PPSAM: Proactive PowerShell Anti-Malware: Customizable Comprehensive Tool to Supplement Commercial AVs

Alejandro Villegas, Lei Chen

Research output: Contribution to conferencePresentation

Abstract

his research first explores the different types of Anti-Malware solution approaches, evaluating the pros and cons, and concentrating on their potential weaknesses and drawbacks. The malware technologies analyzed include Windows Direct Kernel Object Manipulation (DKOM), Kernel Patch Protection, Data Execution Prevention, Address Space Layout Randomization, Driver Signing, Windows Service Hardening, Ghostbuster, Assembly Reverse Analysis, and Virtual CloudAV. Furthermore, a proactive comprehensive solution is provided by utilizing the Windows PowerShell 2.0 utility that is available for Windows Vista, 7, 2008 and 2008 R2. The proposed Proactive PowerShell Anti-Malware (PPSAM) is a utility that monitors the system via health checks with shell scripts that can be fully customized and have the ability to be executed on remote systems. PPSAM is designed to be a proactive complement that attempts to promote early discovery of intrusions and malicious applications, and to provide triggers and reports utilizing the scripts' output.
Original languageAmerican English
StatePublished - Jul 19 2011
EventInternational Conference on Security and Management (SAM) - Las Vegas, NV
Duration: Jul 20 2011 → …

Conference

ConferenceInternational Conference on Security and Management (SAM)
Period07/20/11 → …

Keywords

  • Anti-virus
  • Customizable
  • Malware
  • PowerShell
  • Proactive
  • Security

DC Disciplines

  • Databases and Information Systems

Fingerprint

Dive into the research topics of 'PPSAM: Proactive PowerShell Anti-Malware: Customizable Comprehensive Tool to Supplement Commercial AVs'. Together they form a unique fingerprint.

Cite this