FIELD: information technology.
SUBSTANCE: user application function calls are intercepted before changing the time mark of a file; the record on the number of changes to the time mark of the file made by the application is updated; the record on the number of changes to the time mark of the file made by the application is updated; if possible, the record is stored in the address space of the operating system; upon request of the control application, the record is sent to the application and then compared with information stored in the control application; finally, depending on the comparison result, the corresponding action is taken (for example, the application which modified the file is scanned for viruses) if the record does not correspond to information stored in the control application. The control application contains a data base of the number of changes to the time mark of the file in form of a counter which corresponds to each file.
EFFECT: efficient monitoring of altered files.
4 cl, 11 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD OF INVOKING SYSTEM FUNCTIONS IN CONDITIONS OF USE OF AGENTS FOR PROTECTING OPERATING SYSTEM KERNEL | 2014 |
|
RU2585978C2 |
| METHOD FOR DETECTION WORKING MALICIOUS SOFTWARE RUNNED FROM CLIENT, ON SERVER | 2015 |
|
RU2617631C2 |
| METHOD OF CREATING A SYSTEM CALL HANDLER | 2014 |
|
RU2596577C2 |
| METHOD OF DETECTION OF A MALICIOUS FILE USING THE DATABASE OF VULNERABLE DRIVERS | 2022 |
|
RU2794713C1 |
| SYSTEM AND METHOD OF PROVIDING SAFETY OF ONLINE TRANSACTIONS | 2013 |
|
RU2587423C2 |
| SYSTEM AND METHOD OF EXECUTING OPERATING SYSTEM PROCESS REQUESTS TO FILE SYSTEM | 2015 |
|
RU2610228C1 |
| SYSTEM AND METHOD OF OPENING FILES CREATED BY VULNERABLE APPLICATIONS | 2015 |
|
RU2606883C2 |
| METHOD OF DETECTING UNKNOWN PROGRAMS BY LOAD PROCESS EMULATION | 2011 |
|
RU2472215C1 |
| METHOD OF ACCESSING PROCEDURES OF LOADING DRIVER | 2014 |
|
RU2586576C1 |
| SYSTEM AND METHOD OF CHECKING EXECUTABLE CODE BEFORE EXECUTION THEREOF | 2012 |
|
RU2510074C2 |
