US 11,971,986 B2
Self-protection of anti-malware tool and critical system resources protection
Vladimir Strogov, Singapore (SG); Aliaksei Dodz, Singapore (SG); Nikolay Grebennikov, Sofia (BG); Stanislav Protasov, Singapore (SG); and Serg Bell, Costa del Sol (SG)
Assigned to Acronis International GmbH, Schaffhausen (CH)
Filed by Acronis International GmbH, Schaffhausen (CH)
Filed on Mar. 1, 2023, as Appl. No. 18/176,873.
Application 18/176,873 is a continuation of application No. 16/726,340, filed on Dec. 24, 2019, granted, now 11,640,460.
Claims priority of provisional application 62/784,930, filed on Dec. 26, 2018.
Prior Publication US 2023/0205876 A1, Jun. 29, 2023
Int. Cl. G06F 21/55 (2013.01); G06F 21/56 (2013.01); G06F 21/62 (2013.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01)
CPC G06F 21/554 (2013.01) [G06F 21/568 (2013.01); G06F 21/6218 (2013.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06F 2221/033 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method for restricting access to protected resources of a security application, comprising:
in response to identifying a plurality of program data in an installation directory of a security application in a storage of a computing device, designating the plurality of program data installed on a computing system as protected program data;
intercepting, by a kernel mode driver associated with the security application, a request from an untrusted application executing on the computing system to alter at least one of the protected program data;
classifying, by a self-defense service associated with the security application, the untrusted application as a malicious application based on information in the intercepted request and characteristics of the untrusted application; and
responsive to classifying the untrusted application as a malicious application, denying, by the kernel mode driver, access to the at least one of the protected program data.