The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Oct. 20, 2009
Filed:
Oct. 31, 2005
Peter Szor, Northridge, CA (US);
Peter Ferrie, Los Angeles, CA (US);
Matthew Conover, East Palo Alto, CA (US);
Peter Szor, Northridge, CA (US);
Peter Ferrie, Los Angeles, CA (US);
Matthew Conover, East Palo Alto, CA (US);
Symantec Corporation, Mountain View, CA (US);
Abstract
Call to driver load functions, including associated driver objects to be loaded, are stalled and evaluated for indications of a rootkit. When a rootkit is indicated, protective action is taken, and optionally a user or system administrator are notified. Calls not indicative of a rootkit are released and allowed to load. In one embodiment, calls to currently loaded drivers and calls related to installation of new hardware, are excluded from the evaluation for indications of a rootkit. In additional embodiments, sensitive structures and calls to sensitive structures of a computer system are also evaluated for indications of a rootkit.