System and method for gathering exhibited behaviors on a .NET executable module in a secure manner

A system and method for gathering exhibited behaviors of a .NET executable module in a secure manner is presented. In operation, a .NET behavior evaluation module presents a virtual .NET environment to a Microsoft Corporation .NET code module. The .NET behavior evaluation module implements a sufficient number of aspects of an actual Microsoft Corporation .NET environment that a .NET code module can execute. As the .NET code module executes, the .NET behavior evaluation module records some of the exhibited behaviors, i.e., .NET system supplied libraries/subroutines, that are associated with known malware. The recorded behaviors are placed in a behavior signature for an external determination as to whether the .NET code module is malware, i.e., an unwanted computer attack.

Web www.patentalert.com

< Method, system, and computer program product for limiting authorization of an executable action to an application session

< Printer-scanner

> System, method and program for implementing priority inheritance in an operating system

> System and method for detection of artificially generated system load

~ 00610