ES2463265R1 - Anticipar la exploración de software malicioso - Google Patents

Anticipar la exploración de software malicioso Download PDF

Info

Publication number
ES2463265R1
ES2463265R1 ES201390092A ES201390092A ES2463265R1 ES 2463265 R1 ES2463265 R1 ES 2463265R1 ES 201390092 A ES201390092 A ES 201390092A ES 201390092 A ES201390092 A ES 201390092A ES 2463265 R1 ES2463265 R1 ES 2463265R1
Authority
ES
Spain
Prior art keywords
files
malicious software
application
scanning
groups
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
ES201390092A
Other languages
English (en)
Other versions
ES2463265A2 (es
ES2463265B1 (es
Inventor
Pavel Turbin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WithSecure Oyj
Original Assignee
F Secure Oyj
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by F Secure Oyj filed Critical F Secure Oyj
Publication of ES2463265A2 publication Critical patent/ES2463265A2/es
Publication of ES2463265R1 publication Critical patent/ES2463265R1/es
Application granted granted Critical
Publication of ES2463265B1 publication Critical patent/ES2463265B1/es
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)
  • Stored Programmes (AREA)

Abstract

De acuerdo con un primer aspecto de la presente invención, se proporciona un método de exploración de búsqueda de software malicioso durante la ejecución de una aplicación en un sistema informático. El método comprende detectar accesos por la aplicación a archivos dentro de un directorio común, usar los accesos detectados para identificar uno o más grupos de archivos dentro de dicho directorio común al que la aplicación podría querer acceder posteriormente, y explorar dicho uno o más grupos de archivos en busca de software malicioso antes de que la aplicación intente acceder a los archivos del grupo o grupos.
ES201390092A 2011-05-16 2012-03-29 Anticipar la exploración de software malicioso Active ES2463265B1 (es)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/068610 2011-05-16
US13/068,610 US8726388B2 (en) 2011-05-16 2011-05-16 Look ahead malware scanning
PCT/EP2012/055733 WO2012156143A1 (en) 2011-05-16 2012-03-29 Look ahead malware scanning

Publications (3)

Publication Number Publication Date
ES2463265A2 ES2463265A2 (es) 2014-05-27
ES2463265R1 true ES2463265R1 (es) 2014-09-04
ES2463265B1 ES2463265B1 (es) 2015-06-02

Family

ID=45937341

Family Applications (1)

Application Number Title Priority Date Filing Date
ES201390092A Active ES2463265B1 (es) 2011-05-16 2012-03-29 Anticipar la exploración de software malicioso

Country Status (7)

Country Link
US (1) US8726388B2 (es)
BR (1) BR112013029404A2 (es)
DE (1) DE112012002106B4 (es)
ES (1) ES2463265B1 (es)
RO (1) RO130379B1 (es)
RU (1) RU2621608C2 (es)
WO (1) WO2012156143A1 (es)

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9679137B2 (en) * 2006-09-27 2017-06-13 Hewlett-Packard Development Company, L.P. Anti-viral scanning in Network Attached Storage
US8127358B1 (en) * 2007-05-30 2012-02-28 Trend Micro Incorporated Thin client for computer security applications
WO2013141545A1 (ko) * 2012-03-21 2013-09-26 삼성에스디에스 주식회사 안티-멀웨어 시스템 및 상기 시스템에서의 데이터 처리 방법
US11126720B2 (en) 2012-09-26 2021-09-21 Bluvector, Inc. System and method for automated machine-learning, zero-day malware detection
US9292688B2 (en) 2012-09-26 2016-03-22 Northrop Grumman Systems Corporation System and method for automated machine-learning, zero-day malware detection
CN103780589A (zh) * 2012-10-24 2014-05-07 腾讯科技(深圳)有限公司 病毒提示方法、客户端设备和服务器
GB2517483B (en) * 2013-08-22 2015-07-22 F Secure Corp Detecting file encrypting malware
US9323929B2 (en) * 2013-11-26 2016-04-26 Qualcomm Incorporated Pre-identifying probable malicious rootkit behavior using behavioral contracts
CN103810428B (zh) * 2014-02-24 2017-05-24 珠海市君天电子科技有限公司 一种宏病毒检测方法及装置
US9710648B2 (en) * 2014-08-11 2017-07-18 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
CN104199894A (zh) * 2014-08-25 2014-12-10 百度在线网络技术(北京)有限公司 一种文件扫描方法及装置
WO2016081346A1 (en) 2014-11-21 2016-05-26 Northrup Grumman Systems Corporation System and method for network data characterization
US11023449B2 (en) * 2014-12-19 2021-06-01 EMC IP Holding Company LLC Method and system to search logs that contain a massive number of entries
US9715589B2 (en) 2015-01-23 2017-07-25 Red Hat, Inc. Operating system consistency and malware protection
US10032023B1 (en) * 2016-03-25 2018-07-24 Symantec Corporation Systems and methods for selectively applying malware signatures
US10200395B1 (en) * 2016-03-30 2019-02-05 Symantec Corporation Systems and methods for automated whitelisting of files
US10248787B1 (en) * 2016-12-20 2019-04-02 Symantec Corporation Systems and methods for determining reputations of files
US10511631B2 (en) 2017-01-25 2019-12-17 Microsoft Technology Licensing, Llc Safe data access through any data channel
EP3376424B1 (en) * 2017-03-14 2021-05-05 VirusTotal SLU Scanning files using antivirus software
CN109361643B (zh) * 2018-06-22 2021-05-25 中国移动通信集团广东有限公司 一种恶意样本的深度溯源方法
RU2726878C1 (ru) * 2019-04-15 2020-07-16 Акционерное общество "Лаборатория Касперского" Способ ускорения полной антивирусной проверки файлов на мобильном устройстве
US11210395B2 (en) * 2019-09-13 2021-12-28 EMC IP Holding Company LLC Filename-based malware pre-scanning
US11288391B2 (en) 2019-09-13 2022-03-29 EMC IP Holding Company LLC Filename-based malware pre-scanning
CN113468119A (zh) * 2021-05-31 2021-10-01 北京明朝万达科技股份有限公司 一种文件扫描方法和装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008068240A1 (en) * 2006-12-07 2008-06-12 International Business Machines Corporation On demand virus scan
US7681237B1 (en) * 2004-05-13 2010-03-16 Symantec Corporation Semi-synchronous scanning of modified files in real time

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6968461B1 (en) * 2000-10-03 2005-11-22 Networks Associates Technology, Inc. Providing break points in a malware scanning operation
US7424706B2 (en) * 2003-07-16 2008-09-09 Microsoft Corporation Automatic detection and patching of vulnerable files
GB0418066D0 (en) * 2004-08-13 2004-09-15 Ibm A prioritization system
US8037527B2 (en) * 2004-11-08 2011-10-11 Bt Web Solutions, Llc Method and apparatus for look-ahead security scanning
US8254858B2 (en) * 2007-12-21 2012-08-28 Hewlett-Packard Development Company, L.P. Techniques to manage power based on motion detection
GB2469322B (en) * 2009-04-09 2014-04-16 F Secure Oyj Malware determination
US8745743B2 (en) 2009-06-09 2014-06-03 F-Secure Oyj Anti-virus trusted files database
US8468602B2 (en) * 2010-03-08 2013-06-18 Raytheon Company System and method for host-level malware detection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7681237B1 (en) * 2004-05-13 2010-03-16 Symantec Corporation Semi-synchronous scanning of modified files in real time
WO2008068240A1 (en) * 2006-12-07 2008-06-12 International Business Machines Corporation On demand virus scan

Also Published As

Publication number Publication date
BR112013029404A2 (pt) 2017-01-31
US8726388B2 (en) 2014-05-13
RO130379B1 (ro) 2020-05-29
US20120297486A1 (en) 2012-11-22
RU2621608C2 (ru) 2017-06-06
ES2463265A2 (es) 2014-05-27
RU2013154735A (ru) 2015-06-27
DE112012002106T5 (de) 2014-02-13
DE112012002106B4 (de) 2023-06-15
RO130379A2 (ro) 2015-06-30
ES2463265B1 (es) 2015-06-02
WO2012156143A1 (en) 2012-11-22

Similar Documents

Publication Publication Date Title
ES2463265B1 (es) Anticipar la exploración de software malicioso
CL2014002998A1 (es) Procedimiento para intercambiar datos entre dos dispositivos clientes, comprende almacenar uno o más programas en un ordenador, obtener desde el primer dispositivo una solicitud de adquisición de datos, identificar el segundo dispositivo, emitir una segunda solicitud, obtener desde el segundo dispositivo el parámetro de búsqueda, y proporcionar al menos un resultado de búsqueda; sistema; medio de almacenamiento.
BR112016024774A2 (pt) sistema de criação de website implementável em um dispositivo de computação, e método implementável em um dispositivo de computação
AR102688A1 (es) Infraestructura de identidad como un servicio
BR112015014808A2 (pt) sistema e método para determinar localização de smartphone
CL2014002859A1 (es) Metodo y sistema para utilizar ejemplos negativos de palabras en un sistema de reconocimiento de voz, en que el metodo comprende definir un conjunto de palabras, identificar un conjunto de ejemplos negativos de dichas palabras, realizar un reconocimiento de palabra clave en dichos conjuntos, determinar valores de confianza de palabras en dichos conjuntos, identificar al menos una palabra candidata de dicho conjunto de palabras, comparar valores de confianza, aceptar la palabra candidata.
CL2016000555A1 (es) Terminación de comando de averiguación en memorias flash
DK3191993T3 (da) Detektion af repeatudvidelser med short read-sekventeringsdata
WO2012067867A3 (en) Registration for system level search user interface
BR112015005115A2 (pt) trator de soldagem; método para soldar, de modo circunferencial, pelo menos um objeto cilíndrico; processo; sistema de soldagem
GB2505104A (en) Malware detection
BR112014001992A2 (pt) método, sistema, e um ou mais meios de armazenamento legíveis por computador
FR2990020B1 (fr) Dispositif de detection capacitive avec arrangement de pistes de liaison, et procede mettant en oeuvre un tel dispositif.
AR092514A1 (es) Aparato de procesamiento de informacion, metodo de procesamiento de la informacion y programa de procesamiento de la informacion
BR112015022133A8 (pt) método, meios legíveis por computador e sistema relacionados a repositórios temáticos para o gerenciamneto de transações
BR112014016042A2 (pt) método, um ou mais meios de armazenamento legíveis por computador, e sistema
EA201391095A1 (ru) Система интерпретации повреждения труб
BR112014027595A2 (pt) método de sensibilidade ao formato com fibra óptica; meio de armazenamento executável por computador; e sistema de sensibilidade ao formato
CL2014002211A1 (es) Sistema para determinar una propiedad de un objeto que comprende una disposicion de induccion para generar un impulso de fluido, un detector para detectar la vibracion fisical del objeto, un procesador acoplado al detector para determinar la propiedad del objeto; metodo para determinar una propiedad de un objeto; y una valvula.
BR112014029104A2 (pt) sistema de processamento de informação, método executado por sistema de processamento de informação, e, meio legível por computador não transitório.
BR112017025197A2 (pt) método e sistema para rastreamento de itens-alvo
BR112014017936A8 (pt) Aparelhos, sistemas e métodos de reconhecimento de fóssil
BR112015002559A2 (pt) método de formação de imagem; meio de armazenamento não transitório que armazena instruções executáveis por um dispositivo de processamento de dados eletrônico; e aparelho.
BR112014008453A2 (pt) geração automática de código para coleta automática de dados colaborativos
AR085648A1 (es) Kit y metodo para marcar y/o detectar la alteracion de combustible

Legal Events

Date Code Title Description
FG2A Definitive protection

Ref document number: 2463265

Country of ref document: ES

Kind code of ref document: B1

Effective date: 20150602

PC2A Transfer of patent

Owner name: WITHSECURE CORPORATION

Effective date: 20220908