The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jun. 22, 2010
Filed:
Oct. 31, 2005
Neill Clift, Kirkland, WA (US);
Thushara K. Wijeratna, Kirkland, WA (US);
Neill Clift, Kirkland, WA (US);
Thushara K. Wijeratna, Kirkland, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
A method, software system, and computer-readable medium are provided for determining whether a malware that implements stealth techniques is resident on a computer. In one exemplary embodiment, a method is provided that obtains a first set of data that describes the processes that are reported as being active on the computer in a non-interrupt environment. Then, the method causes program execution to be interrupted at runtime so that an analysis of the active processes on the computer may be performed. After program execution is interrupted, a second set data that describes the processes that are reported as being active on the computer in a interrupt environment is obtained. By performing a comparison between the first and second sets of data, a determination may be made regarding whether the collected data contains inconsistencies that are characteristic of malware.