| CPC G06F 21/566 (2013.01) [G06F 9/45558 (2013.01); G06F 21/53 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01); G06F 2221/033 (2013.01)] | 20 Claims |
|
1. A computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
identifying one or more environmental variables of a virtual compute instance used by malware to detect a presence of a sandbox environment;
storing sandbox configuration information including the one or more environmental variables at a threat management facility;
distributing the sandbox configuration information to a local security agent on an endpoint in an enterprise network;
receiving computer code;
applying static analysis to the computer code to identify a detection technique in the computer code that attempts to detect whether the computer code is in the sandbox environment based on the one or more environmental variables;
based on identifying the detection technique, causing the endpoint to present the one or more environmental variables in a computing environment on the endpoint to deter malware from deploying when malware is executing on the endpoint;
creating a sandbox, wherein the sandbox hides the one or more environmental variables in the sandbox so that the computer code is more likely to deploy an attack in the sandbox;
executing the computer code in the sandbox; and
based on detecting malicious behavior by the computer code in the sandbox, initiating a remediation action related to the malicious behavior.
|