US 12,079,339 B2
In-memory scanning for fileless malware on a host device
Kedar Bhalchandra Chaudhari, Pune (IN); Pranav Gokhale, Pune (IN); and Mandar Barve, Pune (IN)
Assigned to VMware, Inc., Palo Alto, CA (US)
Filed by VMware, Inc., Palo Alto, CA (US)
Filed on May 12, 2022, as Appl. No. 17/743,274.
Prior Publication US 2023/0367877 A1, Nov. 16, 2023
Int. Cl. G06F 21/00 (2013.01); G06F 21/53 (2013.01); G06F 21/56 (2013.01)
CPC G06F 21/566 (2013.01) [G06F 21/53 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
at least one processor of a host device; and
at least one memory of the host device comprising computer program code of an anti-malware scanner (AMS), the at least one memory and the computer program code configured to, with the at least one processor, cause the at least one processor to:
receive, by the AMS, a malware scan request from a virtual computing instance (VCI) of the host device, wherein the malware scan request includes script data of a script from a memory buffer of the VCI;
scan, using the AMS outside of the VCI, the script data of the malware scan request;
determine that the script includes malware based on the scan of the script data; and
notify the VCI that the script includes malware, whereby the VCI is configured to prevent execution of the script.