Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-04-05
2011-04-05
Homayoumehr, Farid (Department: 2434)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S024000, C726S025000, C713S002000
Reexamination Certificate
active
07921461
ABSTRACT:
A system, method and computer program product for system for detecting a rootkit on a computer having an operating system, including a native application in ring 0 which, when the operating system is in a trusted state upon a reboot of the computer, after loading of the boot drivers but before loading of non-boot drivers, generates a first snapshot for selected files of the operating system and for a registry; the first snapshot being stored on a persistent storage medium of the computer; a second snapshot for the selected files and for the registry generated by the ordinary application after the loading of the non-boot drivers, generating; means for comparing the second snapshot with the first snapshot; and upon detecting, in the comparing step, one of a masked file and a masked registry branch, means for informing a user of possible rootkit presence on the computer.
REFERENCES:
patent: 5613002 (1997-03-01), Kephart et al.
patent: 5878050 (1999-03-01), Brahme et al.
patent: 5995982 (1999-11-01), Mercer
patent: 6021491 (2000-02-01), Renaud
patent: 6735696 (2004-05-01), Hannah
patent: 6738932 (2004-05-01), Price
patent: 6990600 (2006-01-01), Ryan et al.
patent: 7631357 (2009-12-01), Stringham
patent: 2001/0037323 (2001-11-01), Moulton et al.
patent: 2002/0010459 (2002-01-01), Whittier et al.
patent: 2002/0174349 (2002-11-01), Wolff et al.
patent: 2003/0115479 (2003-06-01), Edwards et al.
patent: 2004/0078729 (2004-04-01), Peter
patent: 2004/0181561 (2004-09-01), Knox et al.
patent: 2005/0021994 (2005-01-01), Barton et al.
patent: 2005/0278788 (2005-12-01), Jindal et al.
patent: 2006/0031673 (2006-02-01), Beck et al.
patent: 2006/0053270 (2006-03-01), Dunn et al.
patent: 2006/0064687 (2006-03-01), Dostert
patent: 2007/0113062 (2007-05-01), Osburn et al.
patent: 2008/0034429 (2008-02-01), Schneider
Simon Baker et al, “Checking Microsoft Windows® Systems for Signs of Compromise”, Oct. 28, 2005, version 1.3.4, pp. 1-18.
Golchikov Andrey V.
Sobko Andrey V.
Bardmesser Law Group
Guirguis Michael
Homayoumehr Farid
Kaspersky Lab ZAO
LandOfFree
System and method for rootkit detection and cure does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for rootkit detection and cure, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for rootkit detection and cure will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2726129