公开(公告)号：US20240143763A1

公开(公告)日：2024-05-02

申请号：US17979482

申请日：2022-11-02

Applicant: VMware, Inc.

Inventor： Mandar NANIVADEKAR ,  Sachin SHINDE ,  Bharath Kumar CHANDRASEKHAR

IPC: G06F21/56 ,  G06F21/53 ,  G06F21/54

CPC classification number: G06F21/568 ,  G06F21/53 ,  G06F21/54 ,  G06F2221/033

Abstract: A method of protecting an endpoint against a security threat detected at the endpoint, wherein the endpoint includes, in memory pages of the endpoint, an operating system (OS), a separate software entity, and remediation code, includes the steps of: transferring control of virtual CPUs (vCPUs) of the endpoint from the OS to the separate software entity; and while the separate software entity controls the vCPUs, storing, in an interrupt dispatch table, an instruction address corresponding to an interrupt, wherein the remediation code is stored at the instruction address, and replacing a next instruction to be executed by the OS, with an interrupt instruction, wherein the interrupt is raised when the OS executes the interrupt instruction, and the remediation code is executed as a result of handling of the interrupt that is raised.

公开(公告)号：US20240095351A1

公开(公告)日：2024-03-21

申请号：US17948104

申请日：2022-09-19

Applicant: VMware, Inc.

Inventor： Shirish VIJAYVARGIYA ,  Vasantha Kumar DHANASEKAR ,  Bidesh CHITNIS ,  Nakul Ranjan OGALE ,  Bharath Kumar CHANDRASEKHAR ,  Boris WEISSMAN ,  Robert James SPEAKER

IPC: G06F21/55 ,  G06F21/56

CPC classification number: G06F21/554 ,  G06F21/552 ,  G06F21/564

Abstract: In one set of embodiments, an enhanced next generation anti-virus (NGAV) system is provided. In certain embodiments, this system includes a hypervisor-level agent that backs up VM data only when an instance of a guest application running in the VM has been flagged by the NGAV system as being potentially malicious (rather than on a constant, proactive basis). Further, the hypervisor-level agent performs this backup only with respect to data modified by that specific guest application instance (rather than backing up all data modified by the VM) and writes the backed-up data to a secure storage location which is inaccessible to the guest. The combination of these features addresses many of the problems and inefficiencies of existing NGAV systems.

公开(公告)号：US20240193049A1

公开(公告)日：2024-06-13

申请号：US18080460

申请日：2022-12-13

Applicant: VMware, Inc.

Inventor： Boris WEISSMAN ,  Bharath Kumar CHANDRASEKHAR ,  Kiran KAMATH ,  Piyush KOTHARI ,  Juan Pablo CASARES-CHARLES ,  Mamta BHAVSAR ,  Ryan Joseph TODD ,  Michael KOLECHKIN ,  David Aaron KRIEGER ,  Deepa SREEKUMAR ,  Sharath Nagaraj DWARAL ,  Kamala Narayan Balasubramanian SHARATH ,  Kedar THIAGARAJAN ,  Amol Abhay KHARE ,  Leena Shuklendu SOMAN ,  Mandar Kashinath NADGOUDA ,  Robert James SPEAKER

IPC: G06F11/14 ,  G06F9/455

CPC classification number: G06F11/1464 ,  G06F9/45558 ,  G06F2009/45587

Abstract: A method for virtual computing instance remediation is provided. Some embodiments include retrieving a first backup of a virtual machine from storage, the first backup comprising configuration information and data of the virtual machine, the configuration information comprising network connectivity information in a first software defined data center (SDDC) running on a first set of host machines. Some embodiments include configuring a second SDDC running on a second set of host machines based on the configuration information, where the second SDDC is network isolated from the first SDDC and powering on the virtual machine from the first backup in the second SDDC. Some embodiments include sending, from the virtual machine to a security platform, behavior information of the virtual machine running in the second SDDC and determining, based on the behavior information, whether the virtual machine running in the second SDDC is infected with malware.

公开(公告)号：US20230195890A1

公开(公告)日：2023-06-22

申请号：US17672745

申请日：2022-02-16

Applicant: VMWARE, INC.

Inventor： SACHIN SHINDE ,  Mandar NANIVADEKAR ,  Bharath Kumar CHANDRASEKHAR

IPC: G06F21/55 ,  G06F21/54 ,  G06F21/56

CPC classification number: G06F21/554 ,  G06F21/54 ,  G06F21/566 ,  G06F2221/034

Abstract: A method of protecting an endpoint against a security threat, wherein the endpoint includes an OS and a separate software entity included in memory pages of the endpoint, includes the steps of: preventing the OS from scheduling any tasks on vCPUs of the endpoint by transferring control of the vCPUs from the OS to the separate software entity; while the OS is prevented from scheduling any tasks on the vCPUs, scanning, by the separate software entity, at least one of a list of processes of the endpoint and a subset of the memory pages of the endpoint, and upon receiving an identification of a malicious process, terminating, by the separate software entity, the malicious process; and after the separate software entity terminates the malicious process, allowing the OS to schedule tasks on the vCPUs by transferring control of the vCPUs from the separate software entity to the OS.