FIELD: information technology.
SUBSTANCE: invention relates to protection from computer threats, particularly methods of detecting malicious code in random-access memory. Method of using application control module includes steps of: detecting at least one untrusted process, wherein process is untrusted if it is started from an untrusted application; collecting data on application, from which is started at least one untrusted process; intercepting a call of at least one function of interprocess interaction implemented by untrusted process; determining call features of at least one intercepted function interprocess interaction; determining need to analyse code in addressing space of process, which is purpose of calling function interprocess interaction, by means of at least one heuristic rule, application of which to collected data on application, as well as to determination at previous step of features of call determines need for analysis of code at same time for purpose of call function interprocess interaction refers to process, on which function call interprocess interaction; code analysis is performed in memory area of process, which is to call function interprocess interaction, in order to detect malicious code, result of analysis is recognition or non-recognition of said code in he memory area objects; determining functional detected malicious code in memory area of process, which is to call function interprocess interaction, under functional code is a set of system calls, which can be performed during code execution; formed at least one rule application control module control applications in addressing space of which is a code, which was found objects, based on determined at stage of previously functional said malicious code; control module is used applications according to at least one formed at stage of previously rule control application.
EFFECT: improved protection of computing device.
5 cl, 4 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2592383C1 |
| SYSTEM AND METHOD OF DETECTING THE HARMFUL CODE IN THE ADDRESS PROCESS SPACE | 2017 |
|
RU2665910C1 |
| SYSTEM AND METHOD OF DETECTING MALICIOUS SCRIPT | 2017 |
|
RU2659738C1 |
| METHOD FOR EXCLUDING PROCESSES OF ANTIVIRUS SCANNING ON THE BASIS OF DATA ON FILE | 2015 |
|
RU2595510C1 |
| SYSTEM AND METHOD OF ASSESSMENT OF HARMFULLNESS OF CODE EXECUTED IN ADDRESSING SPACE OF CONFIDENTIAL PROCESS | 2013 |
|
RU2531861C1 |
| SYSTEM AND METHOD OF REDUCING LOAD ON OPERATING SYSTEM WHEN EXECUTING ANTIVIRUS APPLICATION | 2013 |
|
RU2571723C2 |
| SYSTEM AND METHOD FOR CATEGORIZATION OF .NET APPLICATIONS | 2018 |
|
RU2756186C2 |
| SYSTEM AND METHOD FOR DETECTING MALWARE BY INTERCEPTING ACCESS TO INFORMATION DISPLAYED TO USER | 2016 |
|
RU2634176C1 |
| SYSTEM AND METHOD FOR BLOCKING ACCESS TO PROTECTED APPLICATIONS | 2016 |
|
RU2634168C1 |
| SYSTEM AND METHOD OF PROTECTING AUTOMATED SYSTEMS USING GATEWAY | 2019 |
|
RU2724796C1 |
