-
公开(公告)号:US20130086683A1
公开(公告)日:2013-04-04
申请号:US13248867
申请日:2011-09-29
IPC分类号: G06F21/00
CPC分类号: G06F21/00 , G06F21/564 , G06F21/568
摘要: Techniques are described herein that are capable of selectively scanning objects for infection by malware (i.e., to determine whether one or more of the objects are infected by malware). For instance, metadata that is associated with the objects may be reviewed to determine whether update(s) have been made with regard to the objects since a determination was made that the objects were not infected by malware. An update may involve increasing a number of the objects, modifying one of the objects, etc. Objects that have been updated (e.g., added and/or modified) since the determination may be scanned. Objects that have not been updated since the determination need not necessarily be scanned. For instance, an allowance may be made to perform operations with respect to the objects that have not been updated since the determination without first scanning the objects for infection by malware.
摘要翻译: 本文描述了能够选择性地扫描物体以感染恶意软件(即,确定一个或多个对象是否被恶意软件感染)的技术。 例如,可以检查与对象相关联的元数据,以确定是否已经对对象进行了更新,因为确定对象未被恶意软件感染。 更新可以涉及增加对象的数量,修改对象之一等。可以扫描自确定以来已被更新(例如,添加和/或修改)的对象。 自确定以来尚未更新的对象不必一定被扫描。 例如,可以在不首先扫描物体以感染恶意软件的情况下,进行从确定以来未进行更新的对象的操作。
-
公开(公告)号:US07716743B2
公开(公告)日:2010-05-11
申请号:US11035584
申请日:2005-01-14
申请人: Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas , Gheorghe Marius Gheorghescu , Kyle A. Larsen , Vadim N. Bluvstein
发明人: Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas , Gheorghe Marius Gheorghescu , Kyle A. Larsen , Vadim N. Bluvstein
CPC分类号: G06F21/56 , G06F21/6209 , G06F21/64
摘要: The present invention provides a system, method, and computer-readable medium for quarantining a file. Embodiments of the present invention are included in antivirus software that maintains a user interface. From the user interface, a user may issue a command to quarantine a file or the quarantine process may be initiated automatically by the antivirus software after malware is identified. When a file is marked for quarantine, aspects of the present invention encode file data with a function that is reversible. Then a set of metadata is identified that describes attributes of the file including any heightened security features that are used to limit access to the file. The metadata is moved to a quarantine folder, while the encoded file remains at the same location in the file system. As a result, the encoded file maintains the same file attributes as the original, non-quarantined file, including any heightened security features.
摘要翻译: 本发明提供了用于隔离文件的系统,方法和计算机可读介质。 本发明的实施例包括在维护用户界面的防病毒软件中。 从用户界面,用户可能会发出隔离文件的命令,或者在识别恶意软件后,防病毒软件可能会自动启动隔离进程。 当文件被标记为隔离区时,本发明的方面用可逆的功能对文件数据进行编码。 然后识别一组描述文件属性的元数据,包括用于限制对文件访问的任何更高级的安全功能。 元数据移动到隔离文件夹,而编码文件保留在文件系统中的相同位置。 因此,编码文件保持与原始,未隔离文件相同的文件属性,包括任何更高级的安全功能。
-
13.发明授权System and method of efficiently identifying and removing active malware from a computer 有权从计算机有效识别和删除活动恶意软件的系统和方法公开(公告)号:US07673341B2
公开(公告)日:2010-03-02
申请号:US11012892
申请日:2004-12-15
申请人: Michael Kramer , Matthew Braverman , Marc E. Seinfeld , Jason Garms , Adrian M. Marinescu , George Cristian Chicioreanu , Scott A. Field
发明人: Michael Kramer , Matthew Braverman , Marc E. Seinfeld , Jason Garms , Adrian M. Marinescu , George Cristian Chicioreanu , Scott A. Field
IPC分类号: G06F12/14
CPC分类号: H04L63/1408 , G06F21/562
摘要: The present invention provides a system, method, and computer-readable medium for identifying and removing active malware from a computer. Aspects of the present invention are included in a cleaner tool that may be obtained automatically with an update service or may be downloaded manually from a Web site or similar distribution system. The cleaner tool includes a specialized scanning engine that searches a computer for active malware. Since the scanning engine only searches for active malware, the amount of data downloaded and resource requirements of the cleaner tool are less than traditional antivirus software. The scanning engine searches specific locations on a computer, such as data mapped in memory, configuration files, and file metadata for data characteristic of malware. If malware is detected, the cleaner tool removes the malware from the computer.
摘要翻译: 本发明提供一种用于从计算机识别和去除活动恶意软件的系统,方法和计算机可读介质。 本发明的方面包括在可以使用更新服务自动获得的清洁工具中,或者可以从网站或类似的分发系统手动下载。 更清洁的工具包括专门的扫描引擎,可在计算机上搜索主动恶意软件。 由于扫描引擎仅搜索活动的恶意软件,所以下载的数据量和清洁工具的资源需求比传统的防病毒软件要少。 扫描引擎在计算机上搜索特定位置,例如映射到内存中的数据,配置文件和文件元数据,以便恶意软件的特征。 如果检测到恶意软件,则清洁工具会从计算机中删除恶意软件。
-
公开(公告)号:US07376970B2
公开(公告)日:2008-05-20
申请号:US10783275
申请日:2004-02-20
申请人: Adrian M. Marinescu
发明人: Adrian M. Marinescu
IPC分类号: G06F11/00
CPC分类号: G06F21/566
摘要: A system, method, and computer readable medium for the proactive detection of malware in operating systems that receive application programming interface (API) calls is provided. A virtual operating environment for simulating the execution of programs and determining if the programs are malware is created. The virtual operating environment confines potential malware so that the systems of the host operating environment will not be adversely effected. During simulation, a behavior signature is generated based on the API calls issued by potential malware. The behavior signature is suitable for analysis to determine whether the simulated executable is malware.
摘要翻译: 提供了用于在接收应用程序接口(API)调用的操作系统中主动检测恶意软件的系统,方法和计算机可读介质。 用于模拟程序的执行并确定程序是否是恶意软件的虚拟操作环境被创建。 虚拟操作环境限制潜在的恶意软件,使得主机操作环境的系统不会受到不利影响。 在仿真期间,根据潜在恶意软件发出的API调用生成行为签名。 行为签名适用于分析,以确定模拟的可执行文件是否为恶意软件。
-
公开(公告)号:US08973135B2
公开(公告)日:2015-03-03
申请号:US13248867
申请日:2011-09-29
CPC分类号: G06F21/00 , G06F21/564 , G06F21/568
摘要: Techniques are described herein that are capable of selectively scanning objects for infection by malware (i.e., to determine whether one or more of the objects are infected by malware). For instance, metadata that is associated with the objects may be reviewed to determine whether update(s) have been made with regard to the objects since a determination was made that the objects were not infected by malware. An update may involve increasing a number of the objects, modifying one of the objects, etc. Objects that have been updated (e.g., added and/or modified) since the determination may be scanned. Objects that have not been updated since the determination need not necessarily be scanned. For instance, an allowance may be made to perform operations with respect to the objects that have not been updated since the determination without first scanning the objects for infection by malware.
摘要翻译: 本文描述了能够选择性地扫描物体以感染恶意软件(即,确定一个或多个对象是否被恶意软件感染)的技术。 例如,可以检查与对象相关联的元数据,以确定是否已经对对象进行了更新,因为确定对象未被恶意软件感染。 更新可以涉及增加对象的数量,修改对象之一等。可以扫描自确定以来已被更新(例如,添加和/或修改)的对象。 自确定以来尚未更新的对象不必一定被扫描。 例如,可以在不首先扫描物体以感染恶意软件的情况下,进行从确定以来未进行更新的对象的操作。
-
公开(公告)号:US08799190B2
公开(公告)日:2014-08-05
申请号:US13163010
申请日:2011-06-17
申请人: Jack W. Stokes , Nikos Karampatziakis , John C. Platt , Anil Francis Thomas , Adrian M. Marinescu
发明人: Jack W. Stokes , Nikos Karampatziakis , John C. Platt , Anil Francis Thomas , Adrian M. Marinescu
CPC分类号: G06K9/62 , G06F21/56 , G06F21/563 , G06K9/6224 , Y10S707/952
摘要: A reliable automated malware classification approach with substantially low false positive rates is provided. Graph-based local and/or global file relationships are used to improve malware classification along with a feature selection algorithm. File relationships such as containing, creating, copying, downloading, modifying, etc. are used to assign malware probabilities and simultaneously reduce the false positive and false negative rates on executable files.
摘要翻译: 提供了一种可靠的自动恶意软件分类方法,具有极低的假阳性率。 基于图形的本地和/或全局文件关系用于改进恶意软件分类以及特征选择算法。 使用诸如包含,创建,复制,下载,修改等的文件关系来分配恶意软件概率,并同时减少可执行文件上的假正负率。
-
公开(公告)号:US20130160126A1
公开(公告)日:2013-06-20
申请号:US13327223
申请日:2011-12-15
申请人: Vishal Kapoor , Jason J. Joyce , Gregory W. Nichols , Joshua W. Dunn , Michael S. Jarrett , Adrian M. Marinescu , Marc E. Seinfeld , Axel Andrejs , Jayaraman Kalyana Sundaram
发明人: Vishal Kapoor , Jason J. Joyce , Gregory W. Nichols , Joshua W. Dunn , Michael S. Jarrett , Adrian M. Marinescu , Marc E. Seinfeld , Axel Andrejs , Jayaraman Kalyana Sundaram
CPC分类号: G06F21/568 , G06F2221/2115
摘要: A system is described for remediating a malicious modern application installed on an end user device. In an embodiment, the system includes an antimalware program executing on the end user device that can detect and attempt to remediate the malicious modern application, an operating system executing on the end user device that is configured to interact with the antimalware program for the purpose of facilitating the establishment of a connection between the end user device and an application support system in response to determining that the antimalware program has detected and attempted to remediate the malicious modern application, and the application support system that can perform remediation operations beyond those that can be performed by the antimalware program.
摘要翻译: 描述了一种用于修复安装在最终用户设备上的恶意现代应用程序的系统。 在一个实施例中,系统包括在最终用户设备上执行的可以检测并尝试修复恶意现代应用的反恶意软件程序,该终端用户设备上执行的被配置为与反恶意软件程序交互的操作系统, 响应于确定反恶意软件程序已经检测并尝试修复恶意现代应用程序,以及能够执行补救操作的应用程序支持系统,超出可以执行的修复操作,便于建立最终用户设备和应用程序支持系统之间的连接 由反恶意程序执行。
-
公开(公告)号:US20120323829A1
公开(公告)日:2012-12-20
申请号:US13163010
申请日:2011-06-17
申请人: Jack W. Stokes , Nikos Karampatziakis , John C. Platt , Anil Francis Thomas , Adrian M. Marinescu
发明人: Jack W. Stokes , Nikos Karampatziakis , John C. Platt , Anil Francis Thomas , Adrian M. Marinescu
CPC分类号: G06K9/62 , G06F21/56 , G06F21/563 , G06K9/6224 , Y10S707/952
摘要: A reliable automated malware classification approach with substantially low false positive rates is provided. Graph-based local and/or global file relationships are used to improve malware classification along with a feature selection algorithm. File relationships such as containing, creating, copying, downloading, modifying, etc. are used to assign malware probabilities and simultaneously reduce the false positive and false negative rates on executable files.
摘要翻译: 提供了一种可靠的自动恶意软件分类方法,具有极低的假阳性率。 基于图形的本地和/或全局文件关系用于改进恶意软件分类以及特征选择算法。 使用诸如包含,创建,复制,下载,修改等的文件关系来分配恶意软件概率,并同时减少可执行文件上的假正负率。
-
公开(公告)号:US08161557B2
公开(公告)日:2012-04-17
申请号:US12949622
申请日:2010-11-18
IPC分类号: G06F11/00
CPC分类号: G06F21/564
摘要: In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.
摘要翻译: 根据本发明,提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统,方法和计算机可读介质。 本发明的一个方面包括当接收到包括恶意软件签名的软件更新时,识别需要扫描恶意软件的文件。 更具体地,通过搜索与恶意软件相关联的元数据来识别新的恶意软件的属性。 然后,该方法将搜索扫描缓存,并确定每个具有扫描缓存中的条目的文件是否是可能被恶意软件感染的类型。 如果文件是可能被恶意软件感染的文件,那么当发生诸如I / O请求的扫描事件时,该文件将被扫描恶意软件。 相反,如果文件不是可能被恶意软件感染的类型,则可能会访问该文件,而不执行扫描。
-
20.发明授权System and method for detecting malware in an executable code module according to the code module's exhibited behavior 有权根据代码模块的展示行为,在可执行代码模块中检测恶意软件的系统和方法公开(公告)号:US07913305B2
公开(公告)日:2011-03-22
申请号:US10769038
申请日:2004-01-30
IPC分类号: G06F11/00
CPC分类号: G06F21/566
摘要: A malware detection system that determines whether an executable code module is malware according to behaviors exhibited while executing is presented. The malware detection system determines the type of code module and executes the code module in a behavior evaluation module for evaluating code corresponding to the code module's type. Some behaviors exhibited by the code module, while executing in the behavior evaluation module, are recorded as the code module's behavior signature. After the code module has completed its execution, the code module's behavior signature is compared against known malware behavior signatures stored in a malware behavior signature store. A determination as to whether the code module is malware is based on the results of the comparison.
摘要翻译: 一个恶意软件检测系统根据执行过程中呈现的行为来确定可执行代码模块是否是恶意软件。 恶意软件检测系统确定代码模块的类型,并在行为评估模块中执行代码模块,以评估与代码模块类型相对应的代码。 在行为评估模块中执行时,代码模块执行的一些行为被记录为代码模块的行为签名。 在代码模块完成执行之后,将代码模块的行为签名与存储在恶意软件行为签名存储中的已知恶意软件行为特征进行比较。 关于代码模块是否是恶意软件的确定是基于比较的结果。
-
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.032 秒)
