-
公开(公告)号:US09838417B1
公开(公告)日:2017-12-05
申请号:US14586233
申请日:2014-12-30
申请人: FireEye, Inc.
发明人: Yasir Khalid , Sushant Paithane , Sai Vashisht
CPC分类号: H04L63/145 , G06F9/45533 , G06F21/566
摘要: According to one embodiment, a malware detection system is integrated with at least a static analysis engine and a dynamic analysis engine. The static analysis engine is configured to automatically determine an object type of a received object. The dynamic analysis engine is configured to automatically launch the object after selecting an action profile based on the object type. The dynamic analysis engine is further configured to, provide simulated user interaction to the object based on the selected action profile either in response to detecting a request for human interaction or as a result of a lapse of time since a previous simulated human interaction was provided.
-
公开(公告)号:US09223972B1
公开(公告)日:2015-12-29
申请号:US14231216
申请日:2014-03-31
申请人: FireEye, Inc.
CPC分类号: G06F21/566
摘要: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory comprises one or more detection modules each being software that is configurable to enable, disable or modify capabilities for that corresponding detection module. A first detection module the detection modules, when executed by the processor, conducts a first capability including an analysis of a received object to determine if the received object is associated with a malicious attack. The analysis may be altered upon receipt of a configuration file that is substantially lesser in size than the software forming the first detection module and includes information to alter one or more rules controlling the first capability.
摘要翻译: 根据一个实施例,一种装置包括处理器和存储器。 通信地耦合到处理器,存储器包括一个或多个检测模块,每个检测模块是可配置为启用,禁用或修改相应的检测模块的能力的软件。 第一检测模块,当由处理器执行时,检测模块执行包括对接收到的对象的分析的第一能力,以确定所接收的对象是否与恶意攻击相关联。 在接收到比形成第一检测模块的软件大得多的配置文件的配置文件中可以改变分析,并且包括用于改变控制第一能力的一个或多个规则的信息。
-
搜索结果
32 条记录 (耗时 0.017 秒)
