公开(公告)号：EP2597569A1

公开(公告)日：2013-05-29

申请号：EP12164876.0

申请日：2012-04-20

申请人： Kaspersky Lab, ZAO

发明人： Doukhvalov, Andrey P. ,  Mashevsky, Yury V. ,  Tikhomirov, Anton V.

IPC分类号： G06F9/50

CPC分类号： G06F9/5072 ,  G06F21/567

摘要： In a computer system, processing of security-related tasks is delegated to various agent computers. According to various embodiments, a distributed computing service obtains task requests to be performed for the benefit of beneficiary computers, and delegates those tasks to one or more remote agent computers for processing. The delegation is based on a suitability determination as to whether each of the remote agent computers is suitable to perform the processing. Suitability can be based on an evaluation of such parameters as computing capacity and current availability of the remote agent computers against the various tasks to be performed and their corresponding computing resource requirements. This evaluation can be performed according to various embodiments by the agent computers, the distributed computing service, or by a combination thereof.

摘要翻译： 在计算机系统中，将安全相关任务的处理委托给各种代理计算机。 根据各种实施例，分布式计算服务获得为受益计算机的利益执行的任务请求，并将这些任务委托给一个或多个远程代理计算机进行处理。 代理是基于是否适合确定每个远程代理计算机是否适合执行处理。 适用性可以基于对诸如要执行的各种任务的远程代理计算机的计算能力和当前可用性等参数及其相应的计算资源要求的评估。 该评估可以由代理计算机，分布式计算服务或其组合根据各种实施例执行。

公开(公告)号：EP2584484A1

公开(公告)日：2013-04-24

申请号：EP11185372.7

申请日：2011-10-17

申请人： Kaspersky Lab, ZAO

发明人： Martynenko, Vladislav V. ,  Pavlyushchik, Mikhail A. ,  Slobodyanuk, Yuri G.

IPC分类号： G06F21/00

CPC分类号： G06F21/568 ,  G06F21/566

摘要： Disclosed are systems and methods for protecting a computer from activities of malicious objects. The method comprises: monitoring events of execution of one or more processes on the computer; identifying auditable events among the monitored events, including events of creation, alteration or deletion of files, events of alteration of system registry, and events of network access by processes executed on the computer; recording the identified auditable events in separate file, registry and network event logs; performing a malware check of one or more software objects on the computer; if an object is determined to be malicious, identifying from the file, registry and network event logs the events associated with the malicious object; performing rollback of file events associated with the malicious object; performing rollback of registry events associated with the malicious object; terminating network connections associated with the malicious object.

摘要翻译： 本发明公开了一种用于保护计算机免受对象的恶意活动的系统和方法。 该方法包括：监视所述计算机上的一个或多个进程的执行的事件; 识别监控事件中可审计活动，包括设立，变更的事件或文件的删除，系统注册表的改变的事件，并通过执行的计算机上的进程访问网络事件; 记录标识的可审计事件为独立的文件，注册表和网络事件日志; 执行所述计算机上的一个或多个软件对象的一个​​恶意软件检查; 如果上对象被确定开采是恶意的，从文件，注册表和网络事件识别记录与恶意对象相关联的事件; 执行与恶意对象相关联的文件事件的回滚; 执行与恶意对象关联的注册表事件的回滚; 与恶意对象相关联的终端的网络连接。

公开(公告)号：EP2575319A1

公开(公告)日：2013-04-03

申请号：EP12176998.8

申请日：2012-07-19

申请人： Kaspersky Lab, ZAO

发明人： Doukhvalov, Andrey P. ,  Dyakin, Pavel V. ,  Golovanov, Sergey Y. ,  Soumenkov, Igor I. ,  Kulagin, Dmitry A. ,  Voitovich, Alexey Y. ,  Kaspersky, Eugene V.

IPC分类号： H04L29/06 ,  H04W12/08

CPC分类号： H04L63/02 ,  H04L9/32 ,  H04L63/08 ,  H04L63/105 ,  H04L63/1433 ,  H04W12/08

摘要： Disclosed herein are systems, methods and computer program products for providing secure Internet access to a user device in an unsecure network environment, such as a public wireless network. The system includes a portable security device configured to establishing a first secure direct wireless connection with the user device and a second secure network connection through the public wireless network to a security server, which provides Internet access. The security device provides Internet browser and e-mail application, which can be used instead of unsecure applications of the user device to access Web resources through the first and second secure network connections. In addition, the security device includes a secure keyboard, which can be used by the device user instead of the unsecure keyboard of the user device to enter user authentication data for accessing the desired Web resources.

摘要翻译： 公开在系统，方法和计算机程序产品提供安全的互联网访问到用户设备在不安全的网络环境中，：如公共无线网络。 该系统包括配置为建立与用户设备和通过公共无线网络安全服务器，它提供互联网接入的第二安全网络连接与安全的第一直接无线连接的便携式安全设备。 安全设备提供网络浏览器和电子邮件应用程序，它可以用来代替用户设备的不安全的应用程序通过第一和第二安全的网络连接来访问Web资源。 此外，安全设备包括安全键盘，可以由设备用户，而不是用户设备的不安全键盘被用来为访问所需的Web资源输入用户认证数据。

公开(公告)号：EP2575318A1

公开(公告)日：2013-04-03

申请号：EP12176800.6

申请日：2012-07-18

申请人： Kaspersky Lab, ZAO

发明人： Doukhvalov, Andrey P. ,  Dyakin, Pavel V. ,  Golovanov, Sergey Y. ,  Soumenkov, Igor I. ,  Kulagin, Dmitry A. ,  Voitovich, Alexey Y. ,  Kaspersky, Eugene V.

IPC分类号： H04L29/06 ,  H04W12/02 ,  H04W8/24

CPC分类号： H04L63/02 ,  H04L9/32 ,  H04L63/08 ,  H04L63/105 ,  H04L63/1433 ,  H04W12/08

摘要： Disclosed herein are systems, methods and computer program products for providing secure Internet access to a user device in an unsecure network environment, such as a public wireless network. The system includes a portable security device configured to establishing a first secure direct wireless connection with the user device and a second secure network connection through the public wireless network to a security server, which provides Internet access. The security device provides Internet browser and e-mail application, which can be used instead of unsecure applications of the user device to access Web resources through the first and second secure network connections. In addition, the security device includes a secure keyboard, which can be used by the device user instead of the unsecure keyboard of the user device to enter user authentication data for accessing the desired Web resources.

摘要翻译： 本文公开了用于在诸如公共无线网络的不安全的网络环境中向用户设备提供安全的因特网访问的系统，方法和计算机程序产品。 该系统包括便携式安全设备，其被配置为建立与用户设备的第一安全直接无线连接以及通过公共无线网络到提供因特网接入的安全服务器的第二安全网络连接。 安全设备提供因特网浏览器和电子邮件应用，其可以用来代替用户设备的不安全的应用来通过第一和第二安全网络连接访问Web资源。 此外，安全设备包括安全键盘，其可以由设备用户而不是用户设备的不安全键盘使用，以输入用于访问所需Web资源的用户认证数据。

公开(公告)号：EP2551786A3

公开(公告)日：2013-04-03

申请号：EP11181540.3

申请日：2011-09-16

申请人： Kaspersky Lab, ZAO

发明人： Nevstruev, Sergey V. ,  Nestruev, Oleg V. ,  Matveev, Andrey V.

IPC分类号： G06F21/62 ,  G06F21/88

CPC分类号： G06F21/6245 ,  G06F21/55 ,  G06F21/552 ,  G06F21/554 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6209 ,  G06F21/6218 ,  G06F21/88 ,  G06F2221/2107 ,  H04L63/20

摘要： A mobile device and associated method and computer-readable medium, wherein the device is configurable for data protection readiness. A preparation module is configured to perform preprocessing to prepare the mobile device for data protection readiness, the preprocessing includes: indicating certain items of data stored in the data storage arrangement which are of personal importance to an owner of the mobile device; indicating criteria that defines a situation for which the items of data of personal importance are to be secured; and indicating a set of actions to be carried out to secure the items of data of personal importance. A protection module is configured to monitor for an occurrence of the situation for which the items of data of personal importance are to be secured based on the criteria indicated by the preparation module, and to execute the set of actions indicated by the preparation module in response to a detection of the occurrence of the situation.

公开(公告)号：EP2506180A1

公开(公告)日：2012-10-03

申请号：EP11181437.2

申请日：2011-09-15

申请人： Kaspersky Lab, ZAO

发明人： Roshchin, Evgeny V.

IPC分类号： G06F21/00 ,  G06F21/22

CPC分类号： G06F21/105 ,  G06F21/121 ,  G06F2221/0775

摘要： Apparatus and method for analyzing usage of a software license. A computer system is configured to execute a software product that is activated, subject to a software license, by a first license key. The computer system includes a license use determining module that is adapted to communicate with a group of other computer systems on the same computer network, store first license key-related information that is derived from the first license key, send the first license key-related information to be received by each computer system of the group, and receive any messages sent by responders of the group in response to reception of the first license key-related information. Each of the messages is indicative of a corresponding responder having a copy of the software product that is activated by the first license key.

摘要翻译： 用于分析软件许可证使用的装置和方法。 计算机系统被配置为通过第一许可证密钥来执行受软件许可激活的软件产品。 计算机系统包括许可证使用确定模块，其适于与同一计算机网络上的一组其他计算机系统通信，存储从第一许可证密钥导出的第一许可密钥相关信息，发送第一许可密钥相关 要由组的每个计算机系统接收的信息，并且响应于接收到第一许可证密钥相关信息，接收组的响应者发送的任何消息。 每个消息指示具有由第一许可证密钥激活的软件产品的副本的相应应答器。

公开(公告)号：EP2469445A1

公开(公告)日：2012-06-27

申请号：EP11161997.9

申请日：2011-04-12

申请人： Kaspersky Lab, ZAO

发明人： Zaitsev, Oleg V. ,  Mashevsky, Yuri V. ,  Denishchenko, Nikolay V.

IPC分类号： G06F21/00

CPC分类号： G06F21/56 ,  G06F21/566

摘要： A system and a method for optimization of execution of anti-malware (AV) applications. A number of false-positive determinations by an AV system are reduced by correcting malware detection rules using correction coefficients. A number of malware objects detected by the AV system are increased by correction of ratings determined by the rules using correction coefficients. An automated testing of new detection rules used by the AV system is provided. The new rules having zero correction coefficients are added to the rules database and results of application of the new rules are analyzed and the rules are corrected or modified for further testing.

摘要翻译： 用于优化反恶意软件（AV）应用程序执行的系统和方法。 通过使用校正系数校正恶意软件检测规则，AV系统的许多假阳性确定被减少。 通过校正由规则使用校正系数确定的等级来增加AV系统检测到的恶意软件的数量。 提供了AV系统使用的新的检测规则的自动测试。 将具有零校正系数的新规则添加到规则数据库中，分析新规则的应用结果，并对规则进行修正或修改以进行进一步测试。

公开(公告)号：EP2388695A1

公开(公告)日：2011-11-23

申请号：EP10193144.2

申请日：2010-11-30

申请人： Kaspersky Lab, ZAO

发明人： Zaitsev, Oleg V.

IPC分类号： G06F9/445 ,  G06F11/34 ,  G06F21/00

CPC分类号： G06F9/44505 ,  G06F11/3409 ,  G06F11/3466 ,  G06F21/554 ,  G06F2201/865

摘要： Disclosed are a system and a method for adaptive configuration of conflicting applications. An example method comprises collecting system configuration information from a computer system, including system hardware and software information. The method further comprises monitoring system resource utilization during execution on the computer system of a first program and one or more second programs. The method further comprises determining one or more critical levels of system resource utilization by applying fuzzy logic rules to the collected system configuration information. When the monitored system resource utilization exceeds the determined critical level for a predetermined period of time, determining, based on the collected software information, if the first program conflicts with execution of one or more second programs. Determining whether conflicting second programs are harmful to the computer system and changing configuration settings of the first program to resolve conflicts with the conflicting second programs that are harmless.

摘要翻译： 公开了用于冲突应用的自适应配置的系统和方法。 示例性方法包括从计算机系统收集系统配置信息，包括系统硬件和软件信息。 该方法还包括在第一程序和一个或多个第二程序的计算机系统上执行期间监视系统资源利用。 该方法还包括通过对所收集的系统配置信息应用模糊逻辑规则来确定系统资源利用的一个或多个关键级别。 当所监视的系统资源利用率超过确定的临界水平达预定时间段时，基于收集的软件信息确定第一程序是否与一个或多个第二程序的执行冲突。 确定冲突的第二个程序是否对计算机系统有害，并更改第一个程序的配置设置，以解决与无害的冲突的第二个程序的冲突。

公开(公告)号：EP2306356A3

公开(公告)日：2011-07-27

申请号：EP10176515.4

申请日：2010-09-14

申请人： Kaspersky Lab, ZAO

发明人： Martynenko, Vladislav V. ,  Sobko, Andrey V.

IPC分类号： G06F21/00

CPC分类号： G06F21/566 ,  G06F21/552 ,  G06F21/554

摘要： A system and a method for malware detection based on the behavior of applications running on a computer system, including: asynchronous processing of system events for malware threat analyses using application filters; analyzing events using heuristic and signature data; analyzing applications behavior and detecting abnormal behavior of "clean" applications; automatically classifying applications (i.e., detecting new versions) based on behavior analysis; automatically analyzing the reliability of web sites based on behavior triggered by the web site accesses; in enterprise networks, detecting abnormalities in configuration of user computer systems.

公开(公告)号：EP2306357A2

公开(公告)日：2011-04-06

申请号：EP10176516.2

申请日：2010-09-14

申请人： Kaspersky Lab, ZAO

发明人： Mashevsky, Yuri V. ,  Namestnikov, Yuri V. ,  Denishchenko, Nikolay V. ,  Zelensky, Pavel A

IPC分类号： G06F21/00

CPC分类号： H04L63/145 ,  G06F21/55 ,  G06F21/552 ,  G06F21/554 ,  G06F21/56 ,  G06F21/562 ,  G06F21/566

摘要： A system and a method for detection of the previously unknown malware, the method comprising: (a) receiving event information and file metadata from a remote computer; (b) identifying whether the event information or the file metadata are indicative of the already known malware presence, indicative of the unknown malware presence, or indicative of malware absence; (c) if the event information or the file metadata are indicative of the known malware or indicative of malware absence, filtering out the event information and the file metadata; (d) performing a risk analysis and risk assessment for the remaining event information and the remaining file metadata to determine if the event and the file metadata are indicative of the previously unknown malware presence; and (e) where performing a risk analysis and risk assessment includes a "parent-child" hierarchy of the files, and the risk assessed to the parent is based on the risk associated with the child.

摘要翻译： 一种用于检测先前未知的恶意软件的系统和方法，所述方法包括：（a）从远程计算机接收事件信息和文件元数据; （b）识别事件信息或文件元数据是否指示已知的恶意软件存在，指示未知的恶意软件存在或指示不存在恶意软件; （c）如果事件信息或文件元数据指示已知的恶意软件或指示不存在恶意软件，则过滤掉事件信息和文件元数据; （d）对剩余事件信息和剩余文件元数据执行风险分析和风险评估，以确定事件和文件元数据是否指示先前未知的恶意软件存在; （e）在执行风险分析和风险评估的地方包括文件的“父母 - 子女”层级，并且评估给父母的风险基于与儿童相关的风险。