[go: up one dir, main page]

CN109784035B - Installation process tracking processing method and device - Google Patents

Installation process tracking processing method and device Download PDF

Info

Publication number
CN109784035B
CN109784035B CN201811627974.7A CN201811627974A CN109784035B CN 109784035 B CN109784035 B CN 109784035B CN 201811627974 A CN201811627974 A CN 201811627974A CN 109784035 B CN109784035 B CN 109784035B
Authority
CN
China
Prior art keywords
tracking
list
installation
release file
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811627974.7A
Other languages
Chinese (zh)
Other versions
CN109784035A (en
Inventor
张文霞
李程
胡仁豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qax Technology Group Inc
Original Assignee
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qianxin Technology Co Ltd filed Critical Beijing Qianxin Technology Co Ltd
Priority to CN201811627974.7A priority Critical patent/CN109784035B/en
Publication of CN109784035A publication Critical patent/CN109784035A/en
Application granted granted Critical
Publication of CN109784035B publication Critical patent/CN109784035B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Stored Programmes (AREA)

Abstract

本发明实施例公开了一种安装进程的追踪处理方法及装置,方法包括:若接收到进程退出信息,则根据所述进程退出信息判断退出的第一目标进程是否在安装进程的进程追踪列表中;若判断获知所述第一目标进程在所述进程追踪列表中,则获取释放文件列表的释放文件;若判断获知所述释放文件符合白名单特征,则将所述释放文件添加至白名单中。本发明实施例通过在软件安装或更新时,自动将释放文件添加到白名单,便于管理员统一管理,同时能够避免误加白以及繁琐的手动操作。

Figure 201811627974

Embodiments of the present invention disclose a method and device for tracking an installation process. The method includes: if process exit information is received, determining whether the exited first target process is in a process tracking list of the installation process according to the process exit information. If it is judged that the first target process is in the process tracking list, then the release file of the release file list is obtained; If it is judged that the release file meets the whitelist feature, then the release file is added to the whitelist . In the embodiment of the present invention, when the software is installed or updated, the release file is automatically added to the whitelist, which facilitates unified management by the administrator, and can avoid mistaken whitening and tedious manual operations.

Figure 201811627974

Description

一种安装进程的追踪处理方法及装置Method and device for tracking and processing installation process

技术领域technical field

本发明实施例涉及网络安全技术领域,具体涉及一种安装进程的追踪处理方法及装置。Embodiments of the present invention relate to the technical field of network security, and in particular, to a method and device for tracking and processing an installation process.

背景技术Background technique

当前工业互联网中,主要利用“应用程序白名单”防御技术保护工业控制系统的主机安全,扫描构造白名单安全基线,以阻止病毒感染和恶意程序的入侵。但是在形成白名单安全基线后,若想要在主机上安装或更新软件,必须将安装软件后新生成的文件追个追加到白名单中,或者重新进行白名单扫描来形成新的白名单安全基线,非常费时费力。In the current industrial Internet, the "application whitelist" defense technology is mainly used to protect the host security of the industrial control system, and the whitelist security baseline is constructed by scanning to prevent virus infection and malicious program intrusion. However, after the whitelist security baseline is formed, if you want to install or update the software on the host, you must append the newly generated files after installing the software to the whitelist, or perform a whitelist scan again to form a new whitelist security Baseline, very time consuming and laborious.

现有技术无法实现自动追踪应用程序的安装和更新过程,需要用户手动将安装程序加入到安装追踪列表中,并点击开始更新、然后开始安装软件,待安装结束后再点击结束更新,最终才能实现软件的安装追踪。同时无法为所有主机实现应用程序的自动安装追踪功能,或者自动加白的文件可能包含非安装程序释放的文件,导致误加白。The existing technology cannot realize the automatic tracking of the installation and update process of the application program. The user needs to manually add the installation program to the installation tracking list, click to start the update, and then start to install the software. After the installation is completed, click the end of the update. Software installation tracking. At the same time, the automatic installation tracking function of applications cannot be implemented for all hosts, or the automatically whitened files may contain files released by non-installers, resulting in false whitening.

发明内容SUMMARY OF THE INVENTION

由于现有方法存在上述问题,本发明实施例提出一种安装进程的追踪处理方法及装置。Due to the above-mentioned problems in the existing methods, the embodiments of the present invention provide a method and device for tracking and processing an installation process.

第一方面,本发明实施例提出一种安装进程的追踪处理方法,包括:In a first aspect, an embodiment of the present invention provides a method for tracking and processing an installation process, including:

若接收到进程退出信息,则根据所述进程退出信息判断退出的第一目标进程是否在安装进程的进程追踪列表中;If the process exit information is received, determine whether the exited first target process is in the process tracking list of the installation process according to the process exit information;

若判断获知所述第一目标进程在所述进程追踪列表中,则获取释放文件列表的释放文件;If it is determined that the first target process is in the process tracking list, the release file of the release file list is obtained;

若判断获知所述释放文件符合白名单特征,则将所述释放文件添加至白名单中。If it is determined that the release file conforms to the whitelist feature, the release file is added to the whitelist.

可选地,所述方法还包括:Optionally, the method further includes:

若接收到进程启动信息,则根据所述进程启动信息判断启动的第二目标进程是否为安装追踪进程;If the process start information is received, determine whether the started second target process is an installation tracking process according to the process start information;

若判断获知所述第二目标进程为安装追踪进程,则将所述第二目标进程添加至所述进程追踪列表中;If it is determined that the second target process is an installation tracking process, adding the second target process to the process tracking list;

监控所述第二目标进程运行过程中生成的释放文件,并将生成的释放文件添加至所述释放文件列表中。Monitoring the release files generated during the running of the second target process, and adding the generated release files to the release file list.

可选地,所述安装追踪进程根据软件追踪要求预先确定。Optionally, the installation tracking process is predetermined according to software tracking requirements.

可选地,所述方法还包括:Optionally, the method further includes:

将所述第一目标进程从所述进程追踪列表中删除,并删除所述释放文件列表中的释放文件。The first target process is deleted from the process tracking list, and the release files in the release file list are deleted.

第二方面,本发明实施例还提出一种安装进程的追踪处理装置,包括:In a second aspect, an embodiment of the present invention further provides an installation process tracking and processing device, including:

进程判断模块,用于若接收到进程退出信息,则根据所述进程退出信息判断退出的第一目标进程是否在安装进程的进程追踪列表中;a process judgment module, configured to judge whether the exited first target process is in the process tracking list of the installation process according to the process exit information if the process exit information is received;

文件获取模块,用于若判断获知所述第一目标进程在所述进程追踪列表中,则获取释放文件列表的释放文件;A file acquisition module, configured to acquire the release file of the release file list if it is judged that the first target process is in the process tracking list;

白名单判断模块,用于若判断获知所述释放文件符合白名单特征,则将所述释放文件添加至白名单中。The whitelist judging module is configured to add the released file to the whitelist if it is determined that the released file conforms to the characteristics of the whitelist.

可选地,所述装置还包括:Optionally, the device further includes:

启动判断模块,用于若接收到进程启动信息,则根据所述进程启动信息判断启动的第二目标进程是否为安装追踪进程;a startup judging module, configured to determine whether the started second target process is an installation tracking process according to the process startup information if the process startup information is received;

进程添加模块,用于若判断获知所述第二目标进程为安装追踪进程,则将所述第二目标进程添加至所述进程追踪列表中;a process adding module, configured to add the second target process to the process tracking list if it is determined that the second target process is an installation tracking process;

文件添加模块,用于监控所述第二目标进程运行过程中生成的释放文件,并将生成的释放文件添加至所述释放文件列表中。A file adding module, configured to monitor the release file generated during the running of the second target process, and add the generated release file to the release file list.

可选地,所述安装追踪进程根据软件追踪要求预先确定。Optionally, the installation tracking process is predetermined according to software tracking requirements.

可选地,所述装置还包括:Optionally, the device further includes:

进程删除模块,用于将所述第一目标进程从所述进程追踪列表中删除,并删除所述释放文件列表中的释放文件。A process deletion module, configured to delete the first target process from the process tracking list, and delete the release files in the release file list.

第三方面,本发明实施例还提出一种电子设备,包括:In a third aspect, an embodiment of the present invention further provides an electronic device, including:

至少一个处理器;以及at least one processor; and

与所述处理器通信连接的至少一个存储器,其中:at least one memory communicatively coupled to the processor, wherein:

所述存储器存储有可被所述处理器执行的程序指令,所述处理器调用所述程序指令能够执行上述方法。The memory stores program instructions executable by the processor, the processor invoking the program instructions capable of performing the above-described method.

第四方面,本发明实施例还提出一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机程序,所述计算机程序使所述计算机执行上述方法。In a fourth aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores a computer program, and the computer program causes the computer to execute the above method.

由上述技术方案可知,本发明实施例通过在软件安装或更新时,自动将释放文件添加到白名单,便于管理员统一管理,同时能够避免误加白以及繁琐的手动操作。It can be known from the above technical solutions that the embodiments of the present invention automatically add release files to the whitelist during software installation or update, which facilitates unified management by administrators, and can avoid mistaken whitening and tedious manual operations.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative efforts.

图1为本发明一实施例提供的一种安装进程的追踪处理方法的流程示意图;1 is a schematic flowchart of a method for tracking and processing an installation process according to an embodiment of the present invention;

图2为本发明另一实施例提供的一种安装进程的追踪处理方法的流程示意图;2 is a schematic flowchart of a method for tracking an installation process according to another embodiment of the present invention;

图3为本发明一实施例提供的一种安装进程的追踪处理装置的结构示意图;3 is a schematic structural diagram of an apparatus for tracking and processing an installation process according to an embodiment of the present invention;

图4为本发明一实施例提供的电子设备的逻辑框图。FIG. 4 is a logical block diagram of an electronic device provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面结合附图,对本发明的具体实施方式作进一步描述。以下实施例仅用于更加清楚地说明本发明的技术方案,而不能以此来限制本发明的保护范围。The specific embodiments of the present invention will be further described below with reference to the accompanying drawings. The following examples are only used to illustrate the technical solutions of the present invention more clearly, and cannot be used to limit the protection scope of the present invention.

图1示出了本实施例提供的一种安装进程的追踪处理方法的流程示意图,包括:FIG. 1 shows a schematic flowchart of a method for tracking and processing an installation process provided by this embodiment, including:

S101、若接收到进程退出信息,则根据所述进程退出信息判断退出的第一目标进程是否在安装进程的进程追踪列表中。S101. If the process exit information is received, determine whether the exited first target process is in the process tracking list of the installation process according to the process exit information.

其中,所述进程退出信息为任一进程结束的消息。The process exit information is a message that any process ends.

所述第一目标进程为当前退出的进程。The first target process is the currently exited process.

所述进程追踪列表为系统正在追踪的所有进程的列表。The process tracking list is a list of all processes being tracked by the system.

S102、若判断获知所述第一目标进程在所述进程追踪列表中,则获取释放文件列表的释放文件。S102. If it is determined that the first target process is in the process tracking list, acquire a release file of the release file list.

其中,所述释放文件列表为当前追踪的进程在软件安装或更新过程中生成的释放文件的列表。The release file list is a list of release files generated by the currently tracked process during the software installation or update process.

S103、若判断获知所述释放文件符合白名单特征,则将所述释放文件添加至白名单中。S103. If it is determined that the release file conforms to the whitelist feature, add the release file to the whitelist.

其中,所述白名单特征为预先确定的安全的释放文件的特征。Wherein, the whitelist feature is a predetermined feature of the safe release file.

本实施例通过在软件安装或更新时,自动将释放文件添加到白名单,便于管理员统一管理,同时能够避免误加白以及繁琐的手动操作。In this embodiment, when the software is installed or updated, the release file is automatically added to the whitelist, which facilitates unified management by the administrator, and can avoid mistaken whitening and tedious manual operations.

进一步地,在上述方法实施例的基础上,所述方法还包括:Further, on the basis of the above method embodiments, the method further includes:

S104、若接收到进程启动信息,则根据所述进程启动信息判断启动的第二目标进程是否为安装追踪进程。S104. If the process start information is received, determine whether the started second target process is an installation tracking process according to the process start information.

其中,所述进程启动信息为任一进程启动的信息。Wherein, the process startup information is information about any process startup.

所述第二目标进程为当前启动的进程。The second target process is the currently started process.

所述安装追踪进程根据软件追踪要求预先确定。所述安装追踪进程包括用户添加的安装程序进程及其子进程。The installation tracking process is predetermined according to software tracking requirements. The installation tracking process includes the installation program process added by the user and its sub-processes.

S105、若判断获知所述第二目标进程为安装追踪进程,则将所述第二目标进程添加至所述进程追踪列表中。S105. If it is determined that the second target process is an installation tracking process, add the second target process to the process tracking list.

S106、监控所述第二目标进程运行过程中生成的释放文件,并将生成的释放文件添加至所述释放文件列表中。S106. Monitor the release file generated during the running of the second target process, and add the generated release file to the release file list.

S107、将所述第一目标进程从所述进程追踪列表中删除,并删除所述释放文件列表中的释放文件。S107. Delete the first target process from the process tracking list, and delete the release file in the release file list.

具体来说,参见图2,在驱动层监控进程的启动和退出,当监控到进程启动后,通知应用层;应用层收到进程启动信息后,判断该进程是否为安装追踪进程,如果是,则记录该进程的唯一标识PID,并将该PID加入列表A;如果不是安装追踪进程,则不处理。当监控到进程退出后,通知应用层;应用层收到进程退出信息后,判断该进程的PID是否在列表A中,如果是,则将列表B的文件加入白名单,并从列表A中删除该PID;;如果不在列表A中,则不处理。Specifically, referring to Figure 2, the driver layer monitors the start and exit of the process. When the process is monitored, it notifies the application layer; after the application layer receives the process start information, it determines whether the process is an installation tracking process. If so, The unique identification PID of the process is recorded, and the PID is added to the list A; if it is not an installation tracking process, it will not be processed. After monitoring the process exit, notify the application layer; after receiving the process exit information, the application layer judges whether the PID of the process is in list A, if so, add the file in list B to the whitelist and delete it from list A The PID;; if not in list A, do not process.

驱动层同时监控列表A中的进程的文件操作,当有文件生成、删除或目录被重命名时,通知应用层;应用层收到文件操作信息后,判断被操作的进程的PID是否在列表A中,如果在,则更新该PID操作的文件列表,同时更新列表B;如果不在列表A中则不处理。The driver layer also monitors the file operations of the processes in list A, and notifies the application layer when a file is generated, deleted, or a directory is renamed; after the application layer receives the file operation information, it determines whether the PID of the operated process is in list A. , if it is, update the file list of the PID operation, and update the list B at the same time; if it is not in the list A, it will not be processed.

本实施例通过监控软件安装过程中各进程释放的文件,在软件安装完成时自动将释放的文件追加到白名单中,由用户/管理员选择要追踪的软件,然后安全软件监控到当前启动的程序为追踪软件时,监控其释放的文件,若释放的文件符合白名单特征,则在软件安装完成时自动将所有符合特征的文件追加到白名单中,只需要在服务端设置要追踪的软件即可,方便用户更有效、准确的管理白名单,避免繁琐的操作。In this embodiment, the files released by each process during the software installation process are monitored, and the released files are automatically added to the whitelist when the software installation is completed. The user/administrator selects the software to be tracked, and then the security software monitors the currently activated software When the program is tracking software, monitor the files it releases. If the released files conform to the whitelist characteristics, all files that meet the characteristics will be automatically added to the whitelist when the software installation is complete. You only need to set the software to be tracked on the server. That is, it is convenient for users to manage the whitelist more effectively and accurately, and avoid tedious operations.

图3示出了本实施例提供的一种安装进程的追踪处理装置的结构示意图,所述装置包括:进程判断模块301、文件获取模块302和白名单判断模块303,其中:3 shows a schematic structural diagram of an installation process tracking and processing device provided in this embodiment, the device includes: a process judgment module 301, a file acquisition module 302, and a whitelist judgment module 303, wherein:

所述进程判断模块301用于若接收到进程退出信息,则根据所述进程退出信息判断退出的第一目标进程是否在安装进程的进程追踪列表中;The process judgment module 301 is configured to, if the process exit information is received, judge whether the exited first target process is in the process tracking list of the installation process according to the process exit information;

所述文件获取模块302用于若判断获知所述第一目标进程在所述进程追踪列表中,则获取释放文件列表的释放文件;The file acquisition module 302 is configured to acquire the release file of the release file list if it is judged that the first target process is in the process tracking list;

所述白名单判断模块303用于若判断获知所述释放文件符合白名单特征,则将所述释放文件添加至白名单中。The whitelist judging module 303 is configured to add the released file to the whitelist if it is determined that the released file conforms to the characteristics of the whitelist.

具体地,所述进程判断模块301若接收到进程退出信息,则根据所述进程退出信息判断退出的第一目标进程是否在安装进程的进程追踪列表中;所述文件获取模块302若判断获知所述第一目标进程在所述进程追踪列表中,则获取释放文件列表的释放文件;所述白名单判断模块303若判断获知所述释放文件符合白名单特征,则将所述释放文件添加至白名单中。Specifically, if the process judging module 301 receives the process exit information, it will judge whether the exited first target process is in the process tracking list of the installation process according to the process exit information; The first target process is in the process tracking list, then acquires the release file of the release file list; the whitelist judgment module 303 adds the release file to the whitelist if it judges that the release file conforms to the whitelist feature. in the list.

本实施例通过在软件安装或更新时,自动将释放文件添加到白名单,便于管理员统一管理,同时能够避免误加白以及繁琐的手动操作。In this embodiment, when the software is installed or updated, the release file is automatically added to the whitelist, which facilitates unified management by the administrator, and can avoid mistaken whitening and tedious manual operations.

进一步地,在上述装置实施例的基础上,所述装置还包括:Further, on the basis of the above device embodiments, the device further includes:

启动判断模块,用于若接收到进程启动信息,则根据所述进程启动信息判断启动的第二目标进程是否为安装追踪进程;a startup judging module, configured to determine whether the started second target process is an installation tracking process according to the process startup information if the process startup information is received;

进程添加模块,用于若判断获知所述第二目标进程为安装追踪进程,则将所述第二目标进程添加至所述进程追踪列表中;a process adding module, configured to add the second target process to the process tracking list if it is determined that the second target process is an installation tracking process;

文件添加模块,用于监控所述第二目标进程运行过程中生成的释放文件,并将生成的释放文件添加至所述释放文件列表中。A file adding module, configured to monitor the release file generated during the running of the second target process, and add the generated release file to the release file list.

进一步地,在上述装置实施例的基础上,所述安装追踪进程根据软件追踪要求预先确定。Further, on the basis of the above apparatus embodiment, the installation tracking process is predetermined according to software tracking requirements.

进一步地,在上述装置实施例的基础上,所述装置还包括:Further, on the basis of the above device embodiments, the device further includes:

进程删除模块,用于将所述第一目标进程从所述进程追踪列表中删除,并删除所述释放文件列表中的释放文件。A process deletion module, configured to delete the first target process from the process tracking list, and delete the release files in the release file list.

本实施例所述的安装进程的追踪处理装置可以用于执行上述方法实施例,其原理和技术效果类似,此处不再赘述。The apparatus for tracking and processing an installation process described in this embodiment can be used to execute the above method embodiments, and the principles and technical effects thereof are similar, and details are not described herein again.

参照图4,所述电子设备,包括:处理器(processor)401、存储器(memory)402和总线403;4, the electronic device includes: a processor (processor) 401, a memory (memory) 402 and a bus 403;

其中,in,

所述处理器401和存储器402通过所述总线403完成相互间的通信;The processor 401 and the memory 402 communicate with each other through the bus 403;

所述处理器401用于调用所述存储器402中的程序指令,以执行上述各方法实施例所提供的方法。The processor 401 is configured to call program instructions in the memory 402 to execute the methods provided by the above method embodiments.

本实施例公开一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,计算机能够执行上述各方法实施例所提供的方法。This embodiment discloses a computer program product, the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer, the computer program The methods provided by the above method embodiments can be executed.

本实施例提供一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令使所述计算机执行上述各方法实施例所提供的方法。This embodiment provides a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions cause the computer to execute the methods provided by the above method embodiments.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on this understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic A disc, an optical disc, etc., includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments or some parts of the embodiments.

应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。It should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be used for The technical solutions described in the foregoing embodiments are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (6)

1.一种安装进程的追踪处理方法,其特征在于,包括:1. a tracking processing method of an installation process, is characterized in that, comprises: 若接收到进程启动信息,则根据所述进程启动信息判断启动的第二目标进程是否为安装追踪进程;If the process start information is received, determine whether the started second target process is an installation tracking process according to the process start information; 若判断获知所述第二目标进程为安装追踪进程,则将所述第二目标进程添加至所述进程追踪列表中;If it is determined that the second target process is an installation tracking process, adding the second target process to the process tracking list; 监控所述第二目标进程运行过程中生成的释放文件,并将生成的释放文件添加至所述释放文件列表中;所述安装追踪进程根据软件追踪要求预先确定;所述安装追踪进程包括用户添加的安装程序进程及其子进程;Monitoring the release file generated during the running process of the second target process, and adding the generated release file to the release file list; the installation tracking process is predetermined according to the software tracking requirements; the installation tracking process includes the user adding the installer process and its subprocesses; 若接收到进程退出信息,则根据所述进程退出信息判断退出的第一目标进程是否在安装进程的进程追踪列表中;所述进程追踪列表为系统正在追踪的所有进程的列表;If the process exit information is received, then according to the process exit information, determine whether the exited first target process is in the process tracking list of the installation process; the process tracking list is a list of all processes being tracked by the system; 若判断获知所述第一目标进程在所述进程追踪列表中,则获取释放文件列表的释放文件;If it is determined that the first target process is in the process tracking list, the release file of the release file list is obtained; 若判断获知所述释放文件符合白名单特征,则将所述释放文件添加至白名单中;所述白名单特征为预先确定的安全的释放文件的特征。If it is determined that the release file conforms to the whitelist feature, the release file is added to the whitelist; the whitelist feature is a predetermined and safe feature of the release file. 2.根据权利要求1所述的方法,其特征在于,所述方法还包括:2. The method according to claim 1, wherein the method further comprises: 将所述第一目标进程从所述进程追踪列表中删除,并删除所述释放文件列表中的释放文件。The first target process is deleted from the process tracking list, and the release files in the release file list are deleted. 3.一种安装进程的追踪处理装置,其特征在于,包括:3. A tracking processing device for an installation process, characterized in that, comprising: 启动判断模块,用于若接收到进程启动信息,则根据所述进程启动信息判断启动的第二目标进程是否为安装追踪进程;a startup judging module, configured to determine whether the started second target process is an installation tracking process according to the process startup information if the process startup information is received; 进程添加模块,用于若判断获知所述第二目标进程为安装追踪进程,则将所述第二目标进程添加至所述进程追踪列表中;a process adding module, configured to add the second target process to the process tracking list if it is determined that the second target process is an installation tracking process; 文件添加模块,用于监控所述第二目标进程运行过程中生成的释放文件,并将生成的释放文件添加至所述释放文件列表中;所述安装追踪进程根据软件追踪要求预先确定;所述安装追踪进程包括用户添加的安装程序进程及其子进;a file adding module for monitoring the release file generated during the running of the second target process, and adding the generated release file to the release file list; the installation tracking process is predetermined according to software tracking requirements; the The installation tracking process includes the installation program process added by the user and its children; 进程判断模块,用于若接收到进程退出信息,则根据所述进程退出信息判断退出的第一目标进程是否在安装进程的进程追踪列表中;所述进程追踪列表为系统正在追踪的所有进程的列表;The process judgment module is used to judge whether the exited first target process is in the process tracking list of the installation process according to the process exit information if the process exit information is received; the process tracking list is a list of all processes being tracked by the system. list; 文件获取模块,用于若判断获知所述第一目标进程在所述进程追踪列表中,则获取释放文件列表的释放文件;A file acquisition module, configured to acquire the release file of the release file list if it is judged that the first target process is in the process tracking list; 白名单判断模块,用于若判断获知所述释放文件符合白名单特征,则将所述释放文件添加至白名单中;所述白名单特征为预先确定的安全的释放文件的特征。The whitelist judging module is configured to add the released file to the whitelist if it is determined that the release file conforms to the whitelist feature; the whitelist feature is a predetermined safe release file feature. 4.根据权利要求3所述的装置,其特征在于,所述装置还包括:4. The apparatus according to claim 3, wherein the apparatus further comprises: 进程删除模块,用于将所述第一目标进程从所述进程追踪列表中删除,并删除所述释放文件列表中的释放文件。A process deletion module, configured to delete the first target process from the process tracking list, and delete the release files in the release file list. 5.一种电子设备,其特征在于,包括:5. An electronic device, characterized in that, comprising: 至少一个处理器;以及at least one processor; and 与所述处理器通信连接的至少一个存储器,其中:at least one memory communicatively coupled to the processor, wherein: 所述存储器存储有可被所述处理器执行的程序指令,所述处理器调用所述程序指令能够执行如权利要求1至2任一所述的方法。The memory stores program instructions executable by the processor, and the processor invokes the program instructions to be able to perform the method as claimed in any one of claims 1 to 2. 6.一种非暂态计算机可读存储介质,其特征在于,所述非暂态计算机可读存储介质存储计算机程序,所述计算机程序使所述计算机执行如权利要求1至2任一所述的方法。6. A non-transitory computer-readable storage medium, characterized in that, the non-transitory computer-readable storage medium stores a computer program, and the computer program causes the computer to execute any one of claims 1 to 2. Methods.
CN201811627974.7A 2018-12-28 2018-12-28 Installation process tracking processing method and device Active CN109784035B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811627974.7A CN109784035B (en) 2018-12-28 2018-12-28 Installation process tracking processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811627974.7A CN109784035B (en) 2018-12-28 2018-12-28 Installation process tracking processing method and device

Publications (2)

Publication Number Publication Date
CN109784035A CN109784035A (en) 2019-05-21
CN109784035B true CN109784035B (en) 2021-05-25

Family

ID=66497849

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811627974.7A Active CN109784035B (en) 2018-12-28 2018-12-28 Installation process tracking processing method and device

Country Status (1)

Country Link
CN (1) CN109784035B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111158736B (en) * 2019-12-25 2023-04-28 北京珞安科技有限责任公司 Method for intelligently capturing WINDOWS operating system patch update files
CN114329447A (en) * 2021-12-14 2022-04-12 北京三快在线科技有限公司 Detection method and device based on process white list
CN114816447B (en) * 2022-03-08 2024-04-26 北京圣博润高新技术股份有限公司 Software installation method, device, electronic device and medium based on whitelist dynamic deployment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101788915A (en) * 2010-02-05 2010-07-28 北京工业大学 White list updating method based on trusted process tree
CN104573516A (en) * 2014-12-25 2015-04-29 中国科学院软件研究所 Industrial control system trusted environment control method and platform based on safety chip
CN105183504A (en) * 2015-08-12 2015-12-23 北京威努特技术有限公司 Software server based process white-list updating method
CN107066884A (en) * 2017-02-21 2017-08-18 郑州云海信息技术有限公司 A kind of compatible processing method of linux system software white list

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9767280B2 (en) * 2012-10-09 2017-09-19 Canon Denshi Kabushiki Kaisha Information processing apparatus, method of controlling the same, information processing system, and information processing method
CN103617387B (en) * 2013-11-25 2016-12-14 北京奇虎科技有限公司 A kind of method and device preventing automatic set up applications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101788915A (en) * 2010-02-05 2010-07-28 北京工业大学 White list updating method based on trusted process tree
CN104573516A (en) * 2014-12-25 2015-04-29 中国科学院软件研究所 Industrial control system trusted environment control method and platform based on safety chip
CN105183504A (en) * 2015-08-12 2015-12-23 北京威努特技术有限公司 Software server based process white-list updating method
CN107066884A (en) * 2017-02-21 2017-08-18 郑州云海信息技术有限公司 A kind of compatible processing method of linux system software white list

Also Published As

Publication number Publication date
CN109784035A (en) 2019-05-21

Similar Documents

Publication Publication Date Title
US9571520B2 (en) Preventing execution of task scheduled malware
EP2667314B1 (en) System and method for detection and treatment of malware on data storage devices
CN102902919B (en) A kind of identifying processing methods, devices and systems of suspicious operation
US20150172304A1 (en) Secure backup with anti-malware scan
US9639693B2 (en) Techniques for detecting a security vulnerability
US9767280B2 (en) Information processing apparatus, method of controlling the same, information processing system, and information processing method
US8578345B1 (en) Malware detection efficacy by identifying installation and uninstallation scenarios
US8037290B1 (en) Preboot security data update
US8667593B1 (en) Methods and apparatuses for protecting against malicious software
CN109918285B (en) Security identification method and device for open source software
WO2015184752A1 (en) Abnormal process detection method and apparatus
CN109784035B (en) Installation process tracking processing method and device
JP6577399B2 (en) System and method for preventing installation and execution of undesirable programs
CN108293044A (en) System and method for detecting malware infection via domain name service flow analysis
US9330260B1 (en) Detecting auto-start malware by checking its aggressive load point behaviors
US9792436B1 (en) Techniques for remediating an infected file
CN110826067A (en) Virus detection method and device, electronic equipment and storage medium
TW201037513A (en) System and method for identifying malicious activities through non-logged-in host usage
CN104243214A (en) Data processing method, device and system
CN107463839A (en) A kind of system and method for managing application program
US8819655B1 (en) Systems and methods for computer program update protection
US20130145469A1 (en) Preventing and detecting print-provider startup malware
CN104965731A (en) Data processing method and electronic terminal
TWI514185B (en) Antivirus system and method of electronic device
US10200374B1 (en) Techniques for detecting malicious files

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Patentee after: QAX Technology Group Inc.

Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd.

CP03 Change of name, title or address