Search International and National Patent Collections

1. (WO2018052510) SYSTEMS AND METHODS FOR DETECTING MALICIOUS PROCESSES ON COMPUTING DEVICES

Pub. No.:    WO/2018/052510    International Application No.:    PCT/US2017/041169
Publication Date: Fri Mar 23 00:59:59 CET 2018 International Filing Date: Sat Jul 08 01:59:59 CEST 2017
IPC: G06F 21/56
Applicants: SYMANTEC CORPORATION
Inventors: FERRIE, Peter
Title: SYSTEMS AND METHODS FOR DETECTING MALICIOUS PROCESSES ON COMPUTING DEVICES
Abstract:
The disclosed computer-implemented method for detecting malicious processes on computing devices may include (i) identifying a portion of data on a computing device that is stored in an unrestricted section of memory and accessed by processes while running on the computing device, (ii) allocating a restricted section of memory within the computing device and indicating that the portion of data is located in the restricted section of memory, (iii) detecting an attempt by a process running on the computing device to access the portion of data within the restricted section of memory using an unexpected access method, (iv) determining, based at least in part on the process attempting to access the portion of data within the restricted section of memory using the unexpected access method, that the process is malicious, and (v) performing a security action on the computing device to prevent the malicious process from harming the computing device.