摘要:
In some embodiments, a local agent on a target system may evaluate current and/or historical system state information from a store (either local or remote) and dynamically adjust the level of diagnosis performed during the scan based on the evaluated state information. Individual diagnostic scans may, for example, be enabled and disabled based on the context in the store, and each scan may update the context for further evaluation. By employing such an approach, systems with a low risk profile and lacking symptoms of a problem may be scanned quickly while systems that show signs of a problem or have a high risk profile may receive a more thorough evaluation.
摘要:
The dynamic conversion of a data structure from an origin data format into a destination data format is described. Instead of using a single data conversion module to accomplish this data conversion, a gateway computer system identifies a sequence of format conversion modules that, when executed in sequence, converts the data structure from the origin to the destination data format. The conversion occurs dynamically during run time and reduces the amount of needed data conversion modules significantly, particularly when there is a large amount of possible origin data formats and destination data formats. This conversion is particularly useful when communicating over wireless networks since there is little standardization in wireless devices resulting in wireless devices having many different proprietary data formats.
摘要:
A flexible gateway accommodates data transfer from a data origination device over a wide variety of networks to a wide variety of destination devices, even if those networks use different protocols, and even if the devices recognize different data formats. Thus, the gateway can perform work previously requiring numerous gateways. After the gateway receives information from a data source, the gateway identifies the specific device type and the specific network type to which the information is to be routed. The gateway then calls device and network drivers associated with the specific device and network identified with the destination device. These drivers then manipulate the data using the device driver into the format recognized by the destination device, and then provide the manipulated data to the destination device over the identified network using the compatible protocol. Thus, the destination device properly receives and interprets the information provided by the data source. If, in the very next moment, data arrives at the gateway that is to be routed over a different network using a different protocol to a different device recognizing a different device, the gateway will call different device and network drivers to enable the communication.
摘要:
Systems, methods and apparatus for automatically identifying a version of a file that is expected to be present on a computer system and for automatically replacing a potentially corrupted copy of the file with a clean (or undamaged) copy of the expected version. Upon identifying a file on the computer system as being potentially corrupted, a clean file agent may perform an analysis based on the identity of the file and one or more other properties of the system to determine the version of the file that is expected to be present on the system. Once the expected version is identified, a clean replacement copy of the file may be obtained from a clean file repository by submitting a version identifier of the expected version. The version identifier may be a hash value, which may additionally be used to verify integrity of the clean copy.
摘要:
A system is described for remediating a malicious modern application installed on an end user device. In an embodiment, the system includes an antimalware program executing on the end user device that can detect and attempt to remediate the malicious modern application, an operating system executing on the end user device that is configured to interact with the antimalware program for the purpose of facilitating the establishment of a connection between the end user device and an application support system in response to determining that the antimalware program has detected and attempted to remediate the malicious modern application, and the application support system that can perform remediation operations beyond those that can be performed by the antimalware program.
摘要:
In some embodiments, a local agent on a target system may evaluate current and/or historical system state information from a store (either local or remote) and dynamically adjust the level of diagnosis performed during the scan based on the evaluated state information. Individual diagnostic scans may, for example, be enabled and disabled based on the context in the store, and each scan may update the context for further evaluation. By employing such an approach, systems with a low risk profile and lacking symptoms of a problem may be scanned quickly while systems that show signs of a problem or have a high risk profile may receive a more thorough evaluation.
摘要:
Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially. Then, in response to receiving the token associated with the portion, the message server may provide the remaining portion of the message to the message clients.
摘要:
Described is a technology by which a malware-compromised machine, such as a personal computer is cleaned through the use of a functional adjunct machine, such as a mobile device (or vice-versa). The functional adjunct machine performs actions on behalf of the malware-compromised machine and/or to assist the remediation. This may include downloading antimalware-related data (e.g., an application, antimalware code, signature updates and/or the like) via a marketplace/application store, and transferring at least some of the data and/or programs to the compromised machine. Other actions may include using the functional adjunct machine to boot the malware-compromised machine into a non-compromised state and providing the data or programs to allow remediation of the malware while in this state.
摘要:
In accordance with the present invention, a system, method, and computer-readable medium for identifying malware at a network transit point such as a computer that serves as a gateway to an internal or private network is provided. A network transmission is scanned for malware at a network transit point without introducing additional latency to the transmission of data over the network. In accordance with one aspect of the present invention, a computer-implemented method for identifying malware at a network transit point is provided. More specifically, when a packet in a transmission is received at the network transit point, the packet is immediately forwarded to the target computer. Simultaneously, the packet and other data in the transmission are scanned for malware by an antivirus engine. If malware is identified in the transmission, the target computer is notified that the transmission contains malware.
摘要:
The present invention is directed to a system and methods for protecting a limited resource computer from malware. Aspects of the present invention use antivirus software on a general purpose computer to prevent malware from infecting a limited resource computer. Typically, antivirus software on the general purpose computer is kept “up-to-date” with the most recent software updates. When a connection is established between the limited resource computer and the general purpose computer, a signature of each application installed on the limited resource computer is transmitted to the general purpose computer. Then antivirus software on the general purpose computer compares the received signatures to known malware. Finally, the results of the scan are reported to the limited resource computer.