-
1.发明授权System and method of selectively scanning a file on a computing device for malware 有权有选择地扫描计算设备上的恶意软件文件的系统和方法公开(公告)号:US07676845B2
公开(公告)日:2010-03-09
申请号:US11090086
申请日:2005-03-24
CPC分类号: G06F21/51 , G06F21/564
摘要: In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One or more files may be sent from a trusted source to a computing device that implements the present invention. The integrity of the files that originate from a trusted source is validated using a signature-based hashing function. Any modifications made to files stored on the computing device are tracked by a component of the operating system. In instances when the file is not modified after being validated, an aspect of the present invention prevents the file from being scanned for malware when a scanning event is directed to the file. As a result, the performance of the computing device is improved as static files from trusted sources are not repeatedly scanned for malware.
摘要翻译: 根据本发明,提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统,方法和计算机可读介质。 一个或多个文件可以从可信源发送到实现本发明的计算设备。 源自可信源的文件的完整性使用基于签名的散列函数进行验证。 对存储在计算设备上的文件的任何修改由操作系统的组件跟踪。 在文件在被验证之后未被修改的情况下,本发明的一个方面防止当扫描事件被引导到该文件时该文件被扫描恶意软件。 因此,由于来自可信源的静态文件不会重复扫描恶意软件,因此计算设备的性能得到改善。
-
公开(公告)号:US07836504B2
公开(公告)日:2010-11-16
申请号:US11070468
申请日:2005-03-01
申请人: Kenneth D Ray , Michael Kramer , Paul England , Scott A Field
发明人: Kenneth D Ray , Michael Kramer , Paul England , Scott A Field
CPC分类号: G06F12/145 , G06F21/562
摘要: The present invention provides a system, method, and computer-readable medium for identifying malware that is loaded in the memory of a computing device. Software routines implemented by the present invention track the state of pages loaded in memory using page table access bits available from a central processing unit. A page in memory may be in a state that is “unsafe” or potentially infected with malware. In this instance, the present invention calls a scan engine to search a page for malware before information on the page is executed.
摘要翻译: 本发明提供一种用于识别加载到计算设备的存储器中的恶意软件的系统,方法和计算机可读介质。 由本发明实现的软件程序使用从中央处理单元获得的页表访问位来跟踪加载在存储器中的页的状态。 内存中的页面可能处于“不安全”或可能感染恶意软件的状态。 在这种情况下,本发明在页面上的信息被执行之前,调用扫描引擎来搜索页面中的恶意软件。
-
公开(公告)号:US07603708B2
公开(公告)日:2009-10-13
申请号:US11181376
申请日:2005-07-13
CPC分类号: H04L63/1441 , H04L63/101
摘要: A computer system having secured network services is presented. The computer system comprises a processor, a memory, and a network action processing module. The network action processing module processes network actions from one or more network services executing on the computer system. The computer system is further configured to execute at least network service performing network actions in conjunction with the network action processing module. Upon receiving a network action from a network service, the network action processing module determines whether the network action is a valid network action according to a network action control list. If the network action is determined to not be a valid network action, the network action is blocked. Alternatively, if the network action is determined to be a valid network action, the network action is permitted to be completed.
摘要翻译: 提出了一种具有安全网络服务的计算机系统。 计算机系统包括处理器,存储器和网络动作处理模块。 网络动作处理模块处理来自在计算机系统上执行的一个或多个网络服务的网络动作。 该计算机系统进一步被配置为至少执行网络服务,与网络动作处理模块一起执行网络动作。 网络动作处理模块从网络服务接收到网络动作后,根据网络动作控制列表判断网络动作是否为有效的网络动作。 如果网络动作被确定为不是有效的网络动作,则网络动作被阻止。 或者,如果网络动作被确定为有效的网络动作,则允许网络动作被完成。
-
公开(公告)号:US08544086B2
公开(公告)日:2013-09-24
申请号:US11450608
申请日:2006-06-09
申请人: Scott A Field
发明人: Scott A Field
CPC分类号: G06F21/56 , G06F21/562
摘要: A system and method for providing enhanced security with regard to obtained files is presented. Upon obtaining a file from an external location, the obtained file is tagged with tagging information regarding the origin of the obtained file. Additionally, an operating system suitable for execution on a computing device is also presented. The operating system includes at least one application-callable function (API) for obtaining content from an external location. Each application-callable function for obtaining content from an external location is configured to associate tagging information with each obtained file, the tagging information comprising the origin of the obtained file. The origin of the obtained file can be used for subsequent security policy decisions, such as whether to allow or block execution or rendering of the content, as well as whether the content will be accessed in a constrained environment such as a “sandbox” or virtual machine.
摘要翻译: 提出了一种用于提供关于获得的文件的增强的安全性的系统和方法。 在从外部位置获得文件时,所获得的文件被标记有关于获得的文件的原点的标记信息。 此外,还提出了适用于在计算设备上执行的操作系统。 操作系统包括用于从外部位置获取内容的至少一个应用可调用功能(API)。 用于从外部位置获取内容的每个应用可调用功能被配置为将标记信息与每个获得的文件相关联,所述标签信息包括所获得的文件的来源。 获得的文件的来源可以用于后续的安全策略决定,例如是否允许或阻止执行或呈现内容,以及是否在受限环境(例如“沙箱”)或虚拟机中访问内容 机。
-
公开(公告)号:US08359645B2
公开(公告)日:2013-01-22
申请号:US11090679
申请日:2005-03-25
申请人: Michael Kramer , Art Shelest , Carl M Carter-Schwendler , Gary S Henderson , Scott A Field , Sterling M Reasor
发明人: Michael Kramer , Art Shelest , Carl M Carter-Schwendler , Gary S Henderson , Scott A Field , Sterling M Reasor
CPC分类号: G06F21/56 , G06F21/57 , H04L41/0659 , H04L41/0816 , H04L63/02 , H04L63/1441 , H04L69/40
摘要: A system and method for protecting a computer system connected to a communication network from a potential vulnerability. The system and method protects a computer system that is about to undergo or has just undergone a change in state that may result in placing the computer system at risk to viruses, and the like, over a communication network. The system and method first detect an imminent or recent change in state. A security component and a fixing component react to the detection of the change in state. The security component may raise the security level to block incoming network information, other than information from a secure or known location, or information requested by the computer system. The fixing component implements a fixing routine, such as installing missing updates or patches, and on successfully completing the fixing routine, the security level is relaxed or lowered.
摘要翻译: 一种用于保护连接到通信网络的计算机系统免受潜在漏洞的系统和方法。 该系统和方法保护将要经历或刚刚经历可能导致计算机系统处于危险的病毒等的通信网络上的计算机系统。 系统和方法首先检测即将来临或最近的状态变化。 安全部件和固定部件对状态变化的检测作出反应。 安全组件可以提高安全级别以阻止来自安全或已知位置的信息或计算机系统请求的信息之外的传入网络信息。 固定组件执行固定程序,例如安装缺少的更新或修补程序,并且在成功完成固定程序时,安全级别被放宽或降低。
-
公开(公告)号:US08214641B2
公开(公告)日:2012-07-03
申请号:US11843752
申请日:2007-08-23
IPC分类号: H04L29/06
CPC分类号: G06F21/6236
摘要: Aspects of the subject matter described herein relate to providing file access in a multi-protocol environment. In aspects, a file server is operable to receive requests formatted according to two or more file access protocols. If a request is formatted according to a first file access protocol, the file server applies access rights associated with the file to an account associated with a requester to determine whether to grant access. If the request is formatted according to the second file access protocol, the file server may first attempt to find an account for the requester. If an account is not found, the file server may then grant access based on access rights associated with the file as applied to information in the request without consulting an account on the file server.
摘要翻译: 本文描述的主题的方面涉及在多协议环境中提供文件访问。 在方面中,文件服务器可操作以接收根据两个或多个文件访问协议格式化的请求。 如果根据第一文件访问协议格式化请求,则文件服务器将与文件相关联的访问权限应用于与请求者相关联的帐户,以确定是否授予访问权限。 如果根据第二文件访问协议来格式化请求,则文件服务器可以首先尝试找到请求者的帐户。 如果没有找到一个帐户,那么文件服务器可能会根据应用于请求中的信息的与该文件相关联的访问权限来授予访问权限,而不咨询文件服务器上的一个帐户。
-
公开(公告)号:US07660797B2
公开(公告)日:2010-02-09
申请号:US11139409
申请日:2005-05-27
CPC分类号: G06F21/56
摘要: The present invention is directed toward a system, method, and computer-readable medium that scan a file for malware that maintains a restrictive access attribute that limits access to the file. In accordance with one aspect of the present invention, a method for performing a scan for malware is provided when antivirus software on a computer encounters a file with a restrictive access attribute that prevents the file from being scanned. More specifically, the method includes identifying the restrictive access attribute that limits access to the file; bypassing the restrictive access attribute to access data in the file; and using a scan engine to scan the data in the file for malware.
摘要翻译: 本发明涉及一种系统,方法和计算机可读介质,其扫描文件以维护限制对该文件的访问的限制性访问属性的恶意软件。 根据本发明的一个方面,当计算机上的防病毒软件遇到具有阻止文件被扫描的限制性访问属性的文件时,提供了用于执行恶意软件扫描的方法。 更具体地,该方法包括识别限制对文件的访问的限制性访问属性; 绕过限制访问属性访问文件中的数据; 并使用扫描引擎来扫描文件中的恶意软件数据。
-
公开(公告)号:US20080005797A1
公开(公告)日:2008-01-03
申请号:US11480774
申请日:2006-06-30
IPC分类号: G06F12/14
CPC分类号: G06F21/562 , G06F21/575
摘要: Generally described, the present invention is directed at identifying malware. In one embodiment, a method is provided that performs a search for malware during the boot process. More specifically, the method causes a software module configured to scan for malware to be initialized at computer start up. Then, in response to identifying the occurrence of a scanning event, the method causes the software module to search computer memory for data that is characteristic of malware. If data characteristic of malware is identified, the method handles the malware infection.
摘要翻译: 通常描述,本发明涉及识别恶意软件。 在一个实施例中,提供了一种在引导过程中执行恶意软件搜索的方法。 更具体地,该方法使软件模块被配置为扫描在计算机启动时被初始化的恶意软件。 然后,响应于识别扫描事件的发生,该方法使得软件模块搜索计算机存储器中是恶意软件特征的数据。 如果识别出恶意软件的数据特征,该方法会处理恶意软件感染。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.014 秒)
