SYSTEM AND METHOD FOR CATEGORIZATION OF .NET APPLICATIONS Russian patent published in 2021 - IPC G06F11/34 G06F21/56 

FIELD: computer technology.

SUBSTANCE: disclosed is the method of categorizing an application created using the platform .NET (hereinafter application), implemented using a computer system in which: the CLR profiler is launched using the CLR security tool by loading the CLR execution environment into RAM when the application is launched in order to process events that occur during application execution, while the security tool sets the necessary values of environment variables for loading the CLR profiler into the address space of the application process; the application execution log is generated using a running CLR profiler based on the information collected; at the same time, information about events that occur during application execution that are processed by the CLR profiler is added to the execution log, while the events are at least function calls made by a process launched from an application where the functions are methods of the software platform .NET, which calls are made from the program code of the application during its execution; with the help of the security tool, the application is assigned to one of the predefined categories of applications based on the analysis of the generated application execution log, using heuristic rules, while the predefined categories of applications are: the category of trusted applications, the category of untrusted applications, the category of malicious applications, while if the security tool classifies the application as malicious applications, it also recognizes as malicious all assemblies loaded into RAM during application execution and are not trusted.

EFFECT: provided is categorization of an application created using the .NET platform.

10 cl, 3 dwg