US Patent 9934376 Malware detection appliance architecture

A threat-aware virtualization module may be deployed in a malware detection appliance architecture and execute on a malware detection system (MDS) appliance to provide exploit and malware detection within a network environment. The virtualization module may underlie an operating system kernel of the MDS appliance and execute in kernel space of the architecture to control access to kernel resources of the appliance for any operating system process. A type 0 virtual machine monitor may be disposed over the virtualization module and execute in user space of the architecture as a pass-through module configured to expose the kernel resources of the appliance to the operating system kernel. One or more hypervisors, e.g., type 1 VMM, may be further disposed over the virtualization module and execute in user space of the architecture under control of the virtualization module to support execution of one or more guest operating systems inside one or more full virtual machines.