Real-Time Module Protection
    1.
    发明申请
    Real-Time Module Protection 有权
    实时模块保护

    公开(公告)号:US20140115652A1

    公开(公告)日:2014-04-24

    申请号:US13656436

    申请日:2012-10-19

    IPC分类号: G06F21/00

    摘要: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.

    摘要翻译: 用于保护电子设备的技术包括捕获访问电子设备的安全系统资源的尝试,确定与该尝试相关联的模块,确定与该尝试相关联的模块的子部分,该子部分包括与该尝试相关联的存储器位置 访问安全规则以确定是否允许基于模块的确定和子部分的确定来允许尝试的访问,以及基于安全规则来处理尝试。 该模块包括多个不同的子部分。

    SYSTEMS AND METHODS FOR MALWARE DETECTION AND REMEDIATION
    2.
    发明申请
    SYSTEMS AND METHODS FOR MALWARE DETECTION AND REMEDIATION 审中-公开
    用于恶意软件检测和恢复的系统和方法

    公开(公告)号:US20160180087A1

    公开(公告)日:2016-06-23

    申请号:US14580784

    申请日:2014-12-23

    IPC分类号: G06F21/56

    摘要: Provided in some embodiments are systems and methods for remediating malware. Embodiments include receiving (from a process) a request to access data, determining that the process is an unknown process, providing the process with access to one or more data tokens in response to determining that the process is an unknown process, determining whether the process is engaging in suspicious activity with the one or more data tokens, and inhibiting execution of the process in response to determining that the process is engaging in suspicious activity with the one or more data tokens.

    摘要翻译: 在一些实施例中提供了用于修复恶意软件的系统和方法。 实施例包括:(从处理)接收访问数据的请求,确定该进程是未知进程,响应于确定该进程是未知进程,向该进程提供对一个或多个数据令牌的访问,确定进程 正在与一个或多个数据令牌进行可疑活动,并且响应于确定该进程与一个或多个数据令牌进行可疑活动而禁止该进程的执行。

    Realtime Kernel Object Table and Type Protection
    3.
    发明申请
    Realtime Kernel Object Table and Type Protection 审中-公开
    实时内核对象表和类型保护

    公开(公告)号:US20130312099A1

    公开(公告)日:2013-11-21

    申请号:US13476881

    申请日:2012-05-21

    IPC分类号: G06F21/00

    CPC分类号: G06F21/56 G06F21/554

    摘要: A method for detecting malware includes determining one or more object-oriented components of an electronic device, trapping at a level below all of the operating systems of the electronic device an attempt to access an object-oriented component of the electronic device, determining an entity causing the attempt, accessing one or more security rules, and, based on the security rules, the entity causing the attempt, and the object-oriented component, determining whether the attempted access is indicative of malware.

    摘要翻译: 一种用于检测恶意软件的方法包括确定电子设备的一个或多个面向对象的组件,在电子设备的所有操作系统的所有操作系统以下的级别捕获尝试访问电子设备的面向对象的组件,确定实体 导致尝试,访问一个或多个安全规则,并且基于安全规则,导致尝试的实体和面向对象的组件,确定尝试的访问是否指示恶意软件。

    IDENTIFYING ROOTKITS BASED ON ACCESS PERMISSIONS
    4.
    发明申请
    IDENTIFYING ROOTKITS BASED ON ACCESS PERMISSIONS 有权
    基于访问权限识别基础

    公开(公告)号:US20130312095A1

    公开(公告)日:2013-11-21

    申请号:US13476898

    申请日:2012-05-21

    IPC分类号: G06F21/00

    CPC分类号: G06F21/566

    摘要: A method for monitoring for malware includes, during a boot process on an electronic device, determining a portion of memory, determining that the portion of memory is reserved for exclusive access by an entity on the electronic device, and, based on the determination that a portion of memory is reserved for exclusive access during the boot process, determining that the reservation is indicative of malware.

    摘要翻译: 用于监视恶意软件的方法包括在电子设备上的引导过程期间确定存储器的一部分,确定存储器的该部分被保留用于电子设备上的实体的独占访问,并且基于确定 在启动过程中,部分内存被保留用于独占访问,确定该预留是恶意软件的指示。

    Identifying rootkits based on access permissions
    5.
    发明授权
    Identifying rootkits based on access permissions 有权
    根据访问权限识别rootkit

    公开(公告)号:US09317687B2

    公开(公告)日:2016-04-19

    申请号:US13476898

    申请日:2012-05-21

    IPC分类号: G06F21/00 G06F21/56

    CPC分类号: G06F21/566

    摘要: A method for monitoring for malware includes, during a boot process on an electronic device, determining a portion of memory, determining that the portion of memory is reserved for exclusive access by an entity on the electronic device, and, based on the determination that a portion of memory is reserved for exclusive access during the boot process, determining that the reservation is indicative of malware.

    摘要翻译: 用于监视恶意软件的方法包括在电子设备上的引导过程期间确定存储器的一部分,确定存储器的该部分被保留用于电子设备上的实体的独占访问,并且基于确定 在启动过程中,部分内存被保留用于独占访问,确定该预留是恶意软件的指示。

    SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR IDENTIFYING HIDDEN OR MODIFIED DATA OBJECTS
    6.
    发明申请
    SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR IDENTIFYING HIDDEN OR MODIFIED DATA OBJECTS 审中-公开
    用于识别隐藏或修改的数据对象的系统,方法和计算机程序产品

    公开(公告)号:US20130247182A1

    公开(公告)日:2013-09-19

    申请号:US12427463

    申请日:2009-04-21

    摘要: A system, method, and computer program product are provided for detecting hidden or modified data objects. In use, a first set of data objects stored in a device is enumerated, where the enumeration of the first set of data objects is performed within an operating system of the device. Additionally, a second set of data objects stored in the device is enumerated, where the enumeration of the second set of data objects is performed outside of the operating system of the device. Further, the first set of data objects and the second set of data objects are compared for identifying hidden or modified data objects.

    摘要翻译: 提供了一种用于检测隐藏或修改的数据对象的系统,方法和计算机程序产品。 在使用中,枚举存储在设备中的第一组数据对象,其中在设备的操作系统内执行第一组数据对象的枚举。 此外,枚举存储在设备中的第二组数据对象,其中第二组数据对象的枚举在设备的操作系统之外执行。 此外,比较第一组数据对象和第二组数据对象以识别隐藏或修改的数据对象。

    GENERIC FRAMEWORK FOR APPLICATION SPECIFIC DATA EXCHANGE
    8.
    发明申请
    GENERIC FRAMEWORK FOR APPLICATION SPECIFIC DATA EXCHANGE 有权
    应用特殊数据交换的一般框架

    公开(公告)号:US20120054153A1

    公开(公告)日:2012-03-01

    申请号:US12870672

    申请日:2010-08-27

    IPC分类号: G06F17/30

    CPC分类号: G06F17/30575

    摘要: Systems and methods to provide a generic framework for application specific data exchange are shown. In example embodiments a data container is received. The data container includes data saved to a master data system. The data container is buffered. At least one backup data system is determined based on attributes of the data container. A determination is made as to whether the at least one backup data system is available. When the at least one backup data system is available, the data container is forwarded to the at least one backup data system.

    摘要翻译: 显示了为应用程序特定数据交换提供通用框架的系统和方法。 在示例实施例中,接收数据容器。 数据容器包括保存到主数据系统的数据。 数据容器被缓冲。 至少一个备份数据系统是基于数据容器的属性来确定的。 确定至少一个备份数据系统是否可用。 当至少一个备份数据系统可用时,数据容器被转发到至少一个备份数据系统。

    User interface for piecemeal restore
    9.
    发明申请
    User interface for piecemeal restore 审中-公开
    用于界面恢复的用户界面

    公开(公告)号:US20070168401A1

    公开(公告)日:2007-07-19

    申请号:US11326079

    申请日:2006-01-05

    IPC分类号: G06F17/30

    摘要: This disclosure concerns systems and methods for restoring data. In one example, a method for piecemeal restoration of a database involves a computer system having a user interface and a selection device. The method begins when a query is sent to a database server application requesting a list of all offline filegroups for the database. Next, the list of all offline filegroups is received from the database server application. Then, the list of all offline filegroups is automatically presented on the user interface. Next, a list selection signal is received, indicative of the selection device designating one or more of the filegroups from the list. Finally, in response to the receipt of the list selection signal, a command is automatically formulated to bring the designated one or more filegroups online.

    摘要翻译: 本公开涉及恢复数据的系统和方法。 在一个示例中,用于零碎地恢复数据库的方法涉及具有用户界面和选择装置的计算机系统。 当查询发送到请求数据库的所有脱机文件组的列表的数据库服务器应用程序时,该方法开始。 接下来,从数据库服务器应用程序接收到所有脱机文件组的列表。 然后,所有脱机文件组的列表将自动显示在用户界面上。 接下来,接收列表选择信号,指示选择装置从列表中指定一个或多个文件组。 最后,响应于接收到列表选择信号,自动地制定一个命令以使指定的一个或多个文件组联机。

    Method and system for displaying configuration test results by leveraged data protection software
    10.
    发明授权
    Method and system for displaying configuration test results by leveraged data protection software 有权
    通过杠杆数据保护软件显示配置测试结果的方法和系统

    公开(公告)号:US08850425B1

    公开(公告)日:2014-09-30

    申请号:US13595727

    申请日:2012-08-27

    IPC分类号: G06F9/445

    CPC分类号: G06F8/61

    摘要: Displaying configuration test results by leveraged data protection software is described. A memory location is read where a display file is stored for a software installer. A configuration checker is executed for the computer. Results are read from executing the configuration checker. The results are written to the memory location. A leveraged software creation tool is prompted to display the display file via an output device. The leveraged software creation tool lacks the capability to dynamically load the display file.

    摘要翻译: 描述利用杠杆数据保护软件显示配置测试结果。 读取存储位置,其中为软件安装程序存储显示文件。 对计算机执行配置检查。 从执行配置检查器读取结果。 结果写入内存位置。 提示利用杠杆软件创建工具通过输出设备显示显示文件。 杠杆化软件创建工具缺乏动态加载显示文件的功能。