi format and a plurality of process chains, the process chains include a fourth process chain, during the process of installing the installer, there may be a problem that the installer files in exe format and msi format are executed in a nested manner, and the method further includes (step S11 to step S12) (not shown in the figure):
Step S11: if msiexec the installer loads the msi file to generate a first installation process, a first process chain is created, and the first installation process is written into a fourth process chain.
Step S12: if msiexec the installer loads the exe file to generate a second installation process, the second installation process is written into a fourth process chain.
Specifically, the first element of the first process chain is msiexec processes loaded with the installer files in msi format, and then once the msiexec installer restarts the other installer files in exe format, the whitelist system also writes the corresponding second installer process into the fourth process chain. And recording the process paths for loading the mutually nested exe format files and msi format files, and avoiding file omission in the software installation process.
Referring to fig. 2, for example, deployment program install.exe releases the depmsi file and starts it again during run time, depmsi.msi releases and starts the step4.exe again during install of depmsi.msi, msiexe indicates that the process of depmsi.msi is started. The whitelist system then writes the depmsi. Exe to the fourth process chain and also writes step4.Exe after the depmsi. Exe.
Further, the installation process record includes a release file path record for recording an installation release file path, and the method further includes (steps S21 to S23) (not shown in the figure):
Step S21: if a process in any process chain initiates the release file operation to generate an installation release file, writing the file path of the installation release file into the release file path record.
In particular, the installer may release the file in two ways, namely file writing and sector copying. Wherein the file WRITE is handled by an irp_mj_write event and the sector copy is handled by an irp_mj_acquisition_for_ SECTION _synchonination event.
When the white list system monitors that the two file operations are initiated by a process in a certain process chain, the installation program loaded with the release file is a legal program, so that the file path of the release file is recorded into the release file path record.
Step S22: and when the installation release file is closed, if the installation release file is a PE file or a script file, writing the PE file or the script file into a white list.
Specifically, the file closing operation is processed through an irp_mj_ CLEANUP event, and when the process starts to run, the installation process records and records the process ID, and monitors the running of the process. When the process installation release file is closed, the PE file and the script file are saved in a white list, so that the software can run smoothly.
Step S23: if it is determined that the file path of the installation release file is abbreviated as an abbreviated path, writing both the file path of the installation release file and the abbreviated path into the release file path record.
Specifically, if the installation release file is in a path released to, for example, "program files (x 86)", the file path may sometimes be abbreviated as "PROG-2", and in order to completely record all the installation release files, the whitelist system writes the complete path and the abbreviated path of the installation release file into the release file path record.
Further, in the software installation process, the installation release file may be moved, so as to improve the accuracy of recording the installation release file, the method further includes: acquiring a file path before and after the release file is moved; if the released file belongs to the released file of any installation process based on the file path before the released file moves, writing the file path after the released file moves into the released file path record of any installation process.
Specifically, if the released file moves, the whitelist system knows the file movement behavior through the irp_mj_set_information event, and obtains the paths before and after the file movement. And the release file before moving belongs to any installation process, the current release file is saved in the white list and is legally operated, so that the white list system writes the path of the release file after moving into the file path record of the release of the corresponding installation process. The white list system tracks the released files that are moved, reducing the likelihood of file loss.
Further, the white list system generally judges whether the installation release file is a script file when the installation release file is closed, and adds the script file into the white list, and file movement does not accompany file closing behavior, so the white list system needs to judge whether the installation release file is the script file in the step of processing file movement, and if so, adds the white list.
Further, the target path of the white list system obtained through the SET_INFORMATION event is in a format of user mode, such as "C: \program files\software …", which needs to be converted into a format of kernel mode (such as "\device\ HarddiskVolume1\program files\software …") so as to keep consistent with the logic of other parts.
Further, the data of the white list needs to be saved in the database. The driver cannot directly store the database, and only can store the installation release file information into the memory record of the driver. Therefore, the white list driver needs to inform a user state program of the information such as the installation release file path, the characteristic value and the like, and the user state program stores the data into a database. When the system is restarted, the user mode program may retrieve the whitelist data from the database and provide it to the driver. The driver and application communicate in Flt Communication Port fashion provided by the MINIFILTER framework.
Further, in order to release the memory after the software installation is completed, the method further includes (step S31 to step S32) (not shown in the figure):
step S31: and when the installation process finishes running, the installation process ID corresponding to the installation process is cleared from the process chain.
Specifically, the white list system can monitor the operation of the installation process at any time in the program operation process, and when a certain installation process is finished, the white list system timely clears the installation process from the process chain, timely releases the memory and improves the operation speed.
Step S32: when all processes in the process chain end to run, the installation process record is cleared.
Specifically, the installation process is recorded as a file temporarily created in the software installation process, and after the installation process is finished, the file required by the software operation is stored in a white list, so that the software can normally operate. And after the white list system clears the installation process record as the temporary file, the memory can be released in time, and the running speed of the system is improved.
Further, the white list system needs to make special treatment to some deployment programs when judging that the installation is finished, and the method further comprises (step S41-step S43) (not shown in the figure):
step S41: if the system needs to be restarted after the installation process is finished, the shutdown time of the system is delayed until the installation release file is completely stored in the database.
Specifically, if the system needs to be restarted after the software is installed, the installation release file information may not be completely saved in the database at this time, and in order to prevent the software data from being lost when the system is closed, the white list system delays the shutdown time of the system, and the installation release file is completely saved in the database.
Step S42: if the current process is explorer.exe, the explorer.exe is not added to the white list.
Specifically, after the software is installed, the settings related to explorer.exe must wait for the explorer.exe to restart before being validated. Many software must restart the computer after installation is complete to validate the software operating environment.
If add explorer.exe to the whitelist system, this means that explorer.exe can launch any program. If add explorer. Exe to the process chain, it means that during a program installation period, the user can also run any program through desktop operation, affecting the normal installation of software. The whitelist system is therefore unable to add extraer.
Step S43: and if the installation process is finished, starting the deployment process, and adding the deployment process into the white list.
Specifically, the deployment process appears as a sub-process of the installation process, and the white list system judges that the deployment process belongs to a part of software installation through the deployment process ID, so that the white list system cannot determine that the installation process is finished. Therefore, the white list system adds a white list through the deployment process after determining that the installation process in the process chain is finished and when the deployment program is started, and normally deploys and installs the white list protection software.
In order to better perform the above method, an embodiment of the present application provides a device for dynamically deploying software based on a white list, referring to fig. 3, a device 200 for dynamically deploying software based on a white list, including:
A detection module 201, configured to detect whether a process execution file path of a current process is stored in a white list;
A creation module 202, configured to create an installation process record when detecting that a process execution file path of a current process is stored in a white list, where the installation process record includes a process ID of the current process and an installation release file path;
The searching module 203 is configured to search, when it is detected that the process execution file path of the current process is not stored in the white list, for a parent process ID of the current process from the installation process record;
the first writing module 204 is configured to write, if the parent process ID is found, the process ID of the current process and the installation release file path into the installation process record;
A first determining module 205, configured to determine whether the execution file of the current process is an installation release file if the parent process ID is not found;
A second judging module 206, configured to determine whether the parent process of the current process is a special trust process or a script interpretation process when the execution file of the current process is an installation release file;
The second writing module 207 is configured to write the current process ID and the installation release file path into the installation process record when determining that the execution file of the current process is a special trust process or a special trust process.
In another possible implementation manner, the installation process record includes a plurality of process chains, the process chains include at least one first process chain, and the first writing module 204 specifically includes:
If the parent process ID is found, the current process ID is written into the parent process ID, and then a first process chain is generated.
In another possible implementation manner, the installation process record includes a plurality of process chains, the process chains include a second process chain and a third process chain, and the second writing module 207 specifically includes:
If the father process of the current process is a special trust process, creating a second process chain in the installation process record, and writing the current process ID into the second process chain;
if the parent process of the current process is a special trust process, a third process chain is created in the installation process record, and the current process ID is written into the third process chain.
In another possible implementation, the installation process record includes an installer file in exe format and/or msi format and a fourth process chain, and the dynamic deployment software installation apparatus 200 further includes:
The first installation process ID recording module is used for creating a fourth process chain when msiexec installation programs load msi files to generate a first installation process and writing the first installation process ID into the fourth process chain;
and the second installation process ID recording module is used for writing the second installation process ID into the fourth process chain when msiexec the installation program loads the exe file to generate the second installation process.
In another possible implementation, the installation process record includes a release file path record for recording an installation release file path, and the whitelist-based dynamic deployment software installation apparatus 200 further includes:
the first recording module is used for writing a file path of the installation release file into the release file path record if a process in any process chain initiates the release file operation to generate the installation release file;
The second recording module is used for writing the PE file or the script file into a white list if the installation release file is the PE file or the script file when the installation release file is closed;
And the third recording module is used for writing the file path of the release file and the file abbreviated path into the release file path record if the corresponding file abbreviated path is determined based on the file path of the release file.
In another possible implementation, the dynamic deployment of the software installation apparatus 200 based on the whitelist further includes:
The mobile file path acquisition module is used for acquiring file paths before and after the installation release file is moved;
And the mobile file recording module is used for writing the file path after the installation release file is moved into the release file path record if the installation release file is judged to belong to the release file of any process based on the file path before the installation release file is moved.
In another possible implementation, the dynamic deployment of the software installation apparatus 200 based on the whitelist further includes:
The first clearing module is used for clearing the ID of the installation process corresponding to the installation process from the process chain when the installation process finishes running;
And the second clearing module is used for clearing the installation process record when the processes in all the process chains finish running.
In another possible implementation, the dynamic deployment of the software installation apparatus 200 based on the whitelist further includes:
The restarting module is used for deferring the shutdown time of the system until the installation release file is completely stored in the database if the system needs to be restarted after the installation process is finished;
the processing module is used for not adding the explorer.exe into the white list if the current process is the explorer.exe;
the deployment module is used for starting the deployment process if the installation process is finished, and adding the deployment process into the white list.
The various modifications and specific examples of the method in the foregoing embodiment are equally applicable to the whitelist-based dynamic deployment software installation apparatus of the present embodiment, and those skilled in the art will clearly know the implementation method of the whitelist-based dynamic deployment software installation apparatus of the present embodiment through the foregoing detailed description of the whitelist-based dynamic deployment software installation method, so that the description is omitted herein for brevity.
To better implement the above method, an embodiment of the present application provides an electronic device, referring to fig. 4, an electronic device 300 includes: a processor 301, a memory 303, and a display 305. Wherein the processor 301 is coupled to a memory 303 and a display 305, respectively, such as via a communication bus 302. Optionally, the electronic device 300 may further include a transceiver 304, where the transceiver 304 is not limited to one in practical applications. The structure of the electronic device 300 is not limited to the embodiment of the present application.
The Processor 301 may be a CPU (Central Processing Unit ), general purpose Processor, DSP (DIGITAL SIGNAL Processor, data signal Processor), ASIC (Application SPECIFIC INTEGRATED Circuit), FPGA (Field Programmable GATE ARRAY ) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with this disclosure. Processor 301 may also be a combination that implements computing functionality, e.g., comprising one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc.
Bus 302 may include a path to transfer information between the components. Bus 302 may be a PCI (PERIPHERAL COMPONENT INTERCONNECT, peripheral component interconnect standard) bus or an EISA (Extended Industry Standard Architecture ) bus, or the like. Bus 302 may be divided into an address bus, a data bus, a control bus, and the like.
The Memory 303 may be, but is not limited to, a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory ) or other type of dynamic storage device that can store information and instructions, an EEPROM (ELECTRICALLY ERASABLE PROGRAMMABLE READ ONLY MEMORY ), a CD-ROM (Compact Disc Read Only Memory, compact disc Read Only Memory) or other optical disk storage, optical disk storage (including compact discs, laser discs, optical discs, digital versatile discs, blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 303 is used for storing application program codes for executing the inventive arrangements and is controlled to be executed by the processor 301. The processor 301 is configured to execute the application code stored in the memory 303 to implement what is shown in the foregoing method embodiments.
The electronic device 300 shown in fig. 4 is only an example and should not be construed as limiting the functionality and scope of use of embodiments of the application.
The embodiment of the application also provides a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, the program is executed by a processor to realize the method for dynamically deploying software installation based on the white list, whether a process execution file path of a current process is stored in the white list is judged, if yes, an installation process record is created, and a current process ID and an installation release file path generated in the installation process are stored in the installation process record. If the process execution file of the current process is not stored in the white list, the white list system searches the father process ID of the current process in the installation process record, if the father process ID is stored in the installation process record, the current process ID is written into the installation process record, if the father process ID is not found, whether the execution file of the current process is an installation release file is further judged, if yes, whether the father process of the current process is a special trust process or a script interpretation process is judged, and if yes, the current process ID is written into the installation process record. In the process of installing software, the processor records all process IDs and installation release file paths, and judges whether the current process can be added into a white list according to whether process execution files of the process are stored in the installation process records or the father-son relationship of the process, and in the process of installing the software, the white list is dynamically deployed, so that the software installation process runs smoothly, and illegal programs are prevented from starting the installation release files.
In this embodiment, the computer-readable storage medium may be a tangible device that holds and stores instructions for use by the instruction execution device. The computer readable storage medium may be, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any combination of the preceding. In particular, the computer readable storage medium may be a portable computer disk, hard disk, USB flash disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), podium random access memory (SRAM), portable compact disc read-only memory (CD-ROM), digital Versatile Disk (DVD), memory stick, floppy disk, optical disk, magnetic disk, mechanical coding device, and any combination of the foregoing.
The computer program in this embodiment contains program code for executing all the methods described above, and the program code may include instructions corresponding to the execution of the steps of the methods provided in the embodiments described above. The computer program may be downloaded from a computer readable storage medium to the respective computing/processing device or to an external computer or external storage device via a network (e.g., the internet, a local area network, a wide area network, and/or a wireless network). The computer program may execute entirely on the user's computer and as a stand-alone software package.
The above embodiments are not intended to limit the scope of the present application, so: all equivalent changes in structure, shape and principle of the application should be covered in the scope of protection of the application.
In addition, it is to be understood that relational terms such as first and second are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.

Claims (6)

1. The method for dynamically deploying software installation based on the white list is characterized by comprising the following steps:
detecting whether a process execution file path of a current process is stored in a white list or not;
if yes, creating an installation process record, wherein the installation process record comprises a process ID of the current process and an installation release file path;
if not, searching a parent process ID of the current process from the installation process record;
if the parent process ID is found, writing the process ID of the current process and the installation release file path into the installation process record;
If the parent process ID is not found, judging whether the execution file of the current process is an installation release file or not;
If the release file is installed, judging whether the parent process of the current process is a special trust process or a script interpretation process;
if the current process ID and the installation release file path are the special trust process or script interpretation process, writing the current process ID and the installation release file path into the installation process record;
The installation process record comprises a plurality of process chains, the process chains comprise at least one first process chain, and if the father process ID is found, the process ID of the current process and an installation release file path are written into the installation process record, and the method comprises the following steps:
If the parent process ID of the current process is searched from the installation process record, writing the current process ID into the parent process ID, and then generating a first process chain;
The installation process record comprises a plurality of process chains, the process chains comprise a second process chain and a third process chain, and if the father process of the current process is a special trust process or a script interpretation process, the current process ID is written into the installation process record, and the method comprises the following steps:
If the father process of the current process is a special trust process, creating a second process chain in the installation process record, and writing the current process ID into the second process chain;
If the parent process of the current process is a script interpretation process, a third process chain is created in an installation process record, and the current process ID is written into the third process chain;
The installation process records an installer file in exe format and/or msi format and a plurality of process chains, wherein the process chains comprise a fourth process chain, and the method further comprises:
if msiexec the installer loads the msi file to generate a first installation process, creating a fourth process chain, and writing the ID of the first installation process into the fourth process chain;
If the msiexec installer loads an exe file to generate a second installation process, writing the ID of the second installation process into the fourth process chain;
the installation process record includes a release file path record for recording the installation release file path, the method further comprising:
if a process in any process chain initiates a release file operation to generate an installation release file, writing a file path of the installation release file into a release file path record;
When the installation release file is closed, if the installation release file is a PE file or a script file, writing the PE file or the script file into a white list;
If the file path of the installation release file is determined to be abbreviated as an abbreviated path, writing the file path of the installation release file and the abbreviated path into a release file path record;
acquiring a file path before and after the installation and release file is moved;
if the installation release file belongs to the release file of any process based on the file path before the installation release file moves, writing the file path after the installation release file moves into a release file path record.
2. The method according to claim 1, wherein the method further comprises:
When the installation process finishes running, an installation process ID corresponding to the installation process is cleared from a process chain;
And when all the processes in the process chain are finished running, the installation process record is cleared.
3. The method according to claim 1, wherein the method further comprises:
If the system needs to be restarted after the installation process is finished, the shutdown time of the system is delayed until the installation release file is completely stored in the database;
If the current process is explorer.exe, not adding the explorer.exe into the white list;
and if the installation process is finished, starting a deployment process, and adding the deployment process into a white list.
4. A whitelist-based dynamic deployment software installation apparatus, comprising:
the detection module is used for detecting whether a process execution file path of the current process is stored in the white list or not;
The system comprises a creation module, a setting module and a setting module, wherein the creation module is used for creating an installation process record when detecting that a process execution file path of a current process is stored in a white list, and the installation process record comprises a process ID of the current process and an installation release file path;
The searching module is used for searching the father process ID of the current process from the installation process record when detecting that the process execution file path of the current process is not stored in the white list;
The first writing module is used for writing the process ID of the current process and the installation release file path into the installation process record if the father process ID is found;
The first judging module is used for judging whether the execution file of the current process is an installation release file or not if the parent process ID is not found;
The second judging module is used for judging whether the father process of the current process is a special trust process or a script interpretation process when the execution file of the current process is an installation release file;
the second writing module is used for writing the ID of the current process and the path of the installation release file into the installation process record when judging that the execution file of the current process is a special trust process or a script interpretation process;
the installation process record comprises a plurality of process chains, wherein each process chain comprises at least one first process chain, and the first writing module specifically comprises:
If the parent process ID is found, writing the current process ID into the parent process ID and then generating a first process chain;
The installation process record comprises a plurality of process chains, the process chains comprise a second process chain and a third process chain, and the second writing module specifically comprises:
If the father process of the current process is a special trust process, creating a second process chain in the installation process record, and writing the current process ID into the second process chain;
If the parent process of the current process is a script interpretation process, a third process chain is created in the installation process record, and the current process ID is written into the third process chain;
The installation process record comprises an installer file in exe format and/or msi format and a fourth process chain, and the dynamic deployment software installation device based on the white list further comprises:
The first installation process ID recording module is used for creating a fourth process chain when msiexec installation programs load msi files to generate a first installation process and writing the first installation process ID into the fourth process chain;
the second installation process ID recording module is used for writing the second installation process ID into the fourth process chain when msiexec installation programs load exe files to generate a second installation process;
The installation process record comprises a release file path record for recording an installation release file path, and the dynamic deployment software installation device based on the white list further comprises:
the first recording module is used for writing a file path of the installation release file into the release file path record if a process in any process chain initiates the release file operation to generate the installation release file;
The second recording module is used for writing the PE file or the script file into a white list if the installation release file is the PE file or the script file when the installation release file is closed;
The third recording module is used for writing the file path of the release file and the file abbreviated path into the release file path record if the corresponding file abbreviated path is determined based on the file path of the release file;
The mobile file path acquisition module is used for acquiring file paths before and after the installation release file is moved;
And the mobile file recording module is used for writing the file path after the installation release file is moved into the release file path record if the installation release file is judged to belong to the release file of any process based on the file path before the installation release file is moved.
5. An electronic device, comprising:
At least one processor;
A memory;
At least one application program, wherein the at least one application program is stored in the memory and configured to be executed by the at least one processor, the at least one application program configured to: a whitelist-based dynamic deployment software installation method according to any one of claims 1 to 3 is performed.
6. A computer readable storage medium storing a computer program capable of being loaded by a processor and executing the whitelist-based dynamic deployment software installation method of any one of claims 1 to 3.
CN202210227247.1A 2022-03-08 2022-03-08 White list-based dynamic deployment software installation method and device, electronic equipment and medium Active CN114816447B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210227247.1A CN114816447B (en) 2022-03-08 2022-03-08 White list-based dynamic deployment software installation method and device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210227247.1A CN114816447B (en) 2022-03-08 2022-03-08 White list-based dynamic deployment software installation method and device, electronic equipment and medium

Publications (2)

Publication Number Publication Date
CN114816447A CN114816447A (en) 2022-07-29
CN114816447B true CN114816447B (en) 2024-04-26

Family

ID=82528594

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210227247.1A Active CN114816447B (en) 2022-03-08 2022-03-08 White list-based dynamic deployment software installation method and device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN114816447B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115080966B (en) * 2022-08-23 2022-11-25 北京六方云信息技术有限公司 Dynamic white list driving method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109766112A (en) * 2018-12-29 2019-05-17 北京威努特技术有限公司 A kind of method and device of program white list knowledge base update
CN109784035A (en) * 2018-12-28 2019-05-21 北京奇安信科技有限公司 A kind of tracking process method and device of erection schedule
CN111125688A (en) * 2019-12-13 2020-05-08 北京浪潮数据技术有限公司 Process control method and device, electronic equipment and storage medium
CN112380170A (en) * 2020-11-25 2021-02-19 北京珞安科技有限责任公司 Correlation method and device for file updating operation and computer equipment
CN113515744A (en) * 2021-03-24 2021-10-19 杭州安恒信息技术股份有限公司 Malicious document detection method, device and system, electronic device and storage medium
CN113987468A (en) * 2021-10-21 2022-01-28 中国工商银行股份有限公司 Security check method and security check device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8473942B2 (en) * 2008-11-28 2013-06-25 Sap Ag Changable deployment conditions

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784035A (en) * 2018-12-28 2019-05-21 北京奇安信科技有限公司 A kind of tracking process method and device of erection schedule
CN109766112A (en) * 2018-12-29 2019-05-17 北京威努特技术有限公司 A kind of method and device of program white list knowledge base update
CN111125688A (en) * 2019-12-13 2020-05-08 北京浪潮数据技术有限公司 Process control method and device, electronic equipment and storage medium
CN112380170A (en) * 2020-11-25 2021-02-19 北京珞安科技有限责任公司 Correlation method and device for file updating operation and computer equipment
CN113515744A (en) * 2021-03-24 2021-10-19 杭州安恒信息技术股份有限公司 Malicious document detection method, device and system, electronic device and storage medium
CN113987468A (en) * 2021-10-21 2022-01-28 中国工商银行股份有限公司 Security check method and security check device

Also Published As

Publication number Publication date
CN114816447A (en) 2022-07-29

Similar Documents

Publication Publication Date Title
US9081967B2 (en) System and method for protecting computers from software vulnerabilities
US9710647B2 (en) Pre-boot firmware based virus scanner
RU2514140C1 (en) System and method for improving quality of detecting malicious objects using rules and priorities
US7845006B2 (en) Mitigating malicious exploitation of a vulnerability in a software application by selectively trapping execution along a code path
JP4903879B2 (en) System analysis and management
JP4828218B2 (en) Self-describing artifacts and application abstraction
KR100704629B1 (en) Apparatus and method for protecting virus at the master boot recode located in altered position
US20070283444A1 (en) Apparatus And System For Preventing Virus
US20070094654A1 (en) Updating rescue software
EP2704004B1 (en) Computing device having a dll injection function, and dll injection method
CN107203717B (en) System and method for performing antivirus scanning of files on virtual machines
US20130239214A1 (en) Method for detecting and removing malware
US9659172B2 (en) System and method of preventing execution of undesirable programs
US10691809B2 (en) Information processing apparatus and method for controlling the same
JP2009238153A (en) Malware handling system, method, and program
CN114816447B (en) White list-based dynamic deployment software installation method and device, electronic equipment and medium
US20070074172A1 (en) Software problem administration
US8347285B2 (en) Embedded agent for self-healing software
CN108647516B (en) Method and device for defending against illegal privilege escalation
US20210081533A1 (en) Detection system, detection method, and an update verification method performed by using the detection method
CN1797337B (en) Method for installing software of computer automatically
KR100613126B1 (en) Method and apparatus for deleting virus code, and information storage medium storing a program thereof
EP2835757B1 (en) System and method protecting computers from software vulnerabilities
KR20210062360A (en) Cache Tamper-Proof Method and System on Android
JP2005099982A (en) File monitoring device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant