Computer systems have increasingly become an integral part of the businesses world and the activities of individual consumers. For example, computer systems are used to complete transactions, store data, provide information, etc. An operating system is the software component of a computer system that manages and coordinates processes executed by the system. In addition, the operating system manages and coordinates the various resources of the computer system.
Computer systems include multiple directories. One such directory is a registry. A registry is a directory that stores settings and options for the operating system. The registry includes information and settings for hardware, operating system software, non-operating system software, users, etc. Users of computer systems often desire to alter various settings of the computer in order to tailor the performance of the computer to their needs. For example, users may modify information and settings included in the registry in order to customize the performance of the computer.
On occasion, malicious processes (i.e., applications) attempt to disrupt the performance and efficiency of the operating system by modifying settings in the registry. These malicious processes interfere with a user's ability to troubleshoot the computer system. In addition, the malicious process may also prohibit a user from exploring the functions and capabilities provided by the computer system. For example, in order to disrupt the performance of the operating system and interfere with the user's ability to operate the computer system, it may be advantageous for the malicious process to disable the user's ability to edit the registry, and manage tasks running on the operating system. In addition, it may be advantageous for the malicious process to disable firewalls and the ability of the computer system to automatically download updates for software, security protocols, etc. As such, benefits may be realized by providing improved systems and methods for identifying nefarious behavior in a computer system and determining a classification for the process that carried out the malicious behavior.