Unlock instant, AI-driven research and patent intelligence for your innovation.

Executable file processing method and executable file monitoring method

A technology for executing files and files, which is applied in the field of network security, can solve problems such as slowing down the execution speed of the system, and achieve the effect of minimizing interference, minimizing interference, and increasing speed

Active Publication Date: 2017-11-14
TENCENT TECH (SHENZHEN) CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this solution must be based on the fact that the executable file has been checked and killed by the file monitoring on the client machine, because if the user installs the antivirus software for the first time, the acceleration cache cannot be established until the user executes the relevant file.
When the user starts the antivirus software for the first time, the file monitoring will still slow down the execution speed of the system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Executable file processing method and executable file monitoring method
  • Executable file processing method and executable file monitoring method
  • Executable file processing method and executable file monitoring method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] The present invention provides an executable file checking and killing acceleration method, such as figure 1 As shown, the method includes:

[0061] collect executable file list (S1);

[0062] Sampling the information of the executable file according to the list, and using the information to build a whitelist file (S2);

[0063] Verifying whether the whitelist file is established successfully (S3) according to the list and information;

[0064] The search engine of the client side directly obtains the killing result of an executing file by using the whitelist file that has been successfully constructed (S4).

[0065] Through the above scheme, it can be achieved that in the process of intercepting executable files, the antivirus software can directly obtain the killing results of the executable files listed in the whitelist through the automatically generated whitelist, thus occupying less processing resources and not requiring Aborts the execution of an executable wi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an executable file killing acceleration method. The executable file killing acceleration method includes: collecting executable file lists; sampling information of executable files according to the lists and establishing white list files according to the information; verifying whether the white list files are successfully established or not according to the lists and the information; a client search engine directly acquiring a killing result of the files being executed by the aid of the white list files successfully established. By the adoption of white lists, executable file killing of antivirus software is quickened, and interference of file monitoring on an operating system is minimized when the files are executed in the system.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an executable file processing method and an executable file monitoring method. Background technique [0002] For host anti-virus security software, it is divided into two basic technologies: static defense and dynamic defense. These two aspects are the cornerstones of anti-virus transmission. Among them, dynamic defense is an important technology to ensure the security of users' machines, and file monitoring is an important part of the dynamic defense system. In file monitoring, an important function is that when an executable file is executed by the system, it should first identify whether the executable file is a malicious program, including process files (exe) and dynamic link library files (dll). Considering security, this step generally blocks the execution process of the executable file, waits for the killing to be completed, and if it is not a virus, releases the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 郭祎斌
Owner TENCENT TECH (SHENZHEN) CO LTD