Method and apparatus for automatically excluding false positives from detection as malware
    1.
    发明授权
    Method and apparatus for automatically excluding false positives from detection as malware 有权
    用于自动排除检测中的误报的恶意软件的方法和装置

    公开(公告)号:US08925088B1

    公开(公告)日:2014-12-30

    申请号:US12534171

    申请日:2009-08-03

    IPC分类号: G06F12/14

    CPC分类号: G06F21/561 G06F21/552

    摘要: A method and apparatus for automatically excluding false positives from detection as malware is described. In one embodiments, a method for using one or more processors to provide false positive reduction for heuristic-based malware detection of a plurality of files in memory includes accessing global first appearance information associated with a plurality of files, accessing global malware information comprising heuristics and an emergence date associated with each malware group of a plurality of malware groups, comparing the global malware information with the global first appearance information to identify at least one false positive amongst the plurality of files and preventing detection of the at least one false positive as malware.

    摘要翻译: 描述了用于自动排除检测中的误报的恶意软件的方法和装置。 在一个实施例中,使用一个或多个处理器为存储器中的多个文件的基于启发式的恶意软件检测提供假阳性减少的方法包括访问与多个文件相关联的全局第一出现信息,访问包括启发式的全局恶意软件信息, 与多个恶意软件组的每个恶意软件组相关联的出现日期,将全局恶意软件信息与全局第一外观信息进行比较,以识别多个文件中的至少一个假阳性,并防止将至少一个假阳性检测为恶意软件 。

    METHOD AND SYSTEM FOR AUTOMATIC APPLICATION RECOMMENDATION
    2.
    发明申请
    METHOD AND SYSTEM FOR AUTOMATIC APPLICATION RECOMMENDATION 审中-公开
    自动应用推荐方法与系统

    公开(公告)号:US20130085886A1

    公开(公告)日:2013-04-04

    申请号:US13249095

    申请日:2011-09-29

    IPC分类号: G06Q30/02

    CPC分类号: G06Q30/02

    摘要: A system and method of automatic suggested application identification includes accessing a profile of a device, wherein the profile represents information specific to the device. From said profile, a determined pattern of use determined by the device is accessed, wherein the determined pattern is unique to the device. The profile including the determined pattern and a geo-specific data of the device and configuration information of the device and applications resident on the device is compared to similar profiles and similar determined patterns of other devices. A suggested application is identified based on said comparing.

    摘要翻译: 自动建议的应用程序识别的系统和方法包括访问设备的简档,其中该简档表示该设备特有的信息。 从所述简档中,访问由设备确定的确定的使用模式,其中所确定的模式对于设备是唯一的。 包括确定的模式和设备的地理特定数据和驻留在设备上的设备和应用的配置信息的简档与其他设备的类似配置文件和类似的确定的模式进行比较。 基于所述比较确定建议的应用。

    Security scanner for user-generated web content
    3.
    发明授权
    Security scanner for user-generated web content 有权
    用于用户生成的Web内容的安全扫描程序

    公开(公告)号:US08356352B1

    公开(公告)日:2013-01-15

    申请号:US12140137

    申请日:2008-06-16

    IPC分类号: G06F11/00

    CPC分类号: G06F21/53 G06F21/566

    摘要: User-generated web content is received prior to posting by a client system, such as a web content hosting system. The user-generated web content is executed in a virtual environment and monitored for malicious behavior. Execution of the web content in the virtual environment forces code in the web content to run such that the actions the code takes, especially malicious behavior, are not obfuscated. If malicious behavior is detected, the user-generated web content is blocked from posting to the web content hosting system. Alternatively, when malicious behavior is not detected, the user-generated web content is permitted to be posted to the web content hosting system.

    摘要翻译: 用户生成的web内容在诸如web内容托管系统之类的客户端系统发布之前被接收。 用户生成的Web内容在虚拟环境中执行并受到恶意行为的监视。 执行虚拟环境中的Web内容会强制运行Web内容中的代码,使代码所采取的操作(特别是恶意行为)不会被模糊化。 如果检测到恶意行为,用户生成的Web内容将被阻止发布到Web内容托管系统。 或者,当没有检测到恶意行为时,允许用户生成的web内容被发布到web内容托管系统。

    Systems and methods for identifying malware
    4.
    发明授权
    Systems and methods for identifying malware 有权
    用于识别恶意软件的系统和方法

    公开(公告)号:US08984632B1

    公开(公告)日:2015-03-17

    申请号:US13619978

    申请日:2012-09-14

    IPC分类号: H04L29/06

    摘要: A computer-implemented method for identifying malware is described. Event data is received from a mobile device. The event data including events performed on the mobile device and a list of one or more applications. The list of the one or more applications is compared with at least one additional list of applications received from at least one additional mobile device. An application in common across the lists of applications is identified. The identification of the application in common to is transmitted to the mobile device.

    摘要翻译: 描述了用于识别恶意软件的计算机实现的方法。 从移动设备接收事件数据。 事件数据包括在移动设备上执行的事件以及一个或多个应用的​​列表。 将一个或多个应用的​​列表与从至少一个附加移动设备接收的至少一个附加应用列表进行比较。 识别应用程序列表中的共同应用程序。 共同的应用程序的标识被传送到移动设备。

    Method and apparatus for monitoring instant messaging with visual identification
    5.
    发明授权
    Method and apparatus for monitoring instant messaging with visual identification 有权
    用于通过视觉识别监视即时消息的方法和装置

    公开(公告)号:US08331618B1

    公开(公告)日:2012-12-11

    申请号:US12336227

    申请日:2008-12-16

    IPC分类号: G06K9/00 G06F15/173 H04H60/33

    摘要: Method and apparatus for monitoring instant messaging with visual identification are described. In some examples, monitoring of instant message (IM) traffic at a node on a network is performed. Video content in the IM traffic is detected at the node. A facial recognition analysis is performed on the video content to extract at least one image having human facial features. At least one user identity is extracted from the IM traffic. The at least one image and the at least one user identity are stored in a log implemented in a memory on the network.

    摘要翻译: 描述了使用视觉识别来监视即时消息的方法和装置。 在一些示例中,执行在网络上的节点处的即时消息(IM)业务的监视。 在节点处检测IM流量中的视频内容。 对视频内容执行面部识别分析以提取至少一个具有人脸特征的图像。 从IM流量中提取至少一个用户身份。 至少一个图像和至少一个用户身份存储在实现在网络上的存储器中的日志中。

    Systems and methods for translating non-comparable values into comparable values for use in heuristics
    6.
    发明授权
    Systems and methods for translating non-comparable values into comparable values for use in heuristics 有权
    将不可比值翻译成可比值以用于启发式的系统和方法

    公开(公告)号:US08381302B1

    公开(公告)日:2013-02-19

    申请号:US12558845

    申请日:2009-09-14

    IPC分类号: G06F21/00

    CPC分类号: G06F21/55 G06F21/56

    摘要: An exemplary method for translating non-comparable values into comparable values for use in heuristics may include: 1) identifying a data object, 2) identifying a non-comparable value associated with the data object, 3) translating the non-comparable value into a comparable value, and then 4) processing the comparable value in a heuristic. In some examples, the heuristic may include a malware-detection heuristic, such as a decision tree.

    摘要翻译: 用于将不可比值转换为用于启发式的可比值的示例性方法可以包括:1)识别数据对象,2)识别与数据对象相关联的不可比值,3)将不可比值翻译成 可比价值,然后4)在启发式中处理可比价值。 在一些示例中,启发式可以包括恶意软件检测启发式,例如决策树。

    Method and apparatus for automatically classifying an unknown site to improve internet browsing control
    7.
    发明授权
    Method and apparatus for automatically classifying an unknown site to improve internet browsing control 有权
    自动分类未知站点以改善互联网浏览控制的方法和装置

    公开(公告)号:US08296255B1

    公开(公告)日:2012-10-23

    申请号:US12142520

    申请日:2008-06-19

    申请人: Abubakar Wawda

    发明人: Abubakar Wawda

    IPC分类号: G06F17/00 G06F15/173 G06N5/02

    CPC分类号: G06F17/30876

    摘要: A method and apparatus for automatically classifying an unknown web site to improve internet browsing control is described. In one embodiment, a method for classifying an unknown web site to control internet browsing comprising processing web site control data associated with at least one user that requested access to an unknown web site, wherein the web site control data comprises a web browsing behavior history and applying at least one metric to the web browsing behavior history to classify the unknown website.

    摘要翻译: 描述了一种用于自动分类未知网站以改善因特网浏览控制的方法和装置。 在一个实施例中,一种用于对未知网站进行分类以控制因特网浏览的方法,包括处理与请求访问未知网站的至少一个用户相关联的网站控制数据,其中所述网站控制数据包括网页浏览行为历史和 将至少一个度量应用于网络浏览行为历史以对未知网站进行分类。

    Identifying application sources on non-rooted devices
    8.
    发明授权
    Identifying application sources on non-rooted devices 有权
    在无根设备上识别应用程序源

    公开(公告)号:US09092615B1

    公开(公告)日:2015-07-28

    申请号:US13752026

    申请日:2013-01-28

    IPC分类号: G06F11/00 G06F21/51

    CPC分类号: G06F21/51 G06F2221/2149

    摘要: A method and apparatus for identifying an application source from which an application is installed on a non-rooted computing device. An application source identifier of a security application that does not have root access to an operating system monitors for an application installation. The application source identifier extracts a process identifier (PID) of the application being installed from a log message associated with the application installation and determines a package name from the PID. The PID identifies an application source from which the application is installed. The application source identifier receives, based on the package name, a confidence level for the application source from a security service over a network.

    摘要翻译: 一种用于识别应用程序在非根系计算设备上安装应用程序的方法和装置。 不具有对操作系统的根访问权限的安全应用程序的应用程序源标识符监视应用程序安装。 应用程序源标识符从与应用程序安装相关联的日志消息中提取正在安装的应用程序的进程标识符(PID),并从PID确定程序包名称。 PID标识安装应用程序的应用程序源。 应用源标识符基于包名从基于网络的安全服务接收应用源的置信水平。

    Systems and methods for detecting illegitimate applications
    9.
    发明授权
    Systems and methods for detecting illegitimate applications 有权
    用于检测非法应用的系统和方法

    公开(公告)号:US08732834B2

    公开(公告)日:2014-05-20

    申请号:US13604422

    申请日:2012-09-05

    IPC分类号: G06F21/00 H04L29/06

    CPC分类号: G06F21/57 G06F21/554

    摘要: A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

    摘要翻译: 用于检测非法应用的计算机实现的方法可以包括:1)识别计算系统上的应用的安装; 2)响应于识别应用的安装,确定至少一个在计算上具有特权访问的系统文件 系统在安装应用程序之前已经改变,3)至少部分地基于应用程序的安装时间相对于系统文件的更改时间确定该应用是非法的,以及4)执行一个 响应确定应用程序是非法的,对应用程序进行修复操作。 还公开了各种其它方法,系统和计算机可读介质。

    Providing installer package information to a user
    10.
    发明授权
    Providing installer package information to a user 有权
    向用户提供安装程序包信息

    公开(公告)号:US08677346B1

    公开(公告)日:2014-03-18

    申请号:US13246794

    申请日:2011-09-27

    IPC分类号: G06F9/445

    CPC分类号: G06F8/61

    摘要: Installer package information is presented to a user in response to an attempted installation of an application on an endpoint. The attempted installation is detected and the installer package is identified to an information server. The installer package may be identified using a hash key or other unique identifier. In response, the information server provides to the endpoint information associated with the identified installer package based on information received from a plurality of other endpoints. The endpoint may also provide installation and application information related to the installer package to the information server. In one embodiment, when the information server obtains more than the threshold amount of information for an installer package, the information server may analyze the information and provide the analysis to requesting endpoints. The analysis may include the risk or performance impact of the installer package, or the category or functionality of the application.

    摘要翻译: 响应于在端点上尝试安装应用程序,将安装程序包信息呈现给用户。 检测到尝试的安装,并将安装程序包标识到信息服务器。 可以使用散列密钥或其他唯一标识符来识别安装程序包。 作为响应,信息服务器基于从多个其他端点接收的信息向端点提供与所识别的安装程序包相关联的信息。 端点还可以将与安装程序包相关的安装和应用信息提供给信息服务器。 在一个实施例中,当信息服务器获得超过用于安装程序包的阈值信息量时,信息服务器可以分析信息并向请求端点提供分析。 分析可能包括安装程序包的风险或性能影响,或应用程序的类别或功能。