SYSTEM AND METHOD OF FILE ANALYSIS FOR MALICIOUSNESS IN VIRTUAL MACHINE Russian patent published in 2018 - IPC G06F21/56 G06F21/53 

FIELD: information technology.

SUBSTANCE: invention relates to solutions for detecting malicious files. System for analyzing the maliciousness of a file opened in a virtual machine as an environment for safe execution of files, which intercepts the event that occurs during the execution of the process thread created when the file is opened in the virtual machine as a safe execution environment, and suspends the execution of the stream; read the context of the processor on which the thread is executing; save the intercepted event and the context in the log; compare the data stored in the log with the templates, at the same time, at least one of the decisions is taken based on the comparison: the decision to recognize the file as malicious, the decision to stop the execution of the file, the decision to change the context of the processor, the decision to wait for the next event; perform actions that are consistent with the decisions taken.

EFFECT: increased security of the computer system.

18 cl, 4 dwg