| CPC H04L 63/1416 (2013.01) [H04L 12/06 (2013.01); H04L 63/20 (2013.01)] | 15 Claims |
|
1. A method for performing a non-invasive malware scan of a target computing device including a processor and a memory, by way of scanning only the memory of the target computing device, the method comprising:
loading a Remote Direct Memory Access (“RDMA”) unit and an endpoint protection agent comprising a first memory scan engine on the target computing device;
monitoring, via the first memory scan engine of the endpoint protection agent and the RDMA unit, the memory of the target computing device for a violation of a predetermined security policy on the endpoint protection agent;
providing, by the RDMA unit, remote direct memory access to the memory of the target computing device to a remote security server for reading the memory of the target computing device;
scanning, by a second memory scan engine of the remote security server, the memory of the target device upon violation of the predetermined security policy, wherein the scanning is only of processes occurring on the device during the scan and does not include scanning files or running a virus scanner on the target device;
identifying, by the second memory scan engine of the remote security server, a threat on the target device; and
sending, by the remote security server, a security response action to the RDMA unit on the target device in accordance with the predetermined security policy.
|