Kaspersky Lab Patents Two Methods That Counter Anti-Malware Evasion Techniques
The second patent, No. 9116621, covers a technology called “System and Method of Transfer of Control between Memory Locations.” The purpose of the technology is to make monitoring by a security solution invisible to malware. By controlling memory page access rights, it provides the ability to log Application Programming Interface (API) function calls made by the program being analyzed. Notably, the security solution receives data on these calls directly from the CPU using hardware interrupts. By transferring this information at the hardware level, monitoring is concealed, helping to detect new malware more effectively.
Both technologies are used in Kaspersky Total Security — Multi-Device, Kaspersky Internet Security — Multi-Device, Kaspersky Anti-Virus and Kaspersky Endpoint Security for Business. The technology called “System and Method for Preserving and Subsequently Restoring Emulator State” is also used in Kaspersky Security for Virtualization.
“The techniques used by cybercriminals are evolving, but Kaspersky Lab has an answer to their stratagems. For each trick designed to fool anti-malware technologies, our experts rapidly develop countermeasures that ultimately prevent our solutions from becoming less effective,” comments Timur Biyachuev, Director of Anti-Malware Research, Kaspersky Lab.
Kaspersky Lab continues to develop and patent new data protection technologies. As of the early September 2015, the company has 334 patents in Russia, the US, China and Europe, with 307 more patent applications filed.
Комментарии