SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE Russian patent published in 2020 - IPC G06F21/53 G06F21/55 

FIELD: physics.

SUBSTANCE: invention relates to a method of generating a log when executing a file with vulnerabilities. Method comprises steps of: detecting, by an interception means during execution of a process stream created when opening said file, an event, at occurrence of which triggers a flip-flop describing conditions associated with an event associated with an attempt to exploit a malicious application of said file; method includes analysing, by an interception means, a stack of a process created when opening said file, detecting a sequence of calls of functions preceding an event on which a trigger has triggered; method includes analysing, by an intercepting means, a detected sequence of function calls for performing associated triggering conditions; in case of accompanying triggering conditions related to attempt to exploit said file vulnerability by malware, data on detected sequence of function calls are stored in log for subsequent analysis by means of analysis in order to detect availability of malicious application in virtual machine.

EFFECT: technical result is higher accuracy of detecting presence in a virtual machine of a malicious application exploiting a security file vulnerability.

14 cl, 4 dwg