-
公开(公告)号:US07685149B2
公开(公告)日:2010-03-23
申请号:US11092995
申请日:2005-03-28
申请人: Angela K. Butcher , Jason Garms , Kalid M. Azad , Marc E. Seinfeld , Paul J. Bryan , Sterling M. Reasor , Alvin Loh
发明人: Angela K. Butcher , Jason Garms , Kalid M. Azad , Marc E. Seinfeld , Paul J. Bryan , Sterling M. Reasor , Alvin Loh
IPC分类号: G06F17/00 , G06F15/173 , G06F11/32
摘要: A system and method for identifying and removing potentially unwanted software. A mechanism is provided that identifies suspect programs to a user and allows the user to prevent the suspect programs from running without actually deleting them. In one embodiment, scanner data identifying potentially unwanted software is displayed in a GUI that allows the user to inhibit its continued execution. For example, any software not on a list of known, benign applications/processes may be identified as potentially unwanted. Similarly, software that displays one or more suspect behaviors may be so identified, allowing the user to distinguish between normal and suspect software without irreversibly altering the user's system.
摘要翻译: 用于识别和删除潜在有害软件的系统和方法。 提供了一种向用户识别可疑程序的机制,并允许用户防止可疑程序运行而不实际删除它们。 在一个实施例中,识别潜在有害软件的扫描器数据被显示在允许用户禁止其继续执行的GUI中。 例如,任何不在已知的良性应用/过程列表上的软件可能被识别为潜在的不需要的。 类似地,可以如此识别显示一个或多个可疑行为的软件,从而允许用户区分正常和可疑软件,而不会不可逆地改变用户的系统。
-
公开(公告)号:US08612398B2
公开(公告)日:2013-12-17
申请号:US12722426
申请日:2010-03-11
申请人: Michael S. Jarrett , Vishal Kapoor , Mathew J. McCormack , Timothy D. Ebringer , Marc E. Seinfeld , Jeremy D. Croy , Alvin Loh
发明人: Michael S. Jarrett , Vishal Kapoor , Mathew J. McCormack , Timothy D. Ebringer , Marc E. Seinfeld , Jeremy D. Croy , Alvin Loh
IPC分类号: G06F17/00
摘要: Systems, methods and apparatus for automatically identifying a version of a file that is expected to be present on a computer system and for automatically replacing a potentially corrupted copy of the file with a clean (or undamaged) copy of the expected version. Upon identifying a file on the computer system as being potentially corrupted, a clean file agent may perform an analysis based on the identity of the file and one or more other properties of the system to determine the version of the file that is expected to be present on the system. Once the expected version is identified, a clean replacement copy of the file may be obtained from a clean file repository by submitting a version identifier of the expected version. The version identifier may be a hash value, which may additionally be used to verify integrity of the clean copy.
摘要翻译: 用于自动识别预期存在于计算机系统上的文件的版本并且用预期版本的干净(或未损坏)副本自动替换文件的潜在损坏的副本的系统,方法和装置。 在将计算机系统上的文件识别为可能被破坏时,干净的文件代理可以基于文件的身份和系统的一个或多个其他属性来执行分析,以确定预期存在的文件的版本 在系统上 一旦识别了预期版本,可以通过提交预期版本的版本标识符从干净的文件存储库获得文件的干净替换副本。 版本标识符可以是哈希值,其可另外用于验证干净副本的完整性。
-
公开(公告)号:US20110225128A1
公开(公告)日:2011-09-15
申请号:US12722426
申请日:2010-03-11
申请人: Michael S. Jarrett , Vishal Kapoor , Mathew J. McCormack , Timothy D. Ebringer , Marc E. Seinfeld , Jeremy D. Croy , Alvin Loh
发明人: Michael S. Jarrett , Vishal Kapoor , Mathew J. McCormack , Timothy D. Ebringer , Marc E. Seinfeld , Jeremy D. Croy , Alvin Loh
IPC分类号: G06F17/30
摘要: Systems, methods and apparatus for automatically identifying a version of a file that is expected to be present on a computer system and for automatically replacing a potentially corrupted copy of the file with a clean (or undamaged) copy of the expected version. Upon identifying a file on the computer system as being potentially corrupted, a clean file agent may perform an analysis based on the identity of the file and one or more other properties of the system to determine the version of the file that is expected to be present on the system. Once the expected version is identified, a clean replacement copy of the file may be obtained from a clean file repository by submitting a version identifier of the expected version. The version identifier may be a hash value, which may additionally be used to verify integrity of the clean copy.
摘要翻译: 用于自动识别预期存在于计算机系统上的文件的版本并且用预期版本的干净(或未损坏)副本自动替换文件的潜在损坏的副本的系统,方法和装置。 在将计算机系统上的文件识别为可能被破坏时,干净的文件代理可以基于文件的身份和系统的一个或多个其他属性来执行分析,以确定预期存在的文件的版本 在系统上 一旦识别了预期版本,可以通过提交预期版本的版本标识符从干净的文件存储库获得文件的干净替换副本。 版本标识符可以是哈希值,其可另外用于验证干净副本的完整性。
-
4.发明授权System and method of efficiently identifying and removing active malware from a computer 有权从计算机有效识别和删除活动恶意软件的系统和方法公开(公告)号:US07673341B2
公开(公告)日:2010-03-02
申请号:US11012892
申请日:2004-12-15
申请人: Michael Kramer , Matthew Braverman , Marc E. Seinfeld , Jason Garms , Adrian M. Marinescu , George Cristian Chicioreanu , Scott A. Field
发明人: Michael Kramer , Matthew Braverman , Marc E. Seinfeld , Jason Garms , Adrian M. Marinescu , George Cristian Chicioreanu , Scott A. Field
IPC分类号: G06F12/14
CPC分类号: H04L63/1408 , G06F21/562
摘要: The present invention provides a system, method, and computer-readable medium for identifying and removing active malware from a computer. Aspects of the present invention are included in a cleaner tool that may be obtained automatically with an update service or may be downloaded manually from a Web site or similar distribution system. The cleaner tool includes a specialized scanning engine that searches a computer for active malware. Since the scanning engine only searches for active malware, the amount of data downloaded and resource requirements of the cleaner tool are less than traditional antivirus software. The scanning engine searches specific locations on a computer, such as data mapped in memory, configuration files, and file metadata for data characteristic of malware. If malware is detected, the cleaner tool removes the malware from the computer.
摘要翻译: 本发明提供一种用于从计算机识别和去除活动恶意软件的系统,方法和计算机可读介质。 本发明的方面包括在可以使用更新服务自动获得的清洁工具中,或者可以从网站或类似的分发系统手动下载。 更清洁的工具包括专门的扫描引擎,可在计算机上搜索主动恶意软件。 由于扫描引擎仅搜索活动的恶意软件,所以下载的数据量和清洁工具的资源需求比传统的防病毒软件要少。 扫描引擎在计算机上搜索特定位置,例如映射到内存中的数据,配置文件和文件元数据,以便恶意软件的特征。 如果检测到恶意软件,则清洁工具会从计算机中删除恶意软件。
-
公开(公告)号:US08844042B2
公开(公告)日:2014-09-23
申请号:US12816567
申请日:2010-06-16
CPC分类号: G06F21/577
摘要: In some embodiments, a local agent on a target system may evaluate current and/or historical system state information from a store (either local or remote) and dynamically adjust the level of diagnosis performed during the scan based on the evaluated state information. Individual diagnostic scans may, for example, be enabled and disabled based on the context in the store, and each scan may update the context for further evaluation. By employing such an approach, systems with a low risk profile and lacking symptoms of a problem may be scanned quickly while systems that show signs of a problem or have a high risk profile may receive a more thorough evaluation.
摘要翻译: 在一些实施例中,目标系统上的本地代理可以从存储(本地或远程)评估当前和/或历史系统状态信息,并且基于所评估的状态信息动态地调整在扫描期间执行的诊断级别。 例如,可以基于商店中的上下文来启用和禁用各个诊断扫描,并且每个扫描可以更新上下文以供进一步评估。 通过采用这种方法,可以快速扫描具有低风险概况和缺乏问题症状的系统,而显示问题迹象或具有高风险特征的系统可能会得到更彻底的评估。
-
6.发明授权Methods and systems for dynamic conversion of objects from one format type to another format type by selectively using an intermediary format type 失效通过选择性地使用中间格式类型,将对象从一种格式类型动态转换为另一种格式类型的方法和系统公开(公告)号:US07046691B1
公开(公告)日:2006-05-16
申请号:US09609269
申请日:2000-06-30
申请人: Donald Kadyk , Neil Fishman , Marc E. Seinfeld
发明人: Donald Kadyk , Neil Fishman , Marc E. Seinfeld
IPC分类号: H04J3/22
摘要: The dynamic conversion of a data structure from an origin data format into a destination data format is described. Instead of using a single data conversion module to accomplish this data conversion, a gateway computer system identifies a sequence of format conversion modules that, when executed in sequence, converts the data structure from the origin to the destination data format. The conversion occurs dynamically during run time and reduces the amount of needed data conversion modules significantly, particularly when there is a large amount of possible origin data formats and destination data formats. This conversion is particularly useful when communicating over wireless networks since there is little standardization in wireless devices resulting in wireless devices having many different proprietary data formats.
摘要翻译: 描述了数据结构从原始数据格式到目标数据格式的动态转换。 网关计算机系统不是使用单个数据转换模块来完成该数据转换,而是识别格式转换模块的序列,当序列执行时,将数据结构从原始数据格式转换为目标数据格式。 转换在运行期间动态发生,并显着减少了所需的数据转换模块数量,特别是当存在大量可能的原始数据格式和目标数据格式时。 这种转换在通过无线网络进行通信时特别有用,因为无线设备中几乎没有标准化,导致无线设备具有许多不同的专有数据格式。
-
7.发明授权Flexible system and method for communicating between a broad range of networks and devices 有权灵活的系统和方法,用于在广泛的网络和设备之间进行通信公开(公告)号:US06674767B1
公开(公告)日:2004-01-06
申请号:US09411594
申请日:1999-10-04
IPC分类号: H04L1200
CPC分类号: H04L12/66 , H04L29/06 , H04L69/08 , Y10S707/99942
摘要: A flexible gateway accommodates data transfer from a data origination device over a wide variety of networks to a wide variety of destination devices, even if those networks use different protocols, and even if the devices recognize different data formats. Thus, the gateway can perform work previously requiring numerous gateways. After the gateway receives information from a data source, the gateway identifies the specific device type and the specific network type to which the information is to be routed. The gateway then calls device and network drivers associated with the specific device and network identified with the destination device. These drivers then manipulate the data using the device driver into the format recognized by the destination device, and then provide the manipulated data to the destination device over the identified network using the compatible protocol. Thus, the destination device properly receives and interprets the information provided by the data source. If, in the very next moment, data arrives at the gateway that is to be routed over a different network using a different protocol to a different device recognizing a different device, the gateway will call different device and network drivers to enable the communication.
摘要翻译: 即使这些网络使用不同的协议,并且即使设备识别不同的数据格式,灵活的网关也可以通过各种各样的网络来容纳从数据发起设备到多种目的地设备的数据传输。 因此,网关可以执行以前需要多个网关的工作。 在网关从数据源接收信息之后,网关标识特定的设备类型和要路由信息的特定网络类型。 网关然后调用与目标设备标识的特定设备和网络相关联的设备和网络驱动程序。 然后,这些驱动程序使用设备驱动程序将数据操作为目标设备识别的格式,然后使用兼容协议通过标识的网络将受控数据提供给目标设备。 因此,目的地设备适当地接收和解释由数据源提供的信息。 如果在下一时刻,数据到达要通过不同协议路由不同网络的网关到识别不同设备的不同设备,则网关将呼叫不同的设备和网络驱动程序以启用通信。
-
8.发明申请Adjunct Computing Machine for Remediating Malware on Compromised Computing Machine 审中-公开补充计算机补救恶意软件的辅助计算机公开(公告)号:US20130152201A1
公开(公告)日:2013-06-13
申请号:US13316709
申请日:2011-12-12
IPC分类号: G06F21/00
CPC分类号: H04L63/145 , G06F21/564 , G06F21/568 , G06F21/575
摘要: Described is a technology by which a malware-compromised machine, such as a personal computer is cleaned through the use of a functional adjunct machine, such as a mobile device (or vice-versa). The functional adjunct machine performs actions on behalf of the malware-compromised machine and/or to assist the remediation. This may include downloading antimalware-related data (e.g., an application, antimalware code, signature updates and/or the like) via a marketplace/application store, and transferring at least some of the data and/or programs to the compromised machine. Other actions may include using the functional adjunct machine to boot the malware-compromised machine into a non-compromised state and providing the data or programs to allow remediation of the malware while in this state.
摘要翻译: 描述了通过使用功能性辅助机器(诸如移动设备(或反之亦然))来清洁诸如个人计算机的恶意软件损害的机器的技术。 功能辅助机器代表恶意软件受损机器执行操作和/或协助修复。 这可以包括经由市场/应用商店下载反恶意软件相关数据(例如应用程序,反恶意软件代码,签名更新等),并将数据和/或程序中的至少一些传送到受损机器。 其他动作可以包括使用功能辅助机器将受恶意软件攻击的机器引导到非破坏状态,并且在该状态下提供数据或程序以允许修复恶意软件。
-
公开(公告)号:US07624443B2
公开(公告)日:2009-11-24
申请号:US11018412
申请日:2004-12-21
申请人: Michael Kramer , Scott A. Field , Marc E. Seinfeld , Carl Carter-Schwendler , Paul Luber , Adrian M. Marinescu
发明人: Michael Kramer , Scott A. Field , Marc E. Seinfeld , Carl Carter-Schwendler , Paul Luber , Adrian M. Marinescu
IPC分类号: G06F11/00 , G06F17/30 , G06F15/177 , G06F1/24 , H04L29/06 , G06F11/30 , G06F15/173 , G06F12/00
CPC分类号: G06F21/568 , G06F21/554 , Y10S707/99953
摘要: A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes were made, whether the changes were bona fide or malware induced, whether the changes were made after the time that the infection likely occurred, and whether new software was installed.
摘要翻译: 提供了一种自愈设备,其中,可以在至少部分地恢复在检测到由设备的攻击引起的感染的时间与设备能够恢复到的较早时间点之间进行的改变 关于什么样的变化,这些变化是真正的还是恶意软件引起的,这些变化是否在感染可能发生的时间之后进行,以及是否安装了新的软件。
-
10.发明授权Accounting for update notifications in synchronizing data that may be represented by different data structures 有权计算可能由不同数据结构表示的同步数据中的更新通知公开(公告)号:US06941326B2
公开(公告)日:2005-09-06
申请号:US09768747
申请日:2001-01-24
CPC分类号: G06F9/542 , G06F9/546 , G06F17/30578 , H04L67/1095 , H04L67/42 , Y10S707/922 , Y10S707/99953 , Y10S707/99954 , Y10S707/99955
摘要: Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially. Then, in response to receiving the token associated with the portion, the message server may provide the remaining portion of the message to the message clients.
摘要翻译: 用于将存储在一个或多个消息客户端的数据与存储在消息服务器上的数据同步的方法,系统和计算机程序产品,其中消息客户端可以接收更新通知,并且可以使用不同于消息服务器用于表示 相同的数据。 令牌与消息服务器上发生的每个数据更改相关联。 消息服务器向消息客户端发送每个更改和关联的令牌。 当消息客户端请求同步时,他们收到的令牌将返回到消息服务器,以便与消息服务器发送到消息客户端的令牌进行比较。 如果消息客户端不返回特定令牌,则消息服务器确定客户端没有收到相应的更改,并将更改重新发送给消息客户端。 还可以使用令牌将改变分成一个或多个部分,其中最初仅提供一个部分。 然后,响应于接收到与该部分相关联的令牌,消息服务器可以向消息客户端提供消息的剩余部分。
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.039 秒)
