Privacy friendly malware quarantines
    1.
    发明授权
    Privacy friendly malware quarantines 有权
    隐私权恶意软件隔离

    公开(公告)号:US07716743B2

    公开(公告)日:2010-05-11

    申请号:US11035584

    申请日:2005-01-14

    IPC分类号: G06F11/00 H04L29/06

    摘要: The present invention provides a system, method, and computer-readable medium for quarantining a file. Embodiments of the present invention are included in antivirus software that maintains a user interface. From the user interface, a user may issue a command to quarantine a file or the quarantine process may be initiated automatically by the antivirus software after malware is identified. When a file is marked for quarantine, aspects of the present invention encode file data with a function that is reversible. Then a set of metadata is identified that describes attributes of the file including any heightened security features that are used to limit access to the file. The metadata is moved to a quarantine folder, while the encoded file remains at the same location in the file system. As a result, the encoded file maintains the same file attributes as the original, non-quarantined file, including any heightened security features.

    摘要翻译: 本发明提供了用于隔离文件的系统,方法和计算机可读介质。 本发明的实施例包括在维护用户界面的防病毒软件中。 从用户界面,用户可能会发出隔离文件的命令,或者在识别恶意软件后,防病毒软件可能会自动启动隔离进程。 当文件被标记为隔离区时,本发明的方面用可逆的功能对文件数据进行编码。 然后识别一组描述文件属性的元数据,包括用于限制对文件访问的任何更高级的安全功能。 元数据移动到隔离文件夹,而编码文件保留在文件系统中的相同位置。 因此,编码文件保持与原始,未隔离文件相同的文件属性,包括任何更高级的安全功能。

    System and method for efficiently scanning a file for malware
    2.
    发明授权
    System and method for efficiently scanning a file for malware 有权
    用于高效扫描恶意软件文件的系统和方法

    公开(公告)号:US07861296B2

    公开(公告)日:2010-12-28

    申请号:US11154267

    申请日:2005-06-16

    IPC分类号: G06F11/00

    CPC分类号: G06F21/51 G06F21/566

    摘要: The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect of the present invention is a method that identifies a pattern in which data in a file is loaded into memory from a computer-readable medium. Then the method identifies a pattern in which data in the file may be loaded into memory in a way that minimizes the time required to read data in the file. When a subsequent scan of the file is scheduled to occur, the method causes data in the file to be loaded in memory using the pattern that minimizes the time required to read data in the file.

    摘要翻译: 本发明涉及一种用于将数据有效地加载到存储器中以便扫描恶意软件的数据的系统,方法和计算机可读介质。 本发明提供的逻辑提高了用户在操作受防病毒软件保护的计算机时的体验。 本发明的一个方面是从计算机可读介质中识别文件中的数据被加载到存储器中的模式的方法。 然后,该方法识别可以以最小化在文件中读取数据所需的时间的方式将文件中的数据加载到存储器中的模式。 当调度文件的后续扫描时,该方法会使文件中的数据使用最小化文件中读取数据所需的时间的模式加载到内存中。

    System and method of caching decisions on when to scan for malware
    3.
    发明授权
    System and method of caching decisions on when to scan for malware 有权
    缓存何时扫描恶意软件的系统和方法

    公开(公告)号:US07882561B2

    公开(公告)日:2011-02-01

    申请号:US11047810

    申请日:2005-01-31

    IPC分类号: G06F11/00

    CPC分类号: G06F21/564

    摘要: In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.

    摘要翻译: 根据本发明,提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统,方法和计算机可读介质。 本发明的一个方面包括当接收到包括恶意软件签名的软件更新时,识别需要扫描恶意软件的文件。 更具体地,通过搜索与恶意软件相关联的元数据来识别新的恶意软件的属性。 然后,该方法将搜索扫描缓存,并确定每个具有扫描缓存中的条目的文件是否是可能被恶意软件感染的类型。 如果文件是可能被恶意软件感染的文件,那么当发生诸如I / O请求的扫描事件时,该文件将被扫描恶意软件。 相反,如果文件不是可能被恶意软件感染的类型,则可能会访问该文件,而不执行扫描。

    System and method of caching decisions on when to scan for malware
    4.
    发明授权
    System and method of caching decisions on when to scan for malware 有权
    缓存何时扫描恶意软件的系统和方法

    公开(公告)号:US08161557B2

    公开(公告)日:2012-04-17

    申请号:US12949622

    申请日:2010-11-18

    IPC分类号: G06F11/00

    CPC分类号: G06F21/564

    摘要: In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.

    摘要翻译: 根据本发明,提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统,方法和计算机可读介质。 本发明的一个方面包括当接收到包括恶意软件签名的软件更新时,识别需要扫描恶意软件的文件。 更具体地,通过搜索与恶意软件相关联的元数据来识别新的恶意软件的属性。 然后,该方法将搜索扫描缓存,并确定每个具有扫描缓存中的条目的文件是否是可能被恶意软件感染的类型。 如果文件是可能被恶意软件感染的文件,那么当发生诸如I / O请求的扫描事件时,该文件将被扫描恶意软件。 相反,如果文件不是可能被恶意软件感染的类型,则可能会访问该文件,而不执行扫描。

    SYSTEM AND METHOD OF CACHING DECISIONS ON WHEN TO SCAN FOR MALWARE
    5.
    发明申请
    SYSTEM AND METHOD OF CACHING DECISIONS ON WHEN TO SCAN FOR MALWARE 有权
    系统和方法在何时扫描恶意软件时执行决定

    公开(公告)号:US20110067109A1

    公开(公告)日:2011-03-17

    申请号:US12949622

    申请日:2010-11-18

    IPC分类号: G06F21/00

    CPC分类号: G06F21/564

    摘要: In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.

    摘要翻译: 根据本发明,提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统,方法和计算机可读介质。 本发明的一个方面包括当接收到包括恶意软件签名的软件更新时,识别需要扫描恶意软件的文件。 更具体地,通过搜索与恶意软件相关联的元数据来识别新的恶意软件的属性。 然后,该方法将搜索扫描缓存,并确定每个具有扫描缓存中的条目的文件是否是可能被恶意软件感染的类型。 如果文件是可能被恶意软件感染的文件,那么当发生诸如I / O请求的扫描事件时,该文件将被扫描恶意软件。 相反,如果文件不是可能被恶意软件感染的类型,则可能会访问该文件,而不执行扫描。

    Applying antimalware logic without revealing the antimalware logic to adversaries
    7.
    发明授权
    Applying antimalware logic without revealing the antimalware logic to adversaries 有权
    应用反恶意软件逻辑,而不会向对手揭示反恶意软件逻辑

    公开(公告)号:US08955133B2

    公开(公告)日:2015-02-10

    申请号:US13156726

    申请日:2011-06-09

    IPC分类号: G06F21/00 G06F21/55 G06F21/56

    CPC分类号: G06F21/552 G06F21/566

    摘要: The subject disclosure is directed towards a technology by which antimalware detection logic is maintained and operated at a backend service, with which a customer frontend machine communicates (queries) for purposes of malware detection. In this way, some antimalware techniques are maintained at the backend service rather than revealed to antimalware authors. The backend antimalware detection logic may be based upon feature selection, and may be updated rapidly, in a manner that is faster than malware authors can track. Noise may be added to the results to make it difficult for malware authors to deduce the logic behind the results. The backend may return results indicating malware or not malware, or return inconclusive results. The backend service may also detect probing-related queries that are part of an attempt to deduce the unrevealed antimalware detection logic, with noisy results returned in response and/or other actions taken to foil the attempt.

    摘要翻译: 主题公开涉及一种技术,通过该技术,反恶意软件检测逻辑在后端服务中被维护和操作,客户前端机器为此进行通信(查询)以用于恶意软件检测。 这样一来,后端服务就会保留一些反恶意软件技术,而不是反恶意软件作者。 后端反恶意软件检测逻辑可以基于特征选择,并且可以以比作者可追踪的恶意软件更快的方式快速更新。 噪声可能会添加到结果中,使恶意软件作者难以推断出结果背后的逻辑。 后端可能返回指示恶意软件或不是恶意软件的结果,或返回不确定的结果。 后端服务还可以检测作为尝试推断出未显示的反恶意软件检测逻辑的一部分的探测相关查询,其中响应返回噪声结果和/或为了抵制该尝试而采取的其他动作。

    SELECTIVELY SCANNING OBJECTS FOR INFECTION BY MALWARE
    8.
    发明申请
    SELECTIVELY SCANNING OBJECTS FOR INFECTION BY MALWARE 有权
    恶意软件感染的选择性扫描对象

    公开(公告)号:US20130086683A1

    公开(公告)日:2013-04-04

    申请号:US13248867

    申请日:2011-09-29

    IPC分类号: G06F21/00

    摘要: Techniques are described herein that are capable of selectively scanning objects for infection by malware (i.e., to determine whether one or more of the objects are infected by malware). For instance, metadata that is associated with the objects may be reviewed to determine whether update(s) have been made with regard to the objects since a determination was made that the objects were not infected by malware. An update may involve increasing a number of the objects, modifying one of the objects, etc. Objects that have been updated (e.g., added and/or modified) since the determination may be scanned. Objects that have not been updated since the determination need not necessarily be scanned. For instance, an allowance may be made to perform operations with respect to the objects that have not been updated since the determination without first scanning the objects for infection by malware.

    摘要翻译: 本文描述了能够选择性地扫描物体以感染恶意软件(即,确定一个或多个对象是否被恶意软件感染)的技术。 例如,可以检查与对象相关联的元数据,以确定是否已经对对象进行了更新,因为确定对象未被恶意软件感染。 更新可以涉及增加对象的数量,修改对象之一等。可以扫描自确定以来已被更新(例如,添加和/或修改)的对象。 自确定以来尚未更新的对象不必一定被扫描。 例如,可以在不首先扫描物体以感染恶意软件的情况下,进行从确定以来未进行更新的对象的操作。

    Selectively scanning objects for infection by malware
    9.
    发明授权
    Selectively scanning objects for infection by malware 有权
    选择性扫描物体感染恶意软件

    公开(公告)号:US08973135B2

    公开(公告)日:2015-03-03

    申请号:US13248867

    申请日:2011-09-29

    IPC分类号: G06F12/14 G06F21/00

    摘要: Techniques are described herein that are capable of selectively scanning objects for infection by malware (i.e., to determine whether one or more of the objects are infected by malware). For instance, metadata that is associated with the objects may be reviewed to determine whether update(s) have been made with regard to the objects since a determination was made that the objects were not infected by malware. An update may involve increasing a number of the objects, modifying one of the objects, etc. Objects that have been updated (e.g., added and/or modified) since the determination may be scanned. Objects that have not been updated since the determination need not necessarily be scanned. For instance, an allowance may be made to perform operations with respect to the objects that have not been updated since the determination without first scanning the objects for infection by malware.

    摘要翻译: 本文描述了能够选择性地扫描物体以感染恶意软件(即,确定一个或多个对象是否被恶意软件感染)的技术。 例如,可以检查与对象相关联的元数据,以确定是否已经对对象进行了更新,因为确定对象未被恶意软件感染。 更新可以涉及增加对象的数量,修改对象之一等。可以扫描自确定以来已被更新(例如,添加和/或修改)的对象。 自确定以来尚未更新的对象不必一定被扫描。 例如,可以在不首先扫描物体以感染恶意软件的情况下,进行从确定以来未进行更新的对象的操作。