Abstract: Controlling code execution on a computing device may prevent malicious code from executing. In order to control code execution, context information for code packages on the computing device can be maintained. The context information may be generated upon initialization of the computing device or if changes to the code package are made. The context information may be used in conjunction with access control lists (ACLs) and/or execution control lists (ECLs) in order to quickly evaluate whether a code package should be allowed to execute.
Abstract: Ransomware attacks may be prevented by monitoring file access requests. When a process requests a directory listing, the results provided may be modified based on whether the process is trusted or not. For trusted processes, the results provided are the actual directory listing, while the results provided to processes that aren't trusted may be modified to include seeded files. Access to the seeded files may be monitored to determine if the process is associated with a ransomware attack, and steps taken to mitigate an attempted ransomware attack. Ransomware may also be prevented by ensuring that only trusted processed are allowed to access certain files. In order to provide an improved user experience, the processes can be determined automatically from a system structure and their trustworthiness determined.
Abstract: Ransomware attacks may be prevented by monitoring file access requests. When a process requests a directory listing, the results provided may be modified based on whether the process is trusted or not. For trusted processes, the results provided are the actual directory listing, while the results provided to processes that aren't trusted may be modified to include seeded files. Access to the seeded files may be monitored to determine if the process is associated with a ransomware attack, and steps taken to mitigate an attempted ransomware attack. Ransomware may also be prevented by ensuring that only trusted processed are allowed to access certain files. In order to provide an improved user experience, the processes can be determined automatically from a system structure and their trustworthiness determined.