US Patent 7802300 Method and apparatus for detecting and removing kernel rootkits

Patent 7802300 was granted and assigned to Trend Micro on September, 2010 by the United States Patent and Trademark Office.

Overview Structured Data Issues Contributors Activity

Is a

Patent

Patent attributes

Current Assignee

Trend Micro

Patent Jurisdiction

United States Patent and Trademark Office

Patent Number

7802300

Date of Patent

September 21, 2010

Patent Application Number

11702965

Date Filed

February 6, 2007

Patent Primary Examiner

‌

Shin-Hon Chen

Patent abstract

In one embodiment, an anti-rootkit module compares operating system kernel binary files to their loaded kernel file image in memory to find a difference between them. The difference may be scanned for telltale signs of rootkit modification. To prevent rootkits from interfering with memory access of the kernel file image, a pre-scan may be performed to ensure that paging functions and the interrupt dispatch table are in known good condition. If the difference is due to a rootkit modification, the kernel file image may be restored to a known good condition to disable the rootkit. A subsequent virus scan may be performed to remove remaining traces of the rootkit and other malicious codes from the computer.

Timeline

No Timeline data yet.

Further Resources

Title

Author

Link

Type

Date

No Further Resources data yet.

References

Find more entities like US Patent 7802300 Method and apparatus for detecting and removing kernel rootkits

Use the Golden Query Tool to find similar entities by any field in the Knowledge Graph, including industry, location, and more.

Open Query Tool

Access by API