TRACKING OF FILES REQUIRED FOR RUNNING MALWARE PROCESSES

Organization Name

dell products l.p.

Inventor(s)

Ofir Ezrielev of Be’er Sheba (IL)

Yehiel Zohar of Sderot (IL)

Yevgeni Gehtman of Modi'in (IL)

Tomer Shachar of Beer-Sheva (IL)

Maxim Balin of Gan-Yavne (IL)

TRACKING OF FILES REQUIRED FOR RUNNING MALWARE PROCESSES - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240346143 titled 'TRACKING OF FILES REQUIRED FOR RUNNING MALWARE PROCESSES

The abstract of the patent application describes a system for tracking processes in a computing system, identifying malware processes, and performing protective operations to remove the malware.

• The tracking data includes child processes, parent processes, and files associated with the operation of the processes.
• When a process is identified as malware, protective operations are carried out, which may involve removing or purging the malware process and associated processes/files.
• An infected snapshot can be generated to analyze the characteristics and operating procedures of the malware by executing it in a sandbox environment.

Potential Applications: - Cybersecurity systems - Malware detection and removal tools - System monitoring and analysis software

Problems Solved: - Identification and removal of malware processes - Protection of computing systems from malicious software - Analysis of malware characteristics for security purposes

Benefits: - Enhanced cybersecurity measures - Improved system performance and reliability - Prevention of data breaches and system compromises

Commercial Applications: Title: "Advanced Malware Detection and Removal System" This technology can be utilized by cybersecurity companies, IT departments, and software developers to enhance the security of computing systems and protect against malware threats. The market implications include increased demand for advanced cybersecurity solutions and a growing need for robust malware detection tools.

Prior Art: Researchers and developers in the field of cybersecurity, malware analysis, and system monitoring may have published related studies, tools, or technologies that could be considered as prior art for this patent application.

Frequently Updated Research: Ongoing research in malware analysis, threat intelligence, and cybersecurity technologies may provide valuable insights and advancements in the field of malware detection and removal systems.

Questions about the technology: 1. How does the system differentiate between legitimate processes and malware processes? - The system uses various algorithms and heuristics to analyze the behavior and characteristics of processes to identify malware accurately. 2. What measures are in place to prevent false positives in malware detection? - The system incorporates multiple layers of verification and validation to minimize false positives and ensure accurate malware detection.

Original Abstract Submitted

processes operating in a computing system are tracked. the tracking data includes or identified child processes, parent processes, and/or files associated with operation of the processes. when a process is determined to be a malware process, protective operations are performed. protective operations may include removing or purging the malware process and all processes/files associated with the malware process in the tracking data. an infected snapshot may also be generated such that characteristics, operating procedures, and other aspects of the malware can be determined by recovering the infected snapshot to a sandbox environment and allowing the malware to execute therein.