예제 #1
0
        private void SensitiveProcessesHandle()
        {
            for (int i = 0; i < _sensitiveProcesses.Count; i++)
            {
                if (IsRunning(_sensitiveProcesses[i].PName))
                {
                    //总时间增一
                    _sensitiveProcesses[i].PTotalTime += _timeInterval;

                    //顶层时间超过1分钟的 可能会进行的首次处理
                    if (_sensitiveProcesses[i].PTopTime > _topInterval &&
                        VerifySensitiveProcess.IsExist(_sensitiveProcesses[i].PName) == false)
                    {
                        ExceptionThenMonitor(_sensitiveProcesses[i].PName, _sensitiveProcesses[i].PHandle);
                    }

                    string pState = VerifySensitiveProcess.GetProcessState(_sensitiveProcesses[i].PName);
                    //如果已判别为正在检测中 则跳过
                    if (pState == "Monitoring")
                    {
                        continue;
                    }
                    //如果状态为敏感进程 则判别是否使用超时
                    if (pState == "Sensitive")
                    {
                        if (_sensitiveProcesses[i].POrderTime <= _sensitiveProcesses[i].PTotalTime)
                        {
                            Process[] processes = Process.GetProcessesByName(_sensitiveProcesses[i].PName);
                            foreach (Process process in processes)
                            {
                                process.Kill();
                            }
                        }
                        continue;
                    }
                    //如果已经判别为安全进程 则检测间隔为30分钟
                    if (pState == "Safe")
                    {
                        if (_sensitiveProcesses[i].PTopTime.TotalSeconds % _totalIntervalSafe == 0)
                        {
                            ExceptionThenMonitor(_sensitiveProcesses[i].PName, _sensitiveProcesses[i].PHandle);
                        }
                        continue;
                    }
                    //怀疑进程或一般进程 按时间间隔10分钟捕获一次异常
                    if (_sensitiveProcesses[i].PTotalTime.TotalSeconds % _totalInterval == 0)
                    {
                        ExceptionThenMonitor(_sensitiveProcesses[i].PName, _sensitiveProcesses[i].PHandle);
                    }
                }
            }
        }
예제 #2
0
        //获取所有敏感进程
        public static List <string> GetAllSensitiveProcesses()
        {
            List <string> temp = new List <string>();

            for (int i = 0; i < _sensitiveProcesses.Count; i++)
            {
                string state = VerifySensitiveProcess.GetProcessState(_sensitiveProcesses[i].PName);
                if (state == "Sensitive")
                {
                    string pState = "已关闭";
                    if (IsRunning(_sensitiveProcesses[i].PName))
                    {
                        pState = "运行中";
                    }
                    temp.Add(_sensitiveProcesses[i].PName + "-" + _sensitiveProcesses[i].PTotalTime.ToString() + "-"
                             + _sensitiveProcesses[i].POrderTime.ToString() + "-" + pState);
                }
            }
            return(temp);
        }