公开(公告)号：US20230297685A1

公开(公告)日：2023-09-21

申请号：US17654853

申请日：2022-03-15

Applicant: VMware, Inc.

Inventor： Rayanagouda Bheemanagouda PATIL ,  Sriram GOPALAKRISHNAN ,  Pranav GOKHALE

IPC: G06F21/57 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F21/564 ,  G06F2221/033

Abstract: A method for locating malware in a malware detection system, is provided. The method generally includes storing, at a first endpoint, a mapping of a first file hash and a first file path for a first file classified as an unknown file, opening, at the first endpoint, the first file prior to determining whether the first file is benign or malicious, determining, at the first endpoint, a first verdict for the first file, the first verdict indicating the first file is benign or malicious, locating the first file using the mapping of the first file hash and the first file path, and taking one or more actions based on a policy configured for the first endpoint and the first verdict indicating the first file is benign or malicious.

公开(公告)号：US20230367877A1

公开(公告)日：2023-11-16

申请号：US17743274

申请日：2022-05-12

Applicant: VMware, Inc.

Inventor： Kedar Bhalchandra CHAUDHARI ,  Pranav GOKHALE ,  Mandar BARVE

IPC: G06F21/56 ,  G06F21/53

CPC classification number: G06F21/566 ,  G06F21/53

Abstract: The disclosure herein describes the processing of malware scan requests from VCIs by an anti-malware scanner (AMS) on a host device. A malware scan request is received by the AMS from a VCI, the malware scan request including script data of a script from a memory buffer of the VCI. The AMS scans the script data of the malware scan request, outside of the VCI, and determines that the script includes malware. The AMS notifies the VCI that the script includes malware, whereby the VCI is configured to prevent execution of the script or take other mitigating action. The AMS provides scanning for fileless malware to VCIs on a host device without consuming or otherwise affecting resources of the VCIs.