1. Field of the Invention
The present invention relates to computer system security. More particularly, the present invention relates to a system and method of protecting computer systems from malicious code.
2. Description of the Related Art
To protect computer systems from malicious code, an anti-virus scanner is used. The anti-virus scanner typically scans the computer system for malicious code using virus definitions of malicious code.
The anti-virus scanner relies upon updates from security vendor update sites. These updates are an important component of the anti-virus scanner. For example, as new malicious code is discovered, new virus definitions are distributed as an update to enable the anti-virus scanner to detect the newly discovered malicious code.
Unfortunately, it is often not practical to distribute new virus definitions to the entire public in the case where new malicious code is discovered only on a few computer systems, e.g., on one or two computer systems. In this event, the infected computer systems are not protected by the antivirus scanner.
However, the malicious code can still be detected on the infected computer system heuristically using a malicious code heuristic detection application. For example, abnormal behavior of an application can be detected by the malicious code heuristic detection application to determine that the application is in fact malicious code. Based on this heuristic detection, the detected malicious code is remediated.
Although the heuristically detected malicious code is remediated, other instances of the malicious code may remain on the computer system. Upon execution, these other malicious code instances should be heuristically detected. However, the other malicious code instances still have the potential to damage the computer system.