Show metadata Hide metadata

(19)

(11)

2 840 426

(13)

(51)

IPC

G06F21/56(2013-01-01)

(21) (22)

Application

2024131946, 2024-10-24

(24)

Start date

2024-10-24

(22)

Actual filing date

2024-10-24

(45)

Published

2025-05-23

(72)

Inventor

Kirzhemanov Andrei LeonidovichParshin Iurii GennadevichSpravtsev Iurii Vladimirovich

(73)

Holder

Aktsionernoe Obshchestvo Kasperskogo"

SYSTEM AND METHOD FOR BLOCKING MALICIOUS ACTIVITY OF LEGITIMATE DRIVERS Russian patent published in 2025 - IPC G06F21/56

Abstract RU 2840426 C1

FIELD: information technology.

SUBSTANCE: invention relates to information technology, and more specifically to systems and methods for blocking malicious activity of legitimate drivers. Technical result is achieved using the proposed solution designed to block malicious activity of legitimate drivers. According to version of implementation, method of blocking malicious activity of legitimate drivers in operating system (hereinafter referred to as OS) is used, made with possibility of implementation of steps, according to which: collecting information on protected objects and information on drivers loaded in OS; detecting at least one legitimate driver loaded into the OS by means of information on drivers loaded in the OS and rules for detecting malicious activity from the rules database; using at least one of the following types of interception of calls of detected legitimate drivers: interception of IAT; interception of IOCTL; intercepted calls of detected legitimate drivers directed to protected objects are blocked based on collected information on protected objects and rules for detecting malicious activity.

EFFECT: higher security of the operating system.

18 cl, 6 dwg

Similar patents RU2840426C1

Title	Year	Author	Number
SYSTEM AND METHOD OF PROTECTING COMPUTER APPLICATIONS	2011	Rusakov Vjacheslav Evgen'Evich Shirjaev Aleksandr Vasil'Evich	RU2460133C1
METHOD OF INVOKING SYSTEM FUNCTIONS IN CONDITIONS OF USE OF AGENTS FOR PROTECTING OPERATING SYSTEM KERNEL	2014	Yudin Maksim Vitalevich Tarasenko Aleksandr Sergeevich Levchenko Vyacheslav Ivanovich Kumagin Igor Yurevich	RU2585978C2
METHOD OF CREATING A SYSTEM CALL HANDLER	2014	Yudin Maksim Vitalevich Tarasenko Aleksandr Sergeevich Levchenko Vyacheslav Ivanovich Kumagin Igor Yurevich	RU2596577C2
SYSTEM AND DETECTING METHOD OF REMOTE ADMINISTRATION APPLICATION	2016	Golovkin Maksim Yurevich Romanenko Aleksej Mikhajlovich Monastyrskij Aleksej Vladimirovich	RU2634173C1
SYSTEM AND METHOD FOR DETECTING MALWARE BY INTERCEPTING ACCESS TO INFORMATION DISPLAYED TO USER	2016	Kalinin Aleksandr Valentinovich Polozov Pavel Leonidovich Levchenko Vyacheslav Ivanovich Yudin Maksim Vitalevich	RU2634176C1
SYSTEM AND METHOD FOR BLOCKING ACCESS TO PROTECTED APPLICATIONS	2016	Kalinin Aleksandr Valentinovich Polozov Pavel Leonidovich Levchenko Vyacheslav Ivanovich Yudin Maksim Vitalevich	RU2634168C1
METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY	2015	Pavlyushshik Mikhail Aleksandrovich Monastyrskij Aleksej Vladimirovich Nazarov Denis Aleksandrovich	RU2592383C1
METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY	2015	Pavlyushshik Mikhail Aleksandrovich Monastyrskij Aleksej Vladimirovich Nazarov Denis Aleksandrovich	RU2589862C1
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE	2016	Golovkin Maksim Yurevich Monastyrskij Aleksej Vladimirovich Pintijskij Vladislav Valerevich Pavlyushchik Mikhail Aleksandrovich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich	RU2637997C1
METHOD OF ACCESSING PROCEDURES OF LOADING DRIVER	2014	Rusakov Vyacheslav Evgenevich Kirzhemanov Andrej Leonidovich Parshin Yurij Gennadevich	RU2586576C1

RU 2 840 426 C1

Authors

Kirzhemanov Andrei Leonidovich

Parshin Iurii Gennadevich

Spravtsev Iurii Vladimirovich

Dates

2025-05-23—Published

2024-10-24—Filed