公开(公告)号：US08516478B1

公开(公告)日：2013-08-20

申请号：US12138104

申请日：2008-06-12

申请人： Jonathan L. Edwards ,  John D. Teddy

发明人： Jonathan L. Edwards ,  John D. Teddy

IPC分类号： G06F9/445 ,  G06F9/46 ,  G06F15/16

CPC分类号： G06F9/505

摘要： A system, method, and computer program product are provided for processing a task utilizing a virtual machine as a function of an aspect of another virtual machine. In use, a task to be processed is identified. Furthermore, the task is processed utilizing at least one virtual machine located in a device as a function of at least one aspect of at least one other virtual machine located on the device.

摘要翻译： 提供了系统，方法和计算机程序产品，用于根据另一虚拟机的方面来处理利用虚拟机的任务。 在使用中，确定要处理的任务。 此外，根据位于设备上的至少一个其他虚拟机的至少一个方面，利用位于设备中的至少一个虚拟机来处理该任务。

公开(公告)号：US08352939B1

公开(公告)日：2013-01-08

申请号：US11949609

申请日：2007-12-03

申请人： Jonathan L. Edwards ,  John D. Teddy ,  Tracy E. Camp

发明人： Jonathan L. Edwards ,  John D. Teddy ,  Tracy E. Camp

IPC分类号： G06F9/455 ,  G06F9/46 ,  G06F9/44 ,  G06F7/00 ,  G06F17/30 ,  G06F12/00

CPC分类号： G06F9/45533 ,  G06F9/44505 ,  G06F17/3007 ,  G06F21/562

摘要： A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data.

摘要翻译： 提供了系统，方法和计算机程序产品，用于执行与独立于虚拟机访问的虚拟磁盘数据相关联的安全或维护操作。 在使用中，至少部分地独立于虚拟机访问存储在虚拟磁盘上的数据。 此外，与访问的数据相关联地执行安全或维护操作。

公开(公告)号：US20130212581A1

公开(公告)日：2013-08-15

申请号：US13735434

申请日：2013-01-07

申请人： Jonathan L. Edwards ,  John D. Teddy ,  Tracy E. Camp

发明人： Jonathan L. Edwards ,  John D. Teddy ,  Tracy E. Camp

IPC分类号： G06F9/455

CPC分类号： G06F9/45533 ,  G06F9/44505 ,  G06F16/11 ,  G06F21/562

摘要： A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data.

摘要翻译： 提供了系统，方法和计算机程序产品，用于执行与独立于虚拟机访问的虚拟磁盘数据相关联的安全或维护操作。 在使用中，至少部分地独立于虚拟机访问存储在虚拟磁盘上的数据。 此外，与访问的数据相关联地执行安全或维护操作。

公开(公告)号：US08479286B2

公开(公告)日：2013-07-02

申请号：US12638660

申请日：2009-12-15

申请人： Gregory William Dalcher ,  John D. Teddy

发明人： Gregory William Dalcher ,  John D. Teddy

IPC分类号： H04L29/06

CPC分类号： G06F21/53 ,  G06F11/3466 ,  G06F21/552 ,  G06F21/566 ,  G06F2201/86 ,  G06F2221/2149 ,  H04L63/105 ,  H04L63/145 ,  H04L63/20

摘要： Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application. The behavioral analysis module also monitors execution of the executable application to determine whether the execution environment can be changed.

公开(公告)号：US09311126B2

公开(公告)日：2016-04-12

申请号：US13192412

申请日：2011-07-27

申请人： Jonathan L. Edwards ,  Gregory W. Dalcher ,  John D. Teddy

发明人： Jonathan L. Edwards ,  Gregory W. Dalcher ,  John D. Teddy

IPC分类号： G06F21/55 ,  G06F21/56 ,  G06F9/455

CPC分类号： G06F9/45558 ,  G06F21/53 ,  G06F21/554 ,  G06F21/56 ,  G06F21/64 ,  G06F2009/45583

摘要： A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.

摘要翻译： 在一个示例性实施例中提供了一种方法，其包括对虚拟分区中的模块进行重新加载以在固定地址加载并存储与固定地址相关联的存储器页面的散列。 外部处理程序可以接收与影响页面的事件相关联的通知。 虚拟分区内的内部代理可以执行一个任务，并将结果返回给外部处理程序，并根据内部代理返回的结果执行策略动作。 在一些实施例中，可以识别页面的代码部分和数据部分，并且仅存储代码部分的散列。

公开(公告)号：US20130254884A1

公开(公告)日：2013-09-26

申请号：US13898284

申请日：2013-05-20

申请人： Gregory William Dalcher ,  John D. Teddy

发明人： Gregory William Dalcher ,  John D. Teddy

IPC分类号： G06F21/53

CPC分类号： G06F21/53 ,  G06F11/3466 ,  G06F21/552 ,  G06F21/566 ,  G06F2201/86 ,  G06F2221/2149 ,  H04L63/105 ,  H04L63/145 ,  H04L63/20

摘要： Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application. The behavioral analysis module also monitors execution of the executable application to determine whether the execution environment can be changed.

摘要翻译： 描述了行为沙盒的方法和系统。 在一个示例实施例中，用于行为沙箱的系统可以包括网络和计算机。 网络通信地耦合到可执行应用的源。 计算机通信地耦合到网络并且包括行为分析模块和多个执行环境。 行为分析模块被配置为对通过网络下载的可执行应用程序执行行为分析。 多个执行环境包括标准执行环境和受保护的执行环境。 行为分析模块被配置为评估可执行应用的多个行为特征，以确定可执行应用是否应在执行可执行应用之前在受保护的执行环境中执行。 行为分析模块还监视可执行应用程序的执行，以确定是否可以更改执行环境。

公开(公告)号：US20130031291A1

公开(公告)日：2013-01-31

申请号：US13192412

申请日：2011-07-27

申请人： Jonathan L. Edwards ,  Gregory W. Dalcher ,  John D. Teddy

发明人： Jonathan L. Edwards ,  Gregory W. Dalcher ,  John D. Teddy

IPC分类号： G06F12/08

CPC分类号： G06F9/45558 ,  G06F21/53 ,  G06F21/554 ,  G06F21/56 ,  G06F21/64 ,  G06F2009/45583

摘要： A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.

摘要翻译： 在一个示例性实施例中提供了一种方法，其包括对虚拟分区中的模块进行重新加载以在固定地址加载并存储与固定地址相关联的存储器页面的散列。 外部处理程序可以接收与影响页面的事件相关联的通知。 虚拟分区内的内部代理可以执行一个任务，并将结果返回给外部处理程序，并根据内部代理返回的结果执行策略动作。 在一些实施例中，可以识别页面的代码部分和数据部分，并且仅存储代码部分的散列。

公开(公告)号：US20110145926A1

公开(公告)日：2011-06-16

申请号：US12638660

申请日：2009-12-15

申请人： Gregory William Dalcher ,  John D. Teddy

发明人： Gregory William Dalcher ,  John D. Teddy

IPC分类号： G06F21/00 ,  G06F11/00

CPC分类号： G06F21/53 ,  G06F11/3466 ,  G06F21/552 ,  G06F21/566 ,  G06F2201/86 ,  G06F2221/2149 ,  H04L63/105 ,  H04L63/145 ,  H04L63/20

摘要： Methods and system for behavioral sandboxing are described. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments. The behavioral analysis module is configured to perform behavioral analysis on the executable application downloaded over the network. The plurality of execution environments including a standard execution environment and a protected execution environment. The behavioral analysis module is configured to evaluate a plurality of behavioral characteristics of the executable application to determine whether the executable application should be executed within the protected execution environment prior to execution of the executable application. The behavioral analysis module also monitors execution of the executable application to determine whether the execution environment can be changed.

摘要翻译： 描述了行为沙盒的方法和系统。 在一个示例实施例中，用于行为沙箱的系统可以包括网络和计算机。 网络通信地耦合到可执行应用的源。 计算机通信地耦合到网络并且包括行为分析模块和多个执行环境。 行为分析模块被配置为对通过网络下载的可执行应用程序执行行为分析。 多个执行环境包括标准执行环境和受保护的执行环境。 行为分析模块被配置为评估可执行应用的多个行为特征，以确定可执行应用是否应在执行可执行应用之前在受保护的执行环境中执行。 行为分析模块还监视可执行应用程序的执行，以确定是否可以更改执行环境。

公开(公告)号：US20160381024A1

公开(公告)日：2016-12-29

申请号：US14752902

申请日：2015-06-27

申请人： Zheng Zhang ,  John D. Teddy ,  Craig D. Schmugar ,  Erdem Aktas ,  Clint R. Merrill ,  Kunal Mehta

发明人： Zheng Zhang ,  John D. Teddy ,  Craig D. Schmugar ,  Erdem Aktas ,  Clint R. Merrill ,  Kunal Mehta

IPC分类号： H04L29/06

CPC分类号： H04L63/10 ,  H04L63/1416 ,  H04L63/1441

摘要： There is disclosed in an example a computing apparatus, including: a process deprivilging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request directed to a first resource;determining that the first resource is not owned by the process; and at least partially blocking access to the first resource. There is further disclosed a method of providing the process deprivileging engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the process deprivileging engine.

摘要翻译： 在一个示例中公开了一种计算设备，包括：过程剥离引擎，可操作用于：识别过程具有未确定的信誉; 拦截针对第一资源的第一访问请求;确定所述第一资源不是由所述进程拥有的; 并且至少部分地阻止对第一资源的访问。 还公开了一种提供过程剥夺引擎的方法，以及一个或多个计算机可读介质，其中存储有用于提供过程剥夺引擎的可执行指令。

公开(公告)号：US20140283066A1

公开(公告)日：2014-09-18

申请号：US13976994

申请日：2013-03-15

申请人： John D. Teddy ,  James Douglas Bean ,  Gregory William Dalcher ,  Jeff Hetzler ,  Andrew Arlin Woodruff

发明人： John D. Teddy ,  James Douglas Bean ,  Gregory William Dalcher ,  Jeff Hetzler ,  Andrew Arlin Woodruff

IPC分类号： G06F21/56

CPC分类号： G06F21/56 ,  G06F21/51

摘要： An antimalware support system is provided to support one or more host-based antimalware clients. A query is received from a particular host device that identifies a file detected by an antimalware tool local to the particular host device. Reputation data is determined for the file, and a response to the query is sent to the particular host device. The query response includes the reputation data determined for the file.

摘要翻译： 提供反恶意软件支持系统以支持一个或多个基于主机的反恶意软件客户端。 从特定主机设备接收到识别由特定主机设备本地的反恶意软件工具检测到的文件的查询。 为文件确定信誉数据，并将对查询的响应发送到特定的主机设备。 查询响应包括为文件确定的信誉数据。