CPC G06F 21/577 (2013.01) [G06F 21/554 (2013.01); G06F 2221/034 (2013.01)] | 24 Claims |
1. A system comprising:
a reputation data store storing reputation information;
a processor; and
a memory storing instructions executable by the processor, wherein the instructions executable by the processor comprise instructions for:
generating an inspection point, the inspection point causing an exception when a set of software instructions encounters the inspection point during an execution of the set of software instructions by the processor;
registering an exception handler to handle the exception associated with by the inspection point;
receiving, in response to the set of software instructions encountering the inspection point, an indication of the exception;
based on the indication of the exception, accessing a context record associated with the execution of the set of software instructions;
accessing reputation information from the reputation data store;
evaluating the context record to determine if an exploit is present, wherein evaluating the context record comprises evaluating the context record using the reputation information; and
based on a determination that the exploit is present, performing a corrective action for the exploit.
|