公开(公告)号：US12254091B2

公开(公告)日：2025-03-18

申请号：US17979482

申请日：2022-11-02

Applicant: VMware, Inc.

Inventor： Mandar Nanivadekar ,  Sachin Shinde ,  Bharath Kumar Chandrasekhar

IPC: G06F21/56 ,  G06F21/53 ,  G06F21/54

Abstract: A method of protecting an endpoint against a security threat detected at the endpoint, wherein the endpoint includes, in memory pages of the endpoint, an operating system (OS), a separate software entity, and remediation code, includes the steps of: transferring control of virtual CPUs (vCPUs) of the endpoint from the OS to the separate software entity; and while the separate software entity controls the vCPUs, storing, in an interrupt dispatch table, an instruction address corresponding to an interrupt, wherein the remediation code is stored at the instruction address, and replacing a next instruction to be executed by the OS, with an interrupt instruction, wherein the interrupt is raised when the OS executes the interrupt instruction, and the remediation code is executed as a result of handling of the interrupt that is raised.

公开(公告)号：US20230222210A1

公开(公告)日：2023-07-13

申请号：US17701768

申请日：2022-03-23

Applicant: VMWARE, INC.

Inventor： Leena Shuklendu Soman ,  Bharath Kumar Chandrasekhar ,  Shirish Vijayvargiya ,  Vasantha Kumar Dhanasekar ,  Vaibhav Mohan Rekhate

IPC: G06F21/53 ,  G06F9/455

CPC classification number: G06F21/53 ,  G06F9/45558 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: A method for automatically reregistering a clone virtual machine with a cloud security monitoring service is provided. The method generally includes detecting a connection between a cloud agent running in a virtual machine on a host and a hypervisor module on the host. In response to detecting the connection, the cloud agent queries the hypervisor module for one or more first identifiers of the virtual machine. The method generally includes checking a database, by the cloud agent, for one or more second identifiers stored in the database matching the one or more first identifiers received from the hypervisor module and, based on finding no second identifiers stored in the database matching the one or more first identifiers, sending a request to the cloud security monitoring service to register the virtual machine with the cloud security monitoring service.

公开(公告)号：US20220214904A1

公开(公告)日：2022-07-07

申请号：US17190463

申请日：2021-03-03

Applicant: VMWARE, INC.

Inventor： Bharath Kumar Chandrasekhar ,  Leena Shuklendu Soman ,  Vasantha Kumar Dhanasekar

IPC: G06F9/455 ,  G06F9/54 ,  G06F9/30

Abstract: The disclosure provides an approach for hypervisor-assisted security analysis. Embodiments include receiving, at a hypervisor on a host computer, events from one or more virtual computing instances (VCIs). Embodiments include analyzing, by the hypervisor, the events according to one or more rules to identify a subset of the events for additional analysis. Embodiments include compressing, by the hypervisor, the subset of the events by performing deduplication to produce a compressed subset of the events. Embodiments include transmitting, by the hypervisor, the compressed subset of the events over a network to a separate analysis component, wherein the separate analysis component performs the additional analysis.

公开(公告)号：US20230229756A1

公开(公告)日：2023-07-20

申请号：US17701736

申请日：2022-03-23

Applicant: VMWARE, INC.

Inventor： VASANTHA KUMAR DHANASEKAR ,  Shirish Vijayvargiya ,  Bharath Kumar Chandrasekhar ,  Leena Shuklendu Soman

IPC: G06F21/51 ,  H04L9/32 ,  G06F9/455

CPC classification number: G06F21/51 ,  H04L9/3239 ,  G06F9/45558 ,  G06F2221/033 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: Rapid launch of secure executables in a virtualized environment includes using a persisted security cache in a virtualized component (VC), such as a virtual machine. The VC generates a cache integrity value (IV), such as a hash value, for the security cache and sends it to a remote validator, which returns an indication of security cache validity or invalidity. Upon receiving a request to execute applications, the VC analyzes whether the applications have been determined to be safe to execute and have not been altered. The VC retrieves application IVs from the security cache, rather than hashing each of the applications, thereby saving compute time, and sends the application IVs to a remote validator, which returns an indication of application validity or invalidity.

公开(公告)号：US11847221B2

公开(公告)日：2023-12-19

申请号：US17241000

申请日：2021-04-26

Applicant: VMware, Inc.

Inventor： Mandar Nanivadekar ,  Bharath Kumar Chandrasekhar ,  Sachin Shinde

IPC: G06F21/53 ,  G06F21/56

CPC classification number: G06F21/565 ,  G06F21/53 ,  G06F2221/034

Abstract: System and method for executing scan operations on computing systems use a sparse file that represents a storage device of a computing system to scan a file stored in the storage device. The sparse file is created and mounted to a scanner appliance such that the sparse file appears to a scan engine of the scanner appliance as a local storage device. When a read request for the file stored in the storage device is issued from the scan engine that results in an implicit read request to the sparse file, the implicit read request is trapped. While the implicit read request is trapped, data of the file is retrieved from the storage device of the computing system to the scanner appliance using a communication transport. The retrieved data of the file is then scanned using the scan engine at the scanner appliance.