The Prior Art Database and Publishing service will be updated on Sunday, February 25th, from 1-3pm ET. You may experience brief service interruptions during that time.
Browse Prior Art Database


IP.com Disclosure Number: IPCOM000186423D
Original Publication Date: 2009-Aug-19
Included in the Prior Art Database: 2009-Aug-19
Document File: 1 page(s) / 25K

Publishing Venue



Computer virus detection

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 76% of the total text.




Computer virus detection today either physically scans files or scans for viruses as programs are loaded into memory. Once detected, existing tools quarantine, delete, or fix the contaminated file which may result in loss of some data.

Computer viruses often infect existing files and when caught result in loss of data or functionality. Our solution would heuristically catch computer viruses before they actually attach themselves to existing files. Current AV software scans most processes as they are loaded into memory. Many however are loaded without being scanned such as active X controls, device drivers, services, and other system related processes.


  • Use a disk I/O filter driver or use a virtualized environment to temporarily isolate disk I/O (eg. SMC virtual disk or RnR filter driver)
  • Assess whether any protected areas of the disk or direct disk accesses have occurred.
  • Examples include system registry, system kernal, device drivers, cache regions, boot areas, swap file, or other black listed files
  • When AV updates are applied, synchronize the boundaries of the protected regions
    • The process would be suspended or delayed so that the I/O can be further analyzed.
    • Put the requested I/O into the virtual area or isolation/sandbox area. (eg. ZFS or copy on write technology)
    • Once the disk I/O is isolate...