公开(公告)号：US20160381024A1

公开(公告)日：2016-12-29

申请号：US14752902

申请日：2015-06-27

申请人： Zheng Zhang ,  John D. Teddy ,  Craig D. Schmugar ,  Erdem Aktas ,  Clint R. Merrill ,  Kunal Mehta

发明人： Zheng Zhang ,  John D. Teddy ,  Craig D. Schmugar ,  Erdem Aktas ,  Clint R. Merrill ,  Kunal Mehta

IPC分类号： H04L29/06

CPC分类号： H04L63/10 ,  H04L63/1416 ,  H04L63/1441

摘要： There is disclosed in an example a computing apparatus, including: a process deprivilging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request directed to a first resource;determining that the first resource is not owned by the process; and at least partially blocking access to the first resource. There is further disclosed a method of providing the process deprivileging engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the process deprivileging engine.

摘要翻译： 在一个示例中公开了一种计算设备，包括：过程剥离引擎，可操作用于：识别过程具有未确定的信誉; 拦截针对第一资源的第一访问请求;确定所述第一资源不是由所述进程拥有的; 并且至少部分地阻止对第一资源的访问。 还公开了一种提供过程剥夺引擎的方法，以及一个或多个计算机可读介质，其中存储有用于提供过程剥夺引擎的可执行指令。

公开(公告)号：US20140283066A1

公开(公告)日：2014-09-18

申请号：US13976994

申请日：2013-03-15

申请人： John D. Teddy ,  James Douglas Bean ,  Gregory William Dalcher ,  Jeff Hetzler ,  Andrew Arlin Woodruff

发明人： John D. Teddy ,  James Douglas Bean ,  Gregory William Dalcher ,  Jeff Hetzler ,  Andrew Arlin Woodruff

IPC分类号： G06F21/56

CPC分类号： G06F21/56 ,  G06F21/51

摘要： An antimalware support system is provided to support one or more host-based antimalware clients. A query is received from a particular host device that identifies a file detected by an antimalware tool local to the particular host device. Reputation data is determined for the file, and a response to the query is sent to the particular host device. The query response includes the reputation data determined for the file.

摘要翻译： 提供反恶意软件支持系统以支持一个或多个基于主机的反恶意软件客户端。 从特定主机设备接收到识别由特定主机设备本地的反恶意软件工具检测到的文件的查询。 为文件确定信誉数据，并将对查询的响应发送到特定的主机设备。 查询响应包括为文件确定的信誉数据。

公开(公告)号：US08479286B2

公开(公告)日：2013-07-02

申请号：US12638660

申请日：2009-12-15

申请人： Gregory William Dalcher ,  John D. Teddy

发明人： Gregory William Dalcher ,  John D. Teddy

IPC分类号： H04L29/06

CPC分类号： G06F21/53 ,  G06F11/3466 ,  G06F21/552 ,  G06F21/566 ,  G06F2201/86 ,  G06F2221/2149 ,  H04L63/105 ,  H04L63/145 ,  H04L63/20

摘要： Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application. The behavioral analysis module also monitors execution of the executable application to determine whether the execution environment can be changed.