SYSTEM AND METHOD OF REDUCING LOAD ON OPERATING SYSTEM WHEN EXECUTING ANTIVIRUS APPLICATION Russian patent published in 2015 - IPC G06F21/00 

Abstract RU 2571723 C2

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to antivirus systems. A method of determining required analysis of events during antivirus inspection based on the current trusted status of the process includes the following steps: a) monitoring execution of the process in the operating system by process monitoring means; b) assigning an initial process status by the process monitoring means, wherein the process status is a trusted process or non-trusted process; c) using the process monitoring means, in accordance with the current process status, to establish at least one event type, the events of which are detected in a stream of all events for said process, wherein the established event types are at least mandatory or critical events, wherein if said process has a trusted process status, then a mandatory event type is established therefor, and if said process has a non-trusted process status, at least two event types are established therefor, specifically a critical event type and a mandatory event type, where: the mandatory event is an event upon detection of which evaluation of the process status should be performed for possible change of the current process status; the critical event is an event upon detection of which evaluation of process status should be performed based on antivirus inspection of the launched process or file, from which said process was launched; d) performing analysis of each detected event according to the current process status using evaluation criteria which define the need to change the process status using event processing means, wherein information on evaluation criteria is stored in an evaluation criteria database; e) making a decision on the need to change the current process status based on the performed analysis using the event processing means; f) using the process monitoring means to change the current process status based on the decision and switching to step c).

EFFECT: reducing the number of events associated with execution of the process requiring analysis during antivirus inspection.

15 cl, 5 dwg

Similar patents RU2571723C2

Title Year Author Number
METHOD FOR EXCLUDING PROCESSES OF ANTIVIRUS SCANNING ON THE BASIS OF DATA ON FILE 2015
  • Levchenko Vyacheslav Ivanovich
  • Yudin Maksim Vitalevich
RU2595510C1
SYSTEM AND METHOD OF DETERMINING THE CATEGORY OF PROXY APPLICATION 2014
  • Filatov Konstantin Mikhajlovich
  • Inozemtseva Olga Olegovna
  • Jablokov Viktor Vladimirovich
RU2580032C2
SYSTEM AND METHOD OF DETERMINING UNKNOWN STATUS APPLICATION 2014
  • Filatov Konstantin Mikhajlovich
  • Inozemtseva Olga Olegovna
  • Jablokov Viktor Vladimirovich
RU2580053C2
SYSTEM AND METHOD OF ASSESSMENT OF HARMFULLNESS OF CODE EXECUTED IN ADDRESSING SPACE OF CONFIDENTIAL PROCESS 2013
  • Pavljushchik Mikhail Aleksandrovich
RU2531861C1
SYSTEM AND METHOD OF ADAPTING PATTERNS OF DANGEROUS PROGRAM BEHAVIOR TO USERS' COMPUTER SYSTEMS 2017
  • Pavlyushchik Mikhail Aleksandrovich
  • Slobodyanyuk Yurij Gennadevich
  • Monastyrskij Aleksej Vladimirovich
  • Martynenko Vladislav Valerevich
RU2652448C1
METHOD OF SELECTIVE USE OF PATTERNS OF DANGEROUS PROGRAM BEHAVIOR 2017
  • Pavlyushchik Mikhail Aleksandrovich
  • Slobodyanyuk Yurij Gennadevich
  • Monastyrskij Aleksej Vladimirovich
  • Martynenko Vladislav Valerevich
RU2665909C1
SYSTEM AND METHOD OF PROTECTING COMPUTING DEVICE FROM MALICIOUS OBJECTS USING COMPLEX INFECTION SCHEMES 2011
  • Poljakov Aleksej Aleksandrovich
  • Martynenko Vladislav Valer'Evich
  • Slobodjanjuk Jurij Gennad'Evich
  • Nazarov Denis Aleksandrovich
  • Pavljushchik Mikhail Aleksandrovich
RU2454705C1
METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY 2015
  • Pavlyushshik Mikhail Aleksandrovich
  • Monastyrskij Aleksej Vladimirovich
  • Nazarov Denis Aleksandrovich
RU2592383C1
SYSTEM AND METHOD OF DETECTING FRAUDULENT ONLINE TRANSACTIONS 2014
  • Golovanov Sergej Jur'Evich
  • Monastyrskij Aleksej Vladimirovich
RU2571721C2
SYSTEM AND METHOD FOR DETECTING MALWARE BY INTERCEPTING ACCESS TO INFORMATION DISPLAYED TO USER 2016
  • Kalinin Aleksandr Valentinovich
  • Polozov Pavel Leonidovich
  • Levchenko Vyacheslav Ivanovich
  • Yudin Maksim Vitalevich
RU2634176C1

RU 2 571 723 C2

Authors

Sobko Andrej Vladimirovich

Judin Maksim Vital'Evich

Mezhuev Pavel Nikolaevich

Godunov Il'Ja Borisovich

Shirokij Maksim Aleksandrovich

Dates

2015-12-20Published

2013-12-05Filed