Polymorphic virus detection module
Number of patents in Portfolio can not be more than 2000
United States of America Patent
Stats
-
Oct 20, 1998
Issued Date -
N/A
app pub date -
Jan 8, 1997
filing date -
Sep 28, 1995
priority date (Note) -
In Force
status (Latency Note)
Importance
Abstract
A Polymorphic Anti-virus Module (PAM) (200) comprises a CPU emulator (210) for emulating the target program, a virus signature scanning module (250) for scanning decrypted virus code, and an emulation control module (220), including a static exclusion module (230), a dynamic exclusion module (240), instruction/interrupt usage profiles (224) for the mutation engines (162) of the known polymorphic viruses (150), size and target file types (226) for these viruses, and a table (228) having an entry for each known polymorphic virus (150). During emulation, the emulation control module (220) may observe use of a register-indirect memory write instruction using a register that has not been initialized. Such a random write can be used as an indication that the file is probably a data file and so is unlikely to harbor a virus.
First Claim
Family
International Classification(s)
- [Classification Symbol]
- [Patents Count]
Cited Art Landscape
Patent Citation Ranking
Advertisement
Advertisement
Advertisement
Recipient Email Address
Recipient Email Address
Comment
Recipient Email Address
Add to Portfolio(s)
To add this patent to one, or more, of your portfolios, simply click the add button.
This Patent is in these Portfolios:
Add to additional portfolios:
Last Refreshed On:
Changes done successfully