PPSAM: Proactive PowerShell Anti-Malware: Customizable Comprehensive Tool to Supplement Commercial AVs

Alejandro Villegas, Lei Chen

Research output: Contribution to book or proceedingChapter

Abstract

his research first explores the different types of Anti-Malware solution approaches, evaluating the pros and cons, and concentrating on their potential weaknesses and drawbacks. The malware technologies analyzed include Windows Direct Kernel Object Manipulation (DKOM), Kernel Patch Protection, Data Execution Prevention, Address Space Layout Randomization, Driver Signing, Windows Service Hardening, Ghostbuster, Assembly Reverse Analysis, and Virtual CloudAV. Furthermore, a proactive comprehensive solution is provided by utilizing the Windows PowerShell 2.0 utility that is available for Windows Vista, 7, 2008 and 2008 R2. The proposed Proactive PowerShell Anti-Malware (PPSAM) is a utility that monitors the system via health checks with shell scripts that can be fully customized and have the ability to be executed on remote systems. PPSAM is designed to be a proactive complement that attempts to promote early discovery of intrusions and malicious applications, and to provide triggers and reports utilizing the scripts' output.
Original languageAmerican English
Title of host publicationProceedings of the International Conference on Security and Management (SAM)
StatePublished - Jul 18 2011

Keywords

  • Anti-virus
  • Customizable
  • Malware
  • PowerShell
  • Proactive
  • Security

DC Disciplines

  • Databases and Information Systems

Fingerprint

Dive into the research topics of 'PPSAM: Proactive PowerShell Anti-Malware: Customizable Comprehensive Tool to Supplement Commercial AVs'. Together they form a unique fingerprint.

Cite this