公开(公告)号：US20230328099A1

公开(公告)日：2023-10-12

申请号：US17658588

申请日：2022-04-08

Applicant: VMware,Inc.

Inventor： Rayanagouda Bheemanagouda PATIL ,  Kedar Bhalchandra CHAUDHARI ,  Shivali SHARMA ,  Laxmikant Vithal GUNDA ,  Sriram GOPALAKRISHNAN

IPC: H04L9/40

CPC classification number: H04L63/145 ,  H04L63/1416 ,  H04L63/1425

Abstract: A method for opening unknown files in a malware detection system, is provided. The method generally includes receiving a request to open a file classified as an unknown file, opening the file in a container, collecting at least one of a log of events carried out by the file or observed behavior traces of the file while open in the container, transmitting, to a file analyzer, at least one of the file, the log of events, or the behavior traces for static analysis, determining, a final verdict for the file, based on at least one of the file, the log of events, or the behavior traces, wherein the final verdict for the file is based on the static analysis or dynamic analysis of the file, and taking one or more actions based on a policy configured for the first endpoint and the final verdict.

公开(公告)号：US20230297685A1

公开(公告)日：2023-09-21

申请号：US17654853

申请日：2022-03-15

Applicant: VMware, Inc.

Inventor： Rayanagouda Bheemanagouda PATIL ,  Sriram GOPALAKRISHNAN ,  Pranav GOKHALE

IPC: G06F21/57 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F21/564 ,  G06F2221/033

Abstract: A method for locating malware in a malware detection system, is provided. The method generally includes storing, at a first endpoint, a mapping of a first file hash and a first file path for a first file classified as an unknown file, opening, at the first endpoint, the first file prior to determining whether the first file is benign or malicious, determining, at the first endpoint, a first verdict for the first file, the first verdict indicating the first file is benign or malicious, locating the first file using the mapping of the first file hash and the first file path, and taking one or more actions based on a policy configured for the first endpoint and the first verdict indicating the first file is benign or malicious.