公开(公告)号：US20240314141A1

公开(公告)日：2024-09-19

申请号：US18204352

申请日：2023-05-31

Applicant: VMware, Inc.

Inventor： Mandar NANIVADEKAR ,  Paraskumar PRAJAPATI

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/1416 ,  G06F9/45558 ,  G06F2009/45587

Abstract: Example methods and systems for multi-engine intrusion detection are described. In one example, a computer system may configure a set of multiple intrusion detection system (IDS) engines that include at least a first IDS engine and a second IDS engine. In response to detecting establishment of a first packet flow and a second packet flow, the computer system may assign the first packet flow to the first IDS engine and second packet flow to the second engine based on an assignment policy. This way, first packet flow inspection may be performed using the first IDS engine to determine whether first packet(s) associated with the first packet flow are potentially malicious. Second packet flow inspection may be performed using the second IDS engine to determine whether second packet(s) associated with the second packet flow are potentially malicious.

公开(公告)号：US20230195890A1

公开(公告)日：2023-06-22

申请号：US17672745

申请日：2022-02-16

Applicant: VMWARE, INC.

Inventor： SACHIN SHINDE ,  Mandar NANIVADEKAR ,  Bharath Kumar CHANDRASEKHAR

IPC: G06F21/55 ,  G06F21/54 ,  G06F21/56

CPC classification number: G06F21/554 ,  G06F21/54 ,  G06F21/566 ,  G06F2221/034

Abstract: A method of protecting an endpoint against a security threat, wherein the endpoint includes an OS and a separate software entity included in memory pages of the endpoint, includes the steps of: preventing the OS from scheduling any tasks on vCPUs of the endpoint by transferring control of the vCPUs from the OS to the separate software entity; while the OS is prevented from scheduling any tasks on the vCPUs, scanning, by the separate software entity, at least one of a list of processes of the endpoint and a subset of the memory pages of the endpoint, and upon receiving an identification of a malicious process, terminating, by the separate software entity, the malicious process; and after the separate software entity terminates the malicious process, allowing the OS to schedule tasks on the vCPUs by transferring control of the vCPUs from the separate software entity to the OS.

公开(公告)号：US20240143763A1

公开(公告)日：2024-05-02

申请号：US17979482

申请日：2022-11-02

Applicant: VMware, Inc.

Inventor： Mandar NANIVADEKAR ,  Sachin SHINDE ,  Bharath Kumar CHANDRASEKHAR

IPC: G06F21/56 ,  G06F21/53 ,  G06F21/54

CPC classification number: G06F21/568 ,  G06F21/53 ,  G06F21/54 ,  G06F2221/033

Abstract: A method of protecting an endpoint against a security threat detected at the endpoint, wherein the endpoint includes, in memory pages of the endpoint, an operating system (OS), a separate software entity, and remediation code, includes the steps of: transferring control of virtual CPUs (vCPUs) of the endpoint from the OS to the separate software entity; and while the separate software entity controls the vCPUs, storing, in an interrupt dispatch table, an instruction address corresponding to an interrupt, wherein the remediation code is stored at the instruction address, and replacing a next instruction to be executed by the OS, with an interrupt instruction, wherein the interrupt is raised when the OS executes the interrupt instruction, and the remediation code is executed as a result of handling of the interrupt that is raised.