公开(公告)号：US20230328099A1

公开(公告)日：2023-10-12

申请号：US17658588

申请日：2022-04-08

Applicant: VMware,Inc.

Inventor： Rayanagouda Bheemanagouda PATIL ,  Kedar Bhalchandra CHAUDHARI ,  Shivali SHARMA ,  Laxmikant Vithal GUNDA ,  Sriram GOPALAKRISHNAN

IPC: H04L9/40

CPC classification number: H04L63/145 ,  H04L63/1416 ,  H04L63/1425

Abstract: A method for opening unknown files in a malware detection system, is provided. The method generally includes receiving a request to open a file classified as an unknown file, opening the file in a container, collecting at least one of a log of events carried out by the file or observed behavior traces of the file while open in the container, transmitting, to a file analyzer, at least one of the file, the log of events, or the behavior traces for static analysis, determining, a final verdict for the file, based on at least one of the file, the log of events, or the behavior traces, wherein the final verdict for the file is based on the static analysis or dynamic analysis of the file, and taking one or more actions based on a policy configured for the first endpoint and the final verdict.

公开(公告)号：US20210075789A1

公开(公告)日：2021-03-11

申请号：US16998371

申请日：2020-08-20

Applicant: VMware, Inc.

Inventor： Ming WEN ,  Edilmo PALENCIA ,  Russell LU ,  Laxmikant Vithal GUNDA ,  Margaret PETRUS

IPC: H04L29/06

Abstract: The disclosure provides an approach for establishing authentication between components in a network. Embodiments deploying a node of a monitoring appliance in response to a request and providing a token for accessing a network manager to the node of the monitoring appliance. Embodiments include generating, by the node of the monitoring appliance, a certificate of the node of the monitoring appliance and providing the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager. Embodiments include adding, by the network manager, based on the token for accessing the network manager, the certificate of the node of the monitoring appliance to a first trust store and providing, by the network manager, a network manager certificate to the node of the monitoring appliance. Embodiments include adding, by the node of the monitoring appliance, the network manager certificate to a second trust store.

公开(公告)号：US20230385413A1

公开(公告)日：2023-11-30

申请号：US17825684

申请日：2022-05-26

Applicant: VMware, Inc.

Inventor： Rayanagouda Bheemanagouda PATIL ,  Kedar Bhalchandra CHAUDHARI ,  Clemens KOLBITSCH ,  Laxmikant Vithal GUNDA ,  Vaibhav KULKARNI

IPC: G06F21/56 ,  G06F21/53

CPC classification number: G06F21/566 ,  G06F21/53 ,  G06F2221/034

Abstract: The disclosure herein describes executing unknown processes while preventing sandbox-evading malware therein from performing malicious behavior. A process execution event associated with an executable is detected, wherein the executable is to be executed in a production environment. The executable is determined to be an unknown executable (e.g., an executable that has not been analyzed for malware) using signature data in the process execution event. A function call hook interface of a sandbox simulator is activated, and a process of the executable is executed in the production environment. Any function calls from the executing process are intercepted by the activated function call hook interface, and sandbox-style responses to the intercepted function call are generated using sandbox response data of the sandbox simulator. The generated sandbox responses are provided to the executing process, whereby malware included in the executable behaves as if the executing process is executing in a sandbox environment.

公开(公告)号：US20230262114A1

公开(公告)日：2023-08-17

申请号：US18307504

申请日：2023-04-26

Applicant: VMware, Inc.

Inventor： Alok TIAGI ,  Farzad GHANNADIAN ,  Karen HAYRAPETYAN ,  Laxmikant Vithal GUNDA ,  Sunitha KRISHNA ,  Ashot ASLANYAN ,  Anirban SENGUPTA

IPC: H04L67/1012 ,  H04L47/78 ,  H04L47/125 ,  H04L9/40 ,  H04L41/22 ,  H04L67/01 ,  G06F18/214

CPC classification number: H04L67/1012 ,  H04L47/781 ,  H04L47/125 ,  H04L63/20 ,  H04L41/22 ,  H04L67/01 ,  G06F18/2148

Abstract: The disclosure provides an approach for workload labeling and identification of known or custom applications. Embodiments include determining a plurality of sets of features comprising a respective set of features for each respective workload of a first subset of a plurality of workloads. Embodiments include identifying a group of workloads based on similarities among the plurality of sets of features. Embodiments include receiving label data from a user comprising a label for the group of workloads. Embodiments include associating the label with each workload of the group of workloads to produce a training data set. Embodiments include using the training data set to train a model to output labels for input workloads. Embodiments include determining a label for a given workload of the plurality of workloads by inputting features of the given workload to the model.

公开(公告)号：US20210336899A1

公开(公告)日：2021-10-28

申请号：US16855305

申请日：2020-04-22

Applicant: VMware, Inc.

Inventor： Alok TIAGI ,  Farzad GHANNADIAN ,  Karen HAYRAPETYAN ,  Laxmikant Vithal GUNDA ,  Sunitha KRISHNA ,  Ashot ASLANYAN ,  Anirban SENGUPTA

IPC: H04L12/911 ,  H04L12/803 ,  H04L12/24 ,  H04L29/06 ,  G06K9/62

Abstract: The disclosure provides an approach for workload labeling and identification of known or custom applications. Embodiments include determining a plurality of sets of features comprising a respective set of features for each respective workload of a first subset of a plurality of workloads. Embodiments include identifying a group of workloads based on similarities among the plurality of sets of features. Embodiments include receiving label data from a user comprising a label for the group of workloads. Embodiments include associating the label with each workload of the group of workloads to produce a training data set. Embodiments include using the training data set to train a model to output labels for input workloads. Embodiments include determining a label for a given workload of the plurality of workloads by inputting features of the given workload to the model.