公开(公告)号：US08621628B2

公开(公告)日：2013-12-31

申请号：US12713151

申请日：2010-02-25

申请人： Eli Zeitlin ,  Arnon Axelrod ,  Anil Francis Thomas ,  Kanwaljit Marok

发明人： Eli Zeitlin ,  Arnon Axelrod ,  Anil Francis Thomas ,  Kanwaljit Marok

IPC分类号： G06F21/00

CPC分类号： G06F21/566 ,  G06F21/554 ,  G06F21/56

摘要： In one embodiment, a malware protection system may protect a computing system from a malware event. A data storage device 150 may store a watchdog filter driver 240 integrated with an operating system kernel 210. A processor 120 may intercept a process access to an application process 220 with the watchdog filter driver 240 to detect a malware event. The processor 120 may use the watchdog filter driver 240 to determine an originating process for the malware event.

摘要翻译： 在一个实施例中，恶意软件保护系统可以保护计算系统免受恶意软件事件的影响。 数据存储设备150可以存储与操作系统内核210集成的看门狗滤波器驱动器240.处理器120可以用看门狗滤波器驱动器240拦截对应用进程220的进程访问以检测恶意软件事件。 处理器120可以使用看门狗滤波器驱动器240来确定恶意软件事件的发起过程。

公开(公告)号：US08341736B2

公开(公告)日：2012-12-25

申请号：US11974457

申请日：2007-10-12

申请人： Sterling Reasor ,  Jonathan Keller ,  Jason Joyce ,  Ahmed Hussain ,  Kanwaljit Marok ,  Nizan Manor ,  Santanu Chakraborty

发明人： Sterling Reasor ,  Jonathan Keller ,  Jason Joyce ,  Ahmed Hussain ,  Kanwaljit Marok ,  Nizan Manor ,  Santanu Chakraborty

IPC分类号： G06F21/00

CPC分类号： G06F21/566 ,  G06F2221/2101 ,  G06F2221/2145

摘要： An arrangement for dynamically identifying and intercepting potential software threats before they execute on a computer system is provided in which a file system filter driver (called a “mini-filter”) interfaces with an anti-malware service to selectively generate an alert event and allow the threat to run, in addition to generating an alert event and suspending the threat. The decision to suspend the threat or allow it to run is made through application of a cascading logic hierarchy that includes respective policy-defined actions, user-defined actions, and signature-defined actions. The mini-filter generates the alert event to the anti-malware service whenever a file is opened, or modified and closed. The service uses an engine to scan the file to identify potential threats which are handled though application of the logic hierarchy which provides for configurations defined in a lower tier of the hierarchy to be overridden by those contained in a higher tier.

摘要翻译： 提供了在计算机系统上执行之前动态识别和拦截潜在软件威胁的安排，其中文件系统过滤器驱动程序（称为微型过滤器）与反恶意软件服务接口以选择性地生成警报事件并允许威胁 运行，除了生成警报事件和暂停威胁。 暂停威胁或允许其运行的决定是通过应用级联逻辑层次结构来实现的，层级逻辑层次结构包括相应的策略定义的动作，用户定义的动作和签名定义的动作。 微型过滤器在打开或修改和关闭文件时，向反恶意软件服务生成警报事件。 该服务使用引擎来扫描文件，以识别通过应用逻辑层次结构处理的潜在威胁，逻辑层次结构提供在层次结构的较低层中定义的配置将被包含在较高层中的层覆盖。

公开(公告)号：US20110209219A1

公开(公告)日：2011-08-25

申请号：US12713151

申请日：2010-02-25

申请人： Eli Zeitlin ,  Arnon Axelrod ,  Anil Francis Thomas ,  Kanwaljit Marok

发明人： Eli Zeitlin ,  Arnon Axelrod ,  Anil Francis Thomas ,  Kanwaljit Marok

IPC分类号： G06F21/00

CPC分类号： G06F21/566 ,  G06F21/554 ,  G06F21/56

摘要： In one embodiment, a malware protection system may protect a computing system from a malware event. A data storage device 150 may store a watchdog filter driver 240 integrated with an operating system kernel 210. A processor 120 may intercept a process access to an application process 220 with the watchdog filter driver 240 to detect a malware event. The processor 120 may use the watchdog filter driver 240 to determine an originating process for the malware event.

摘要翻译： 在一个实施例中，恶意软件保护系统可以保护计算系统免受恶意软件事件的影响。 数据存储设备150可以存储与操作系统内核210集成的看门狗滤波器驱动器240.处理器120可以用看门狗滤波器驱动器240拦截对应用进程220的进程访问以检测恶意软件事件。 处理器120可以使用看门狗滤波器驱动器240来确定恶意软件事件的发起过程。

公开(公告)号：US20090100520A1

公开(公告)日：2009-04-16

申请号：US11974457

申请日：2007-10-12

申请人： Sterling Reasor ,  Jonathan Keller ,  Jason Joyce ,  Ahmed Hussain ,  Kanwaljit Marok ,  Nizan Manor ,  Santanu Chakraborty

发明人： Sterling Reasor ,  Jonathan Keller ,  Jason Joyce ,  Ahmed Hussain ,  Kanwaljit Marok ,  Nizan Manor ,  Santanu Chakraborty

IPC分类号： G06F21/00

CPC分类号： G06F21/566 ,  G06F2221/2101 ,  G06F2221/2145

摘要： An arrangement for dynamically identifying and intercepting potential software threats before they execute on a computer system is provided in which a file system filter driver (called a “mini-filter”) interfaces with an anti-malware service to selectively generate an alert event and allow the threat to run, in addition to generating an alert event and suspending the threat. The decision to suspend the threat or allow it to run is made through application of a cascading logic hierarchy that includes respective policy-defined actions, user-defined actions, and signature-defined actions. The mini-filter generates the alert event to the anti-malware service whenever a file is opened, or modified and closed. The service uses an engine to scan the file to identify potential threats which are handled though application of the logic hierarchy which provides for configurations defined in a lower tier of the hierarchy to be overridden by those contained in a higher tier.

摘要翻译： 提供了一种用于在计算机系统上执行之前动态识别和拦截潜在软件威胁的布置，其中文件系统过滤器驱动程序（称为“微型过滤器”）与反恶意软件服务接口以选择性地生成警报事件并允许 除了产生警报事件和暂停威胁之外，运行的威胁。 暂停威胁或允许其运行的决定是通过应用级联逻辑层次结构来实现的，层级逻辑层次结构包括相应的策略定义的动作，用户定义的动作和签名定义的动作。 微型过滤器在打开或修改和关闭文件时，向反恶意软件服务生成警报事件。 该服务使用引擎来扫描文件，以识别通过应用逻辑层次结构处理的潜在威胁，逻辑层次结构提供在层次结构的较低层中定义的配置将被包含在较高层中的层覆盖。

公开(公告)号：US20050091346A1

公开(公告)日：2005-04-28

申请号：US10693019

申请日：2003-10-23

申请人： Brijesh Krishnaswami ,  Anil Thomas ,  Avronil Bhattacharjee ,  Gregory Thiel ,  John Delo ,  Kanwaljit Marok ,  Santanu Chakraboty ,  Justin Kwak

发明人： Brijesh Krishnaswami ,  Anil Thomas ,  Avronil Bhattacharjee ,  Gregory Thiel ,  John Delo ,  Kanwaljit Marok ,  Santanu Chakraboty ,  Justin Kwak

IPC分类号： G06F9/445 ,  G06F9/46 ,  G06F15/173 ,  H04L12/24 ,  H04L29/06

CPC分类号： H04L41/0893 ,  G06F9/44505 ,  H04L63/101

摘要： The present invention provides for a system and method facilitating configuration management. The system includes a configuration store that stores persisted configuration and/or dependency information associated with application(s), and, a configuration service component that manages access to the configuration store. The system can further include a configuration management engine (e.g., API) that allows client application(s) to access, query and/or modify setting(s). In accordance with an aspect of the present invention, application(s) submit an XML assembly manifest which comprises: the assembly identity, the application binaries, its dependencies etc. The manifest can also include a configuration section that declaratively specifies the persisted settings for the application. The configuration section includes an XSD-based schema that defines rich types for the settings and the settings themselves, and metadata for these settings including description and default values, manageability attributes (e.g., migrate, backup, policy), and integrity constraints called assertions (that could potentially describe the relationships between settings).

摘要翻译： 本发明提供了一种便于配置管理的系统和方法。 该系统包括存储与应用相关联的持久配置和/或依赖性信息的配置存储，以及管理对配置存储的访问的配置服务组件。 该系统还可以包括允许客户端应用访问，查询和/或修改设置的配置管理引擎（例如，API）。 根据本发明的一个方面，应用程序提交XML组装清单，其包括：组装标识，应用二进制文件，其依赖性等。清单还可以包括配置部分，其声明地指定持久化设置 应用。 配置部分包括一个基于XSD的模式，用于定义设置和设置本身的丰富类型，以及这些设置的元数据，包括描述和默认值，可管理性属性（例如迁移，备份，策略）和称为断言的完整性约束（ 这可能潜在地描述设置之间的关系）。