-
公开(公告)号:US20180004937A1
公开(公告)日:2018-01-04
申请号:US15636965
申请日:2017-06-29
申请人: Sophos Limited
发明人: Michael Shannon
CPC分类号: G06F21/51 , G06F8/61 , G06F21/554 , G06F2221/033 , H04L9/08 , H04L9/088 , H04L9/0891 , H04L9/0894 , H04L63/06 , H04L63/1433 , H04L63/20 , H04L2209/80 , H04W12/0802 , H04W12/10 , H04W12/1208
摘要: In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.
-
公开(公告)号:US20170366565A1
公开(公告)日:2017-12-21
申请号:US15691875
申请日:2017-08-31
申请人: Sophos Limited
CPC分类号: H04L63/1416 , G06F21/567 , G06F2221/034 , G06F2221/2115 , H04L63/102 , H04L63/12 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/20
摘要: In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. The scanning facility may utilize the contextual information from the client request to aid in the detection of restricted content associated with retrieved content.
-
公开(公告)号:US20170359370A1
公开(公告)日:2017-12-14
申请号:US15179447
申请日:2016-06-10
申请人: Sophos Limited
IPC分类号: H04L29/06
摘要: A file system extension for an endpoint controls access to files by selectively decrypting files under certain conditions. Where a pattern of access to the files suggests malicious and/or automated file access activity, the file system extension may limit the rate of file access by regulating the rate at which decryption is provided to requesting processes.
-
公开(公告)号:US20170359309A1
公开(公告)日:2017-12-14
申请号:US15619102
申请日:2017-06-09
申请人: Sophos Limited
发明人: Dirk Bolte , Sven Schnelle , Emanuel Taube , Jonas von Andrian
摘要: A method includes establishing a wireless link between a wireless interface of an endpoint and a WAP; exchanging, through the wireless link, network traffic associated with execution of an application at the endpoint; executing, at the endpoint, a security routine to monitor a security status of the endpoint; establishing, through the wireless link, a secure channel that shares the wireless link with the network traffic of the application, the secure channel to extend from the security routine to a supervisor through the wireless link and the WAP; conveying, from the security routine and through the secure channel, an indication of the security status; receiving, at the security routine and through the secure channel, a command to change a setting of the wireless interface associated with a characteristic of the wireless link; and accessing, from the security routine, the wireless interface to effect the change in response to receiving the command.
-
公开(公告)号:US20170346835A1
公开(公告)日:2017-11-30
申请号:US15681501
申请日:2017-08-21
申请人: Sophos Limited
发明人: Andrew J. Thomas , Kenneth D. Ray , Mark D. Harris
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , H04L63/145 , H04L63/20
摘要: Threat detection is improved by monitoring variations in observable events and correlating these variations to malicious activity. The disclosed techniques can be usefully employed with any attribute or other metric that can be instrumented on an endpoint and tracked over time including observable events such as changes to files, data, software configurations, operating systems, and so forth. Correlations may be based on historical data for a particular machine, or a group of machines such as similarly configured endpoints. Similar inferences of malicious activity can be based on the nature of a variation, including specific patterns of variation known to be associated with malware and any other unexpected patterns that deviate from normal behavior. Embodiments described herein use variations in, e.g., server software updates or URL cache hits on an endpoint, but the techniques are more generally applicable to any endpoint attribute that varies in a manner correlated with malicious activity.
-
公开(公告)号:US20170302653A1
公开(公告)日:2017-10-19
申请号:US15099524
申请日:2016-04-14
申请人: Sophos Limited
CPC分类号: H04L63/0435 , G06F21/6218 , H04L63/061 , H04L63/062 , H04L63/083 , H04L63/1433 , H04L2463/041 , H04L2463/062
摘要: A portable encryption format wraps encrypted files in a self-executing container that facilitates transparent, identity-based decryption for properly authenticated users while also providing local password access to wrapped files when identity-based decryption is not available.
-
公开(公告)号:US20170109528A1
公开(公告)日:2017-04-20
申请号:US14929910
申请日:2015-11-02
申请人: Sophos Limited
CPC分类号: H04L63/145 , G06F21/53 , G06F21/562 , G06F21/563 , G06F21/564 , G06F21/565 , G06F21/566 , G06F21/577 , G06F2221/033 , H04L63/0236 , H04L63/1416
摘要: Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. In another aspect, multiple types of sandboxes may be provided, with the type being selected according to the type of exploit suggested by the static analysis.
-
公开(公告)号:US20160299892A1
公开(公告)日:2016-10-13
申请号:US14682186
申请日:2015-04-09
申请人: Sophos Limited
发明人: Gregory Hayrapetian , Markus Hein , Martin Huch , Oliver Lorenz , Johann Murauer , Stefan Perndl , Christian Praher-Köppl , Bernhard Traunmüller , Gerald Wintersberger , Michael Zach
IPC分类号: G06F17/30
CPC分类号: G06F17/3012 , G06F17/30076 , G06F17/30091 , G06F17/30115 , G06F17/30138 , G06F17/30174 , G06F17/30235
摘要: Transparent file processing is supported in Unix-like operating systems by emulating the desired file processing through a number of recipes that accommodate different contexts. Recipes are provided, for example, for local folders in user space, for whole devices (e.g., flash drives or network drives), and for folders synchronized to cloud data. By detecting the path type for a file operation and selecting and applying the appropriate recipe, file processing can be performed in a manner transparent to the user.
摘要翻译: 透过Unix类操作系统支持透明文件处理,通过适应不同上下文的多种配方来模拟所需的文件处理。 例如,为用户空间中的本地文件夹,整个设备(例如,闪存驱动器或网络驱动器)以及与云数据同步的文件夹提供了配方。 通过检测文件操作的路径类型并选择和应用适当的配方,可以以对用户透明的方式执行文件处理。
-
公开(公告)号:US20160173510A1
公开(公告)日:2016-06-16
申请号:US14570578
申请日:2014-12-15
申请人: Sophos Limited
发明人: Mark D. Harris , Kenneth D. Ray
CPC分类号: G06F21/552 , H04L63/02 , H04L63/1416 , H04L63/20 , H04L67/2842
摘要: Threat detection is improved by monitoring variations in observable events and correlating these variations to malicious activity. The disclosed techniques can be usefully employed with any attribute or other metric that can be instrumented on an endpoint and tracked over time including observable events such as changes to files, data, software configurations, operating systems, and so forth. Correlations may be based on historical data for a particular machine, or a group of machines such as similarly configured endpoints. Similar inferences of malicious activity can be based on the nature of a variation, including specific patterns of variation known to be associated with malware and any other unexpected patterns that deviate from normal behavior. Embodiments described herein use variations in, e.g., server software updates or URL cache hits on an endpoint, but the techniques are more generally applicable to any endpoint attribute that varies in a manner correlated with malicious activity.
摘要翻译: 通过监测可观察事件的变化并将这些变化与恶意活动相关联来改善威胁检测。 所公开的技术可以有用地与任何属性或其他度量相关联,该属性或其他度量可被测量在端点上并随时间跟踪,包括可观察事件,例如对文件,数据,软件配置,操作系统等的改变。 相关性可以基于特定机器或一组机器的历史数据,例如类似配置的端点。 恶意活动的类似推断可以基于变体的性质,包括已知与恶意软件相关联的特定变异模式以及偏离正常行为的任何其他意外模式。 本文描述的实施例使用例如端点上的服务器软件更新或URL缓存命中的变化,但是这些技术更通常地适用于以与恶意活动相关的方式变化的任何端点属性。
-
100.发明申请METHOD AND SYSTEM FOR DETECTING RESTRICTED CONTENT ASSOCIATED WITH RETRIEVED CONTENT 有权用于检测与检索内容相关的限制内容的方法和系统公开(公告)号:US20150373037A1
公开(公告)日:2015-12-24
申请号:US14838973
申请日:2015-08-28
申请人: Sophos Limited
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/567 , G06F2221/034 , G06F2221/2115 , H04L63/102 , H04L63/12 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/20
摘要: Techniques are described for detecting restricted content associated with retrieved content. A method and system includes receiving a client request for content, where the request includes an outbound network request from the client with a Uniform Resource Identifier (URI) containing a domain name, saving contextual information from the request, examining the request for compliance with a management policy, retrieving a content item responsive to the request, and analyzing the contextual information from the request and the content item to detect whether the content item includes restricted content from a list of restrictions in the management policy. A scanning facility may thus utilize the contextual information from the client request to aid in the detection of restricted content associated with retrieved content.
摘要翻译: 描述了用于检测与检索到的内容相关联的受限内容的技术。 一种方法和系统包括接收对内容的客户端请求,其中请求包括来自客户端的带有包含域名的统一资源标识符(URI)的出站网络请求,从请求中保存上下文信息,检查对于 管理策略,响应于所述请求检索内容项,以及从所述请求和所述内容项分析所述上下文信息,以从所述管理策略中的限制列表中检测所述内容项是否包括受限内容。 因此,扫描设备可以利用来自客户端请求的上下文信息来帮助检测与检索到的内容相关联的受限内容。
-
-
-
-
-
-
-
-
-
搜索结果
595 条记录 (耗时 0.062 秒)
