-
公开(公告)号:US11816203B2
公开(公告)日:2023-11-14
申请号:US17456257
申请日:2021-11-23
申请人: Malwarebytes Inc.
发明人: Jason Neal Raber , Mickael Roger
CPC分类号: G06F21/53 , G06F9/45508 , G06F11/302 , G06F11/3495 , G06F2221/033
摘要: An anti-malware system monitors the emulation of a suspicious program in a sandbox environment. The anti-malware system determines that the suspicious program is attempting to access a restricted area of memory (e.g., an executable instruction in the restricted area). Rather than stop the emulation, the anti-malware system can temporarily pause the emulation of the suspicious program. During this pause, the anti-malware system can determine whether the suspicious program is containable within the sandbox environment. If the anti-malware system determines that the emulation of the executable instruction is safe (e.g., that the program is containable), the anti-malware system will resume emulation. If the anti-malware system determines that the emulation of the executable instruction is not safe, the anti-malware system may shut down emulation.
-
公开(公告)号:US11797676B2
公开(公告)日:2023-10-24
申请号:US17411833
申请日:2021-08-25
申请人: Malwarebytes Inc.
发明人: Jason Neal Raber
CPC分类号: G06F21/566 , G06F21/53 , G06F2221/033
摘要: An anti-malware application can emulate a suspicious program in a sandbox environment and retrieve any exception handlers the suspicious program attempts to register with the operation system. When the suspicious program triggers an exception, the anti-malware application can save a current context of the suspicious program being emulated. To emulate the handling of the exception, the anti-malware application can validate an exception handler chain including one or more exception handlers added by the suspicious program. The anti-malware application can then select and emulate an exception handler based on the saved context of the suspicious program at the time the exception was triggered. If the first exception handler is successful at resolving the exception, the anti-malware application can then save an updated post-exception context and continue emulation of the suspicious program based on the result of the first exception handler.
-
公开(公告)号:US20220245247A1
公开(公告)日:2022-08-04
申请号:US17411833
申请日:2021-08-25
申请人: Malwarebytes Inc.
发明人: Jason Neal Raber
摘要: An anti-malware application can emulate a suspicious program in a sandbox environment and retrieve any exception handlers the suspicious program attempts to register with the operation system. When the suspicious program triggers an exception, the anti-malware application can save a current context of the suspicious program being emulated. To emulate the handling of the exception, the anti-malware application can validate an exception handler chain including one or more exception handlers added by the suspicious program. The anti-malware application can then select and emulate an exception handler based on the saved context of the suspicious program at the time the exception was triggered. If the first exception handler is successful at resolving the exception, the anti-malware application can then save an updated post-exception context and continue emulation of the suspicious program based on the result of the first exception handler.
-
公开(公告)号:US20220239670A1
公开(公告)日:2022-07-28
申请号:US17369624
申请日:2021-07-07
申请人: Malwarebytes Inc.
摘要: A malware infection prediction method predicts a likelihood that a client device is to be infected with in a period of time based on state and behavior telemetry data. A malware infection prediction system receives telemetry data associated with use (i.e. behavior data) and configuration (i.e. state data) of a client device. By using a trained model, the system predicts a likelihood of the client device becoming infected within a given time frame. Based on the predicted likelihood, the system generates recommendations including recommended actions for reducing the likelihood of the client device becoming infected. The system then generates notifications including the recommendations and sends the notifications to the client device or to an administrative account associated with the client device.
-
公开(公告)号:US20220237286A1
公开(公告)日:2022-07-28
申请号:US17161497
申请日:2021-01-28
申请人: Malwarebytes Inc.
摘要: An anti-exploitation application identifies and prevents a malicious action from occurring on a client. To do so, a monitoring system instantiated on the kernel of the operating system of the client. The monitoring system stores information describing actions taken by the processor. When the monitoring system detects a triggering action, it sends the triggering action to the anti-exploitation application to determine whether the triggering action is an exploitation action. The anti-exploitation application accesses an evidence set for the triggering action and its related actions. The anti-exploitation application generates an execution hierarchy defining the hierarchical relationships between the triggering action and its related actions and tests the hierarchy against a ruleset of grammatically structured rules. If a grammatically structured rule in the ruleset indicates that the triggering action is an exploitation action, the anti-exploitation application takes a prevention action.
-
公开(公告)号:US20180309793A1
公开(公告)日:2018-10-25
申请号:US15787593
申请日:2017-10-18
申请人: Malwarebytes Inc.
发明人: Carlos Ardanza Azcondo , Elisabeth Irizar Nieto , Luis Maria Zubia Murguiondo , Francisco Sanchez Peña , Pedro Bustamante Lopez-Chicheri
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , G06F21/577 , G06F2221/2143 , H04L63/1441
摘要: A protection application detects and removes unwanted applications. The protection application scans a client device for suspected unwanted applications. A security server provides an application rating for detected applications to the client device. The application rating is generated based on application retention data received from client devices indicating whether users of the clients choose to remove or retain the application when given the option. The application retention data may be weighed based on a categorization of the clients providing the application retention data into to clients expected to have different reliability levels. The security server can also provide a definition specifying all known components associated with a suspected unwanted application. Responsive to a selection to remove a suspected unwanted application, the protection application uninstalls all components of the application.
-
公开(公告)号:US20240259424A1
公开(公告)日:2024-08-01
申请号:US18301145
申请日:2023-04-14
申请人: Malwarebytes Inc.
IPC分类号: H04L9/40
CPC分类号: H04L63/1466 , H04L63/1416
摘要: A newly created or modified object is sent to a networked local or remote server for analysis. While the object is being analyzed for vulnerabilities, the object is locked and made inaccessible to users, devices, and networks. If the object is identified as malicious, it may be marked for review, deleted, placed in quarantine, or have its permissions changed so that it cannot cause harm by propagating through the environment. Conversely, if the object is identified as safe, the risk of ransomware attacks may also be mitigated by replicating the object across multiple cloud storage platforms.
-
公开(公告)号:US20240256690A1
公开(公告)日:2024-08-01
申请号:US18301149
申请日:2023-04-14
申请人: Malwarebytes Inc.
CPC分类号: G06F21/6218 , G06F21/604 , H04L63/1416 , H04L63/1441
摘要: A newly created or modified object is sent to a networked local or remote server for analysis. While the object is being analyzed for vulnerabilities, the object is locked and made inaccessible to users, devices, and networks. If the object is identified as malicious, it may be marked for review, deleted, placed in quarantine, or have its permissions changed so that it cannot cause harm by propagating through the environment. Conversely, if the object is identified as safe, the risk of ransomware attacks may also be mitigated by replicating the object across multiple cloud storage platforms.
-
公开(公告)号:US20240256659A1
公开(公告)日:2024-08-01
申请号:US18301155
申请日:2023-04-14
申请人: Malwarebytes Inc.
发明人: Adam S. Hyder , Thomas R. Gissel , Motil Jayakar , Brian P. Morehead , Raghuram Sri Sivalanka , Atanu Podder , Shoaib Ahmed Habib Ahmed Banikar
CPC分类号: G06F21/554 , G06F21/564 , G06F21/577
摘要: An end-to-end container security system can detect vulnerabilities, track detected vulnerabilities, allow only verified images to run in production, detect behavioral anomalies in production containers, notify users of detected anomalies, notify users of policy violations, and/or take security actions to prevent or reduce harm.
-
公开(公告)号:US20220038496A1
公开(公告)日:2022-02-03
申请号:US17505301
申请日:2021-10-19
申请人: Malwarebytes Inc.
IPC分类号: H04L29/06
摘要: A pop-up blocker application detects and remediates malicious pop-up loops. The pop-up blocker application intercepts a call from a web page for initiating a pop-up browser window in a web browser. The pop-up blocker application updates a count of pop-up initiating calls associated with the web page occurring within a pre-defined time window. The updated count is compared to a threshold to determine whether the count meets a threshold indicative of a malicious pop-up loop. Responsive to the count meeting the threshold, the pop-up blocker applications takes a remedial action, such as navigating away from the web page.
-
-
-
-
-
-
-
-
-
搜索结果
55 条记录 (耗时 0.02 秒)
