1. Field of the Invention
The present invention relates to computer system security. More particularly, the present invention relates to a system and method of intercepting operating system interactions by suspicious modules.
2. Description of the Related Art
Behavior blocking systems for protecting computer systems are well-known. Generally, a behavior blocking system monitors the behavior of a process. When the behavior of a process is determined by the behavior blocking system to be malicious, protective action is taken by the behavior blocking system to protect the associated computer system.
As an example of protective action, the process, which has been determined to be malicious by the behavior blocking system, is terminated.
A non process threat (NPT) is a malicious module that is injected into an otherwise non malicious process, sometimes called a victim process. Unfortunately, the behavior of the non process threat is attributed to the victim process by the behavior blocking system resulting in undesirable termination of the victim process. Further, in certain instances, the victim process cannot be terminated without damaging the computer system.