JP2013545208A - 仮想マシンのアンチ・マルウェア保護 - Google Patents

仮想マシンのアンチ・マルウェア保護 Download PDF

Info

Publication number
JP2013545208A
JP2013545208A JP2013543292A JP2013543292A JP2013545208A JP 2013545208 A JP2013545208 A JP 2013545208A JP 2013543292 A JP2013543292 A JP 2013543292A JP 2013543292 A JP2013543292 A JP 2013543292A JP 2013545208 A JP2013545208 A JP 2013545208A
Authority
JP
Japan
Prior art keywords
guest
malware
agent
scan
partition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2013543292A
Other languages
English (en)
Japanese (ja)
Other versions
JP2013545208A5 (enExample
Inventor
ショーン ジャレット マイケル
ジャレド ジョンソン ジョセフ
カプーア ヴィシャル
フランシス トーマス アニル
ジョン ネイシュタット ユージン
スコット バッチェルダー デニス
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of JP2013545208A publication Critical patent/JP2013545208A/ja
Publication of JP2013545208A5 publication Critical patent/JP2013545208A5/ja
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)
  • Multi Processors (AREA)
  • Stored Programmes (AREA)
JP2013543292A 2010-12-07 2011-12-06 仮想マシンのアンチ・マルウェア保護 Pending JP2013545208A (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/961,854 2010-12-07
US12/961,854 US20120144489A1 (en) 2010-12-07 2010-12-07 Antimalware Protection of Virtual Machines
PCT/US2011/063615 WO2012078690A1 (en) 2010-12-07 2011-12-06 Antimalware protection of virtual machines

Publications (2)

Publication Number Publication Date
JP2013545208A true JP2013545208A (ja) 2013-12-19
JP2013545208A5 JP2013545208A5 (enExample) 2015-01-29

Family

ID=46163556

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2013543292A Pending JP2013545208A (ja) 2010-12-07 2011-12-06 仮想マシンのアンチ・マルウェア保護

Country Status (7)

Country Link
US (1) US20120144489A1 (enExample)
EP (1) EP2649548B1 (enExample)
JP (1) JP2013545208A (enExample)
CN (1) CN102542207A (enExample)
AU (1) AU2011338482B2 (enExample)
CA (1) CA2817245A1 (enExample)
WO (1) WO2012078690A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017215923A (ja) * 2016-05-31 2017-12-07 エーオー カスペルスキー ラボAO Kaspersky Lab 分散ネットワークにおけるバーチャルマシン上の悪意のあるファイルを検出するシステム及び方法

Families Citing this family (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012147252A1 (ja) * 2011-04-27 2012-11-01 パナソニック株式会社 仮想計算機システム、仮想計算機制御方法、仮想計算機制御プログラム、及び半導体集積回路
US10546118B1 (en) 2011-05-25 2020-01-28 Hewlett-Packard Development Company, L.P. Using a profile to provide selective access to resources in performing file operations
US8819062B2 (en) * 2012-01-03 2014-08-26 Yext, Inc. Providing enhanced business listings with structured lists to multiple search providers from a source system
US9203862B1 (en) * 2012-07-03 2015-12-01 Bromium, Inc. Centralized storage and management of malware manifests
CN103634366A (zh) * 2012-08-27 2014-03-12 北京千橡网景科技发展有限公司 用于识别网络机器人的方法和设备
US8984641B2 (en) * 2012-10-10 2015-03-17 Honeywell International Inc. Field device having tamper attempt reporting
US9571507B2 (en) * 2012-10-21 2017-02-14 Mcafee, Inc. Providing a virtual security appliance architecture to a virtual cloud infrastructure
US8925085B2 (en) 2012-11-15 2014-12-30 Microsoft Corporation Dynamic selection and loading of anti-malware signatures
EP2948841A4 (en) 2013-01-23 2016-09-07 Hewlett Packard Entpr Dev Lp COMPETITION BETWEEN COMMONLY USED RESOURCES
US9104455B2 (en) 2013-02-19 2015-08-11 International Business Machines Corporation Virtual machine-to-image affinity on a physical server
US9565202B1 (en) * 2013-03-13 2017-02-07 Fireeye, Inc. System and method for detecting exfiltration content
US9430647B2 (en) * 2013-03-15 2016-08-30 Mcafee, Inc. Peer-aware self-regulation for virtualized environments
KR101901911B1 (ko) 2013-05-21 2018-09-27 삼성전자주식회사 악성 프로그램을 탐지하는 방법 및 장치
US9736179B2 (en) * 2013-09-30 2017-08-15 Fireeye, Inc. System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection
US9065854B2 (en) * 2013-10-28 2015-06-23 Citrix Systems, Inc. Systems and methods for managing a guest virtual machine executing within a virtualized environment
US9258324B2 (en) 2013-11-26 2016-02-09 At&T Intellectual Property I, L.P. Methods, systems, and computer program products for protecting a communication network against internet enabled cyber attacks through use of screen replication from controlled internet access points
US20150304343A1 (en) 2014-04-18 2015-10-22 Intuit Inc. Method and system for providing self-monitoring, self-reporting, and self-repairing virtual assets in a cloud computing environment
US9866581B2 (en) * 2014-06-30 2018-01-09 Intuit Inc. Method and system for secure delivery of information to computing environments
US10757133B2 (en) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
RU2580030C2 (ru) 2014-04-18 2016-04-10 Закрытое акционерное общество "Лаборатория Касперского" Система и способ распределения задач антивирусной проверки между виртуальными машинами в виртуальной сети
RU2568282C2 (ru) * 2014-04-18 2015-11-20 Закрытое акционерное общество "Лаборатория Касперского" Система и способ обеспечения отказоустойчивости антивирусной защиты, реализуемой в виртуальной среде
US11294700B2 (en) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
RU2573789C2 (ru) 2014-04-18 2016-01-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ запуска виртуальной машины
US9009836B1 (en) * 2014-07-17 2015-04-14 Kaspersky Lab Zao Security architecture for virtual machines
US10102082B2 (en) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
JP2018513505A (ja) * 2015-02-20 2018-05-24 プリスティン マシーン エルエルシー システム層間でデータオペレーション機能を分割する方法
WO2016137505A1 (en) * 2015-02-27 2016-09-01 Hewlett-Packard Development Company, L.P. Facilitating scanning of protected resources
US9652612B2 (en) * 2015-03-25 2017-05-16 International Business Machines Corporation Security within a software-defined infrastructure
US10417031B2 (en) * 2015-03-31 2019-09-17 Fireeye, Inc. Selective virtualization for security threat detection
US10642753B1 (en) 2015-06-30 2020-05-05 Fireeye, Inc. System and method for protecting a software component running in virtual machine using a virtualization layer
US10216927B1 (en) 2015-06-30 2019-02-26 Fireeye, Inc. System and method for protecting memory pages associated with a process using a virtualization layer
US10395029B1 (en) 2015-06-30 2019-08-27 Fireeye, Inc. Virtual system and method with threat protection
US10726127B1 (en) 2015-06-30 2020-07-28 Fireeye, Inc. System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer
US11113086B1 (en) 2015-06-30 2021-09-07 Fireeye, Inc. Virtual system and method for securing external network connectivity
US10033759B1 (en) 2015-09-28 2018-07-24 Fireeye, Inc. System and method of threat detection under hypervisor control
US9977894B2 (en) 2015-11-18 2018-05-22 Red Hat, Inc. Virtual machine malware scanning
CN105631320B (zh) * 2015-12-18 2019-04-19 北京奇虎科技有限公司 虚拟机逃逸的检测方法及装置
US10630643B2 (en) * 2015-12-19 2020-04-21 Bitdefender IPR Management Ltd. Dual memory introspection for securing multiple network endpoints
US12248560B2 (en) * 2016-03-07 2025-03-11 Crowdstrike, Inc. Hypervisor-based redirection of system calls and interrupt-based task offloading
US12339979B2 (en) 2016-03-07 2025-06-24 Crowdstrike, Inc. Hypervisor-based interception of memory and register accesses
CN105844162B (zh) * 2016-04-08 2019-03-29 北京北信源软件股份有限公司 一种虚拟化平台下windows虚拟机漏洞扫描的方法
US20180173526A1 (en) 2016-12-20 2018-06-21 Invensys Systems, Inc. Application lifecycle management system
RU2665911C2 (ru) 2017-02-08 2018-09-04 Акционерное общество "Лаборатория Касперского" Система и способ анализа файла на вредоносность в виртуальной машине
EP3361406A1 (en) * 2017-02-08 2018-08-15 AO Kaspersky Lab System and method of analysis of files for maliciousness in a virtual machine
WO2020026228A1 (en) * 2018-08-01 2020-02-06 Vdoo Connected Trust Ltd. Firmware verification
US11385766B2 (en) 2019-01-07 2022-07-12 AppEsteem Corporation Technologies for indicating deceptive and trustworthy resources
IL275098A (en) * 2020-06-03 2022-01-01 Kazuar Advanced Tech Ltd A multi-computing environment with the fewest loopholes
US11930019B2 (en) * 2021-04-21 2024-03-12 Saudi Arabian Oil Company Methods and systems for fast-paced dynamic malware analysis
US11954333B2 (en) * 2021-06-23 2024-04-09 Western Digital Technologies, Inc. Secured firmware with anti-malware
US12079339B2 (en) * 2022-05-12 2024-09-03 Vmware, Inc. In-memory scanning for fileless malware on a host device
CN116150797B (zh) * 2023-04-21 2023-08-01 深圳市科力锐科技有限公司 数据保护方法、系统、设备及存储介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060136720A1 (en) * 2004-12-21 2006-06-22 Microsoft Corporation Computer security management, such as in a virtual machine or hardened operating system
US20060224930A1 (en) * 2005-03-31 2006-10-05 Ibm Corporation Systems and methods for event detection
JP2008152796A (ja) * 2008-01-11 2008-07-03 Nec Corp データ複製システム、およびストレージ内のデータを複製するためのプログラム
JP2008538249A (ja) * 2005-04-02 2008-10-16 マイクロソフト コーポレーション コンピュータの状態のモニタリング及びサポート
US20090158432A1 (en) * 2007-12-12 2009-06-18 Yufeng Zheng On-Access Anti-Virus Mechanism for Virtual Machine Architecture
JP2010044613A (ja) * 2008-08-13 2010-02-25 Fujitsu Ltd ウイルス対策方法、コンピュータ、及びプログラム

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8619971B2 (en) * 2005-04-01 2013-12-31 Microsoft Corporation Local secure service partitions for operating system security
WO2008048665A2 (en) * 2006-10-18 2008-04-24 University Of Virginia Patent Foundation Method, system, and computer program product for malware detection analysis, and response
US9098347B2 (en) * 2006-12-21 2015-08-04 Vmware Implementation of virtual machine operations using storage system functionality
US9354927B2 (en) * 2006-12-21 2016-05-31 Vmware, Inc. Securing virtual machine data
US9189265B2 (en) * 2006-12-21 2015-11-17 Vmware, Inc. Storage architecture for virtual machines
US7765374B2 (en) * 2007-01-25 2010-07-27 Microsoft Corporation Protecting operating-system resources
US8380987B2 (en) * 2007-01-25 2013-02-19 Microsoft Corporation Protection agents and privilege modes
US20080320594A1 (en) * 2007-03-19 2008-12-25 Xuxian Jiang Malware Detector
US8011010B2 (en) * 2007-04-17 2011-08-30 Microsoft Corporation Using antimalware technologies to perform offline scanning of virtual machine images
CN101039177A (zh) * 2007-04-27 2007-09-19 珠海金山软件股份有限公司 一种在线查毒的装置和方法
US8601124B2 (en) * 2007-06-25 2013-12-03 Microsoft Corporation Secure publishing of data to DMZ using virtual hard drives
US20090007100A1 (en) * 2007-06-28 2009-01-01 Microsoft Corporation Suspending a Running Operating System to Enable Security Scanning
US8839237B2 (en) 2007-12-31 2014-09-16 Intel Corporation Method and apparatus for tamper resistant communication in a virtualization enabled platform
US8954897B2 (en) * 2008-08-28 2015-02-10 Microsoft Corporation Protecting a virtual guest machine from attacks by an infected host
US20100169972A1 (en) * 2008-12-31 2010-07-01 Microsoft Corporation Shared repository of malware data

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060136720A1 (en) * 2004-12-21 2006-06-22 Microsoft Corporation Computer security management, such as in a virtual machine or hardened operating system
JP2006178936A (ja) * 2004-12-21 2006-07-06 Microsoft Corp 仮想マシンまたは強化オペレーティングシステムなどにおけるコンピュータのセキュリティ管理
US20060224930A1 (en) * 2005-03-31 2006-10-05 Ibm Corporation Systems and methods for event detection
JP2008538249A (ja) * 2005-04-02 2008-10-16 マイクロソフト コーポレーション コンピュータの状態のモニタリング及びサポート
US20090158432A1 (en) * 2007-12-12 2009-06-18 Yufeng Zheng On-Access Anti-Virus Mechanism for Virtual Machine Architecture
JP2008152796A (ja) * 2008-01-11 2008-07-03 Nec Corp データ複製システム、およびストレージ内のデータを複製するためのプログラム
JP2010044613A (ja) * 2008-08-13 2010-02-25 Fujitsu Ltd ウイルス対策方法、コンピュータ、及びプログラム

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017215923A (ja) * 2016-05-31 2017-12-07 エーオー カスペルスキー ラボAO Kaspersky Lab 分散ネットワークにおけるバーチャルマシン上の悪意のあるファイルを検出するシステム及び方法

Also Published As

Publication number Publication date
US20120144489A1 (en) 2012-06-07
AU2011338482A1 (en) 2013-05-30
CA2817245A1 (en) 2012-06-14
EP2649548A4 (en) 2014-07-30
EP2649548B1 (en) 2018-08-08
WO2012078690A1 (en) 2012-06-14
AU2011338482B2 (en) 2016-11-03
CN102542207A (zh) 2012-07-04
EP2649548A1 (en) 2013-10-16

Similar Documents

Publication Publication Date Title
JP2013545208A (ja) 仮想マシンのアンチ・マルウェア保護
US11354414B2 (en) Method to scan a forensic image of a computer system with multiple malicious code detection engines simultaneously from a master control point
JP5446167B2 (ja) ウイルス対策方法、コンピュータ、及びプログラム
US10162661B2 (en) Interdependent virtual machine management
JP6772270B2 (ja) 複数のネットワークエンドポイントをセキュアにするためのデュアルメモリイントロスペクション
EP3120279B1 (en) Integrity assurance and rebootless updating during runtime
JP4406627B2 (ja) 仮想マシンまたは強化オペレーティングシステムなどにおけるコンピュータのセキュリティ管理
US9021008B1 (en) Managing targeted scripts
RU2702053C1 (ru) Способ снижения нагрузки на сканирующую подсистему путем дедупликации сканирования файлов
JP2014225302A (ja) ウイルス検出プログラム、ウイルス検出方法、及びコンピュータ
JP2013061994A (ja) ウイルス検出プログラム、ウイルス検出方法、監視プログラム、監視方法、及びコンピュータ
US10528375B2 (en) Maintaining security system information in virtualized computing environments
GB2548147A (en) Self-propagating cloud-aware distributed agents for benign cloud exploitation
JP2018013921A (ja) 仮想サーバー点検システム、及び仮想サーバー点検方法

Legal Events

Date Code Title Description
RD03 Notification of appointment of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7423

Effective date: 20130813

RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20130816

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20141203

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20141203

A711 Notification of change in applicant

Free format text: JAPANESE INTERMEDIATE CODE: A711

Effective date: 20150519

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20151224

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20160129

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20160421

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20160606

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20160830

A911 Transfer to examiner for re-examination before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A911

Effective date: 20160908

A912 Re-examination (zenchi) completed and case transferred to appeal board

Free format text: JAPANESE INTERMEDIATE CODE: A912

Effective date: 20160930