Fault management during emulation-based antivirus scanning

G - Physics – 06 – F

Patent

Rate now

[ 0.00 ] – not rated yet Voters 0 Comments 0

Details Fault management during emulation-based antivirus scanning Fault management during emulation-based antivirus scanning

: G - Physics
: 06
: F

: G06F 11/00 (2006.01) G06F 1/00 (2006.01) G06F 21/00 (2006.01)
: Patent
: CA 2285437
: A computer-implemented appara- tus and method for countering attempts of polymorphic viruses to evade detection by emulation-based scanners. Such attempts try to exploit differences between the real and virtual execution of instructions. The invention includes a fault manager (158) integrated into the CPU emulator (154) of a virus scanner software product. Be- fore each instruction is emulated by the CPU emulator (154), the fault manager (158) examines the opcode of the instruc- tion to determine (310) whether a "fault" is triggered. If a fault is triggered, the fault manager (158) saves (314) a state record on a fault stack (162), then inter- rupts (316) to a corresponding fault han- dler routine (160). The criteria for trig- gering a fault and the corresponding fault handler routine (160) may be obtained from an updatable data file (164).

L'invention concerne un appareil et un procédé informatiques contrant les tentatives que font les virus polymorphes pour passer inaperçus lors de la recherche effectuée par des systèmes de recherche en mode émulation. De telles tentatives visent à mettre à profit des différences entre l'exécution réelle et virtuelle d'instructions. L'invention comprend un gestionnaire (158) d'anomalies intégré dans l'émulateur (154) d'unité centrale (UC) d'un logiciel de détection de virus. Avant que chaque instruction soit émulée par un émulateur (154) UC, le gestionnaire (158) d'anomalies examine le code d'opération de l'instruction pour déterminer (310) si une "anomalie" est déclenchée. Dans ce cas, le gestionnaire (158) d'anomalies sauvegarde (314) un enregistrement d'état sur une pile (162) d'anomalies, puis s'interrompt (316) au niveau d'une routine (160) de traitement d'anomalies correspondante. Les critères permettant de déclencher une anomalie et la routine (160) correspondante de traitement d'anomalies sont disponibles dans un fichier (164) de données susceptible d'être mis à jour.

Affiliated with

Nachenberg Carey S.

G - Physics – 06 – F

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Also associated with

Gowling Lafleur Henderson Llp

G - Physics – 02 – F

Agent

[ 0.00 ] – not rated yet Voters 0 Comments 0

Symantec Corporation

G - Physics – 06 – F

Owner

[ 0.00 ] – not rated yet Voters 0 Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for Canadian inventors and patents. Rate them and share your experience with other people.

Rating

Fault management during emulation-based antivirus scanning does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Fault management during emulation-based antivirus scanning, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Fault management during emulation-based antivirus scanning will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFCA-PAI-O-1466018

All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

Charities
Companies
MP Candidates
Patents
Employee Salary Disclosure

World

Places of the World
Scientific Papers

United States

Banks
Companies
Counties
Patents
Employee Salary Disclosure