1. Field of the Invention
The present invention relates to a computer program product, system, and method for using a characteristic of a process I/O activity and data subject to the i/o activity to determine whether the process is a suspicious process.
2. Description of the Related Art
Anti-malware software, also known as anti-virus software, is used to detect, prevent and remove malicious software, such as malicious browser helper objects (BHOs), browser hijackers, ransomware, key loggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraud tools, adware and spyware. Typically when there is a possible data breach from malicious software, access to the data subject to the breach is blocked until the security threat is resolved, so as to avoid any alteration of data by the suspicious software.
There is a need in the art for improved techniques for detecting suspicious processes potentially having malware so that such processes can then be managed to prevent malevolent activity and compromising data.