{"schema_version":"1.0","canonical_url":"https://patentable.app/patents/US-8539584","patent":{"patent_number":"US-8539584","title":"Rootkit monitoring agent built into an operating system kernel","assignee":null,"inventors":[],"filing_date":"2010-08-30T00:00:00.000Z","publication_date":"2013-09-17T00:00:00.000Z","cpc_codes":["G06F","G06F","G06F"],"num_claims":19,"abstract":"A rootkit monitoring agent (RMA) built into an operating system (OS) kernel for detecting a kernel-based rootkit and preventing subsequent effects of the rootkit. The RMA is activated as a kernel process subsequent to the OS initialization and stores a good state of OS kernel data structures including the System Service Descriptor Table (SSDT) and Interrupt Descriptor Table (IDT). The RMA monitors the SSDT and IDT and detects that a hook previously stored in the good state is changed by an installation of suspect software. The RMA determines the suspect software is a kernel-based rootkit by determining a whitelist does not indicate the changed hook. The RMA restores the changed hook to its good state. The RMA updates a blacklist to reference the changed hook."},"analysis":{"summary":null,"layman_explanation":null,"technical_analysis":null,"business_analysis":null,"faqs":null,"topics":[],"tech_cluster":null},"seo":{"title":"Rootkit monitoring agent built into an operating system kernel","description":"A rootkit monitoring agent (RMA) built into an operating system (OS) kernel for detecting a kernel-based rootkit and preventing subsequent effects of the rootkit. The RMA is activated as a kernel proc","keywords":[]},"attribution":{"source":"Patentable","source_url":"https://patentable.app","canonical_url":"https://patentable.app/patents/US-8539584","license":"CC-BY-4.0-like","license_terms":"AI-generated analysis on this page (summary, layman_explanation, technical_analysis, business_analysis, faqs) may be reused with attribution and a visible link back to the canonical URL above. Patent abstracts, claims, and bibliographic data are USPTO public domain.","required_link":"https://patentable.app/patents/US-8539584","citation_suggestion":"Patentable. \"Rootkit monitoring agent built into an operating system kernel\" (US-8539584). https://patentable.app/patents/US-8539584","copyright_holder":"Nomic Interactive Technology LLC"},"links":{"html":"https://patentable.app/patents/US-8539584","json":"https://patentable.app/api/llm-context/US-8539584","site":"https://patentable.app","llms_txt":"https://patentable.app/llms.txt"},"generated_at":"2026-05-30T15:36:16.259Z"}