System and method for prioritizing computers based on anti-malware events
    1.
    发明授权
    System and method for prioritizing computers based on anti-malware events 有权
    基于反恶意软件事件对计算机进行优先排序的系统和方法

    公开(公告)号:US08719942B2

    公开(公告)日:2014-05-06

    申请号:US12704391

    申请日:2010-02-11

    IPC分类号: H04L29/06

    摘要: Tracking malware state information assigned to computers in an enterprise network is described. A computer may transition from a current malware state to a new malware state in accordance with a plurality of stored rules and detection of an anti-malware event on the computer. Examples of anti-malware events include, but are not limited to, detection of new malware on the computer or cleaning of the computer. The malware state information for computers on the network may be mapped to a risk level representing an amount of risk that infected computers present to other computers on the network. The results of a risk level assessment for the computers on the network may be output via a user interface to enable an administrator of the network to prioritize servicing of computers with detected malware.

    摘要翻译: 描述分配给企业网络中计算机的恶意软件状态信息。 计算机可以根据多个存储的规则从计算机上的反恶意软件事件的检测从当前恶意软件状态转换到新的恶意软件状态。 反恶意软件事件的示例包括但不限于检测计算机上的新恶意软件或清洁计算机。 网络上计算机的恶意软件状态信息可能被映射到一个风险级别,该风险级别表示受感染计算机存在于网络上其他计算机的风险。 可以通过用户界面输出网络上计算机的风险级别评估结果,以使网络的管理员可以优先处理检测到恶意软件的计算机的服务。

    SYSTEM AND METHOD FOR PRIORITIZING COMPUTERS BASED ON ANTI-MALWARE EVENTS
    2.
    发明申请
    SYSTEM AND METHOD FOR PRIORITIZING COMPUTERS BASED ON ANTI-MALWARE EVENTS 有权
    基于反恶意事件优化计算机的系统和方法

    公开(公告)号:US20110197277A1

    公开(公告)日:2011-08-11

    申请号:US12704391

    申请日:2010-02-11

    摘要: Tracking malware state information assigned to computers in an enterprise network is described. A computer may transition from a current malware state to a new malware state in accordance with a plurality of stored rules and detection of an anti-malware event on the computer. Examples of anti-malware events include, but are not limited to, detection of new malware on the computer or cleaning of the computer. The malware state information for computers on the network may be mapped to a risk level representing an amount of risk that infected computers present to other computers on the network. The results of a risk level assessment for the computers on the network may be output via a user interface to enable an administrator of the network to prioritize servicing of computers with detected malware.

    摘要翻译: 描述分配给企业网络中计算机的恶意软件状态信息。 计算机可以根据多个存储的规则从计算机上的反恶意软件事件的检测从当前恶意软件状态转换到新的恶意软件状态。 反恶意软件事件的示例包括但不限于检测计算机上的新恶意软件或清洁计算机。 网络上计算机的恶意软件状态信息可能被映射到一个风险级别,该风险级别表示受感染计算机存在于网络上其他计算机的风险。 可以通过用户界面输出网络上计算机的风险级别评估结果,以使网络的管理员可以优先处理检测到恶意软件的计算机的服务。

    ANALYTICS ENGINE
    3.
    发明申请
    ANALYTICS ENGINE 有权
    分析发动机

    公开(公告)号:US20090199265A1

    公开(公告)日:2009-08-06

    申请号:US12141897

    申请日:2008-06-18

    IPC分类号: H04L9/00 G06F12/14 G06N5/02

    摘要: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.

    摘要翻译: 本文描述的主题的方面涉及用于评估安全性的机制。 在一些方面,提供了分析引擎,其管理安全系统的各个组件之间的执行,信息存储和数据传递。 当数据可用于分析时,分析引擎确定要执行哪些安全组件以及执行安全组件的顺序,在某些情况下,并行执行两个或多个组件。 然后,分析引擎按照所确定的顺序执行组件,并将组件的输出传递到组件,这是由组件之间的依赖关系决定的。 直到产生或更新安全评估为止。 分析引擎简化了创建和集成各种安全组件的工作。

    Preserving thread identity during remote calls
    4.
    发明授权
    Preserving thread identity during remote calls 有权
    在远程呼叫期间保留线程标识

    公开(公告)号:US06529962B1

    公开(公告)日:2003-03-04

    申请号:US09247174

    申请日:1999-02-09

    IPC分类号: G06F946

    CPC分类号: G06F9/548

    摘要: A method for performing remote calls between source and target computing machines includes running a program thread on the source machine which invokes a remote call to the target machine. The remote call is transmitted to the target machine, the call including an identifier associated with the program thread. A response to the remote call is received from the target machine, the response including the identifier, whereby the response is returned to the program thread on the source machine using the identifier.

    摘要翻译: 用于在源计算机和目标计算机之间执行远程调用的方法包括在源计算机上运行程序线程,该程序线程调用对目标机器的远程调用。 远程呼叫被发送到目标机器,该呼叫包括与该程序线程相关联的标识符。 从目标机器接收到对远程呼叫的响应,响应包括标识符,由此响应使用标识符返回给源计算机上的程序线程。

    Analytics engine
    5.
    发明授权
    Analytics engine 有权
    分析引擎

    公开(公告)号:US08990947B2

    公开(公告)日:2015-03-24

    申请号:US12141897

    申请日:2008-06-18

    摘要: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.

    摘要翻译: 本文描述的主题的方面涉及用于评估安全性的机制。 在一些方面,提供了分析引擎,其管理安全系统的各个组件之间的执行,信息存储和数据传递。 当数据可用于分析时,分析引擎确定要执行哪些安全组件以及执行安全组件的顺序,在某些情况下,并行执行两个或多个组件。 然后,分析引擎按照所确定的顺序执行组件,并将组件的输出传递到组件,这是由组件之间的依赖关系决定的。 直到产生或更新安全评估为止。 分析引擎简化了创建和集成各种安全组件的工作。