-
公开(公告)号:US09311126B2
公开(公告)日:2016-04-12
申请号:US13192412
申请日:2011-07-27
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/554 , G06F21/56 , G06F21/64 , G06F2009/45583
摘要: A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.
摘要翻译: 在一个示例性实施例中提供了一种方法,其包括对虚拟分区中的模块进行重新加载以在固定地址加载并存储与固定地址相关联的存储器页面的散列。 外部处理程序可以接收与影响页面的事件相关联的通知。 虚拟分区内的内部代理可以执行一个任务,并将结果返回给外部处理程序,并根据内部代理返回的结果执行策略动作。 在一些实施例中,可以识别页面的代码部分和数据部分,并且仅存储代码部分的散列。
-
公开(公告)号:US20130031291A1
公开(公告)日:2013-01-31
申请号:US13192412
申请日:2011-07-27
IPC分类号: G06F12/08
CPC分类号: G06F9/45558 , G06F21/53 , G06F21/554 , G06F21/56 , G06F21/64 , G06F2009/45583
摘要: A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.
摘要翻译: 在一个示例性实施例中提供了一种方法,其包括对虚拟分区中的模块进行重新加载以在固定地址加载并存储与固定地址相关联的存储器页面的散列。 外部处理程序可以接收与影响页面的事件相关联的通知。 虚拟分区内的内部代理可以执行一个任务,并将结果返回给外部处理程序,并根据内部代理返回的结果执行策略动作。 在一些实施例中,可以识别页面的代码部分和数据部分,并且仅存储代码部分的散列。
-
公开(公告)号:US09298910B2
公开(公告)日:2016-03-29
申请号:US13155572
申请日:2011-06-08
CPC分类号: G06F21/566 , G06F9/45558 , G06F21/53 , G06F21/554 , G06F21/577 , G06F21/6218 , G06F2009/45587 , G06F2009/45591
摘要: A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event.
摘要翻译: 在一个示例实施例中提供了一种方法,其包括在外部处理器中接收与虚拟分区中的事件相关联的事件通知。 导致事件的虚拟分区中的进程中的线程可以停放。 其他线程和进程可能被允许恢复,而安全性处理程序会评估事件的潜在威胁。 可以指示虚拟分区内的助手代理执行任务,例如在虚拟分区内收集和组合事件上下文,并且可以将基于该任务的结果返回到外部处理程序。 可以基于由助手代理返回的结果来执行策略动作,这可以包括例如指示助手代理终止导致该事件的进程。
-
公开(公告)号:US20120317570A1
公开(公告)日:2012-12-13
申请号:US13155572
申请日:2011-06-08
IPC分类号: G06F9/455
CPC分类号: G06F21/566 , G06F9/45558 , G06F21/53 , G06F21/554 , G06F21/577 , G06F21/6218 , G06F2009/45587 , G06F2009/45591
摘要: A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event.
摘要翻译: 在一个示例实施例中提供了一种方法,其包括在外部处理器中接收与虚拟分区中的事件相关联的事件通知。 导致事件的虚拟分区中的进程中的线程可以停放。 其他线程和进程可能被允许恢复,而安全性处理程序会评估事件的潜在威胁。 可以指示虚拟分区内的助手代理执行任务,例如在虚拟分区内收集和组合事件上下文,并且可以将基于该任务的结果返回到外部处理程序。 可以基于由助手代理返回的结果来执行策略动作,这可以包括例如指示助手代理终止导致该事件的进程。
-
5.发明申请System, Method and Computer Program Product for Performing a Security or Maintenance Operation in Association with Virtual Disk Data 审中-公开用于执行与虚拟磁盘数据相关联的安全或维护操作的系统,方法和计算机程序产品公开(公告)号:US20130212581A1
公开(公告)日:2013-08-15
申请号:US13735434
申请日:2013-01-07
IPC分类号: G06F9/455
CPC分类号: G06F9/45533 , G06F9/44505 , G06F16/11 , G06F21/562
摘要: A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data.
摘要翻译: 提供了系统,方法和计算机程序产品,用于执行与独立于虚拟机访问的虚拟磁盘数据相关联的安全或维护操作。 在使用中,至少部分地独立于虚拟机访问存储在虚拟磁盘上的数据。 此外,与访问的数据相关联地执行安全或维护操作。
-
6.发明授权System, method, and computer program product for scanning data utilizing one of a plurality of virtual machines of a device 有权用于使用设备的多个虚拟机中的一个扫描数据的系统,方法和计算机程序产品公开(公告)号:US08645949B2
公开(公告)日:2014-02-04
申请号:US12132113
申请日:2008-06-03
申请人: Jonathan L. Edwards , John D. Teddy
发明人: Jonathan L. Edwards , John D. Teddy
CPC分类号: G06F9/45558
摘要: A system, method, and computer program product are provided for scanning data utilizing one of a plurality of virtual machines of a device. In use, data to be scanned is identified utilizing a first virtual machine of a device, where the device further includes at least one second virtual machine and a cache shared by the first virtual machine and the second virtual machine. Additionally, it is determined whether the data was previously scanned by the at least one second virtual machine, utilizing the cache. Furthermore, the data is conditionally scanned utilizing the first virtual machine based on the determination.
摘要翻译: 提供了一种系统,方法和计算机程序产品,用于利用设备的多个虚拟机之一扫描数据。 在使用中,使用设备的第一虚拟机识别要扫描的数据,其中设备还包括至少一个第二虚拟机和由第一虚拟机和第二虚拟机共享的高速缓存。 此外,利用高速缓存来确定数据是否被先前由至少一个第二虚拟机扫描。 此外,基于该确定,利用第一虚拟机有条件地扫描数据。
-
7.发明授权公开(公告)号:US08516478B1
公开(公告)日:2013-08-20
申请号:US12138104
申请日:2008-06-12
申请人: Jonathan L. Edwards , John D. Teddy
发明人: Jonathan L. Edwards , John D. Teddy
CPC分类号: G06F9/505
摘要: A system, method, and computer program product are provided for processing a task utilizing a virtual machine as a function of an aspect of another virtual machine. In use, a task to be processed is identified. Furthermore, the task is processed utilizing at least one virtual machine located in a device as a function of at least one aspect of at least one other virtual machine located on the device.
摘要翻译: 提供了系统,方法和计算机程序产品,用于根据另一虚拟机的方面来处理利用虚拟机的任务。 在使用中,确定要处理的任务。 此外,根据位于设备上的至少一个其他虚拟机的至少一个方面,利用位于设备中的至少一个虚拟机来处理该任务。
-
8.发明授权System, method and computer program product for performing a security or maintenance operation in association with virtual disk data 有权用于执行与虚拟磁盘数据相关联的安全或维护操作的系统,方法和计算机程序产品公开(公告)号:US08352939B1
公开(公告)日:2013-01-08
申请号:US11949609
申请日:2007-12-03
CPC分类号: G06F9/45533 , G06F9/44505 , G06F17/3007 , G06F21/562
摘要: A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data.
摘要翻译: 提供了系统,方法和计算机程序产品,用于执行与独立于虚拟机访问的虚拟磁盘数据相关联的安全或维护操作。 在使用中,至少部分地独立于虚拟机访问存储在虚拟磁盘上的数据。 此外,与访问的数据相关联地执行安全或维护操作。
-
9.发明申请SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR SCANNING DATA UTILIZING ONE OF A PLURALITY OF VIRTUAL MACHINES OF A DEVICE 有权用于扫描数据的系统,方法和计算机程序产品利用设备的虚拟机器的一个公开(公告)号:US20130275964A1
公开(公告)日:2013-10-17
申请号:US12132113
申请日:2008-06-03
申请人: Jonathan L. Edwards , John D. Teddy
发明人: Jonathan L. Edwards , John D. Teddy
IPC分类号: G06F9/455
CPC分类号: G06F9/45558
摘要: A system, method, and computer program product are provided for scanning data utilizing one of a plurality of virtual, machines of a device. In use, data to be scanned is identified utilizing a first virtual machine of a device, where the device further includes at least one second virtual machine and a cache shared by the first virtual machine and the second virtual machine. Additionally, it is determined whether the data was previously scanned by the at least one second virtual machine, utilizing the cache. Furthermore, the data is conditionally scanned utilizing the first virtual machine based on the determination.
摘要翻译: 提供了一种系统,方法和计算机程序产品,用于利用设备的多个虚拟机器中的一个扫描数据。 在使用中,使用设备的第一虚拟机识别要扫描的数据,其中设备还包括至少一个第二虚拟机和由第一虚拟机和第二虚拟机共享的高速缓存。 此外,利用高速缓存来确定数据是否被先前由至少一个第二虚拟机扫描。 此外,基于该确定,利用第一虚拟机有条件地扫描数据。
-
10.发明授权System, method, and computer program product for hooking code inserted into an address space of a new process 有权用于将插入到新进程的地址空间中的代码的系统,方法和计算机程序产品公开(公告)号:US08627305B1
公开(公告)日:2014-01-07
申请号:US12410191
申请日:2009-03-24
IPC分类号: G06F9/44
CPC分类号: G06F9/44521
摘要: A system, method, and computer program product are provided for hooking code inserted into an address space of a new process. In use, creation of a process is identified. Additionally, code is inserted into an address space of the process. Still yet, at least one module being loaded in association with the process is identified. Further, the code is hooked at an entry point of the at least one module based on a determination of whether the at least one module includes a predefined module.
摘要翻译: 提供了一种系统,方法和计算机程序产品,用于将插入到新进程的地址空间中的代码插入。 在使用中,识别过程的创建。 另外,代码被插入进程的地址空间。 然而,至少一个与该过程相关联的模块被识别。 此外,基于至少一个模块是否包括预定义的模块的确定,代码被钩在至少一个模块的入口点。
-
-
-
-
-
-
-
-
-
搜索结果
30 条记录 (耗时 0.021 秒)