FIELD: information technology.
SUBSTANCE: invention relates to information technology, and more specifically to systems and methods for blocking malicious activity of legitimate drivers. Technical result is achieved using the proposed solution designed to block malicious activity of legitimate drivers. According to version of implementation, method of blocking malicious activity of legitimate drivers in operating system (hereinafter referred to as OS) is used, made with possibility of implementation of steps, according to which: collecting information on protected objects and information on drivers loaded in OS; detecting at least one legitimate driver loaded into the OS by means of information on drivers loaded in the OS and rules for detecting malicious activity from the rules database; using at least one of the following types of interception of calls of detected legitimate drivers: interception of IAT; interception of IOCTL; intercepted calls of detected legitimate drivers directed to protected objects are blocked based on collected information on protected objects and rules for detecting malicious activity.
EFFECT: higher security of the operating system.
18 cl, 6 dwg
Title | Year | Author | Number |
---|---|---|---|
SYSTEM AND METHOD OF PROTECTING COMPUTER APPLICATIONS | 2011 |
|
RU2460133C1 |
METHOD OF INVOKING SYSTEM FUNCTIONS IN CONDITIONS OF USE OF AGENTS FOR PROTECTING OPERATING SYSTEM KERNEL | 2014 |
|
RU2585978C2 |
METHOD OF CREATING A SYSTEM CALL HANDLER | 2014 |
|
RU2596577C2 |
SYSTEM AND DETECTING METHOD OF REMOTE ADMINISTRATION APPLICATION | 2016 |
|
RU2634173C1 |
SYSTEM AND METHOD FOR DETECTING MALWARE BY INTERCEPTING ACCESS TO INFORMATION DISPLAYED TO USER | 2016 |
|
RU2634176C1 |
SYSTEM AND METHOD FOR BLOCKING ACCESS TO PROTECTED APPLICATIONS | 2016 |
|
RU2634168C1 |
METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2592383C1 |
METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2589862C1 |
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE | 2016 |
|
RU2637997C1 |
METHOD OF ACCESSING PROCEDURES OF LOADING DRIVER | 2014 |
|
RU2586576C1 |
Authors
Dates
2025-05-23—Published
2024-10-24—Filed