公开(公告)号：US20210286877A1

公开(公告)日：2021-09-16

申请号：US16871088

申请日：2020-05-11

Applicant: VMWARE, INC.

Inventor： SHIRISH VIJAYVARGIYA ,  Vasantha Kumar DHANASEKAR ,  Sachin SHINDE ,  Rayanagouda Bheemanagouda PATIL

IPC: G06F21/56 ,  G06F11/30 ,  G06F21/60 ,  G06F9/455

Abstract: A next generation antivirus (NGAV) security solution in a virtualized computing environment includes a security sensor at a virtual machine that runs on a host and a security engine remote from the host. The integrity of the NGAV security solution is increased, by providing a verification as to whether a verdict issued by the security engine has been successfully enforced by the security sensor to prevent execution of malicious code at the virtual machine.

公开(公告)号：US20230328099A1

公开(公告)日：2023-10-12

申请号：US17658588

申请日：2022-04-08

Applicant: VMware,Inc.

Inventor： Rayanagouda Bheemanagouda PATIL ,  Kedar Bhalchandra CHAUDHARI ,  Shivali SHARMA ,  Laxmikant Vithal GUNDA ,  Sriram GOPALAKRISHNAN

IPC: H04L9/40

CPC classification number: H04L63/145 ,  H04L63/1416 ,  H04L63/1425

Abstract: A method for opening unknown files in a malware detection system, is provided. The method generally includes receiving a request to open a file classified as an unknown file, opening the file in a container, collecting at least one of a log of events carried out by the file or observed behavior traces of the file while open in the container, transmitting, to a file analyzer, at least one of the file, the log of events, or the behavior traces for static analysis, determining, a final verdict for the file, based on at least one of the file, the log of events, or the behavior traces, wherein the final verdict for the file is based on the static analysis or dynamic analysis of the file, and taking one or more actions based on a policy configured for the first endpoint and the final verdict.

公开(公告)号：US20230385413A1

公开(公告)日：2023-11-30

申请号：US17825684

申请日：2022-05-26

Applicant: VMware, Inc.

Inventor： Rayanagouda Bheemanagouda PATIL ,  Kedar Bhalchandra CHAUDHARI ,  Clemens KOLBITSCH ,  Laxmikant Vithal GUNDA ,  Vaibhav KULKARNI

IPC: G06F21/56 ,  G06F21/53

CPC classification number: G06F21/566 ,  G06F21/53 ,  G06F2221/034

Abstract: The disclosure herein describes executing unknown processes while preventing sandbox-evading malware therein from performing malicious behavior. A process execution event associated with an executable is detected, wherein the executable is to be executed in a production environment. The executable is determined to be an unknown executable (e.g., an executable that has not been analyzed for malware) using signature data in the process execution event. A function call hook interface of a sandbox simulator is activated, and a process of the executable is executed in the production environment. Any function calls from the executing process are intercepted by the activated function call hook interface, and sandbox-style responses to the intercepted function call are generated using sandbox response data of the sandbox simulator. The generated sandbox responses are provided to the executing process, whereby malware included in the executable behaves as if the executing process is executing in a sandbox environment.

公开(公告)号：US20230297685A1

公开(公告)日：2023-09-21

申请号：US17654853

申请日：2022-03-15

Applicant: VMware, Inc.

Inventor： Rayanagouda Bheemanagouda PATIL ,  Sriram GOPALAKRISHNAN ,  Pranav GOKHALE

IPC: G06F21/57 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F21/564 ,  G06F2221/033

Abstract: A method for locating malware in a malware detection system, is provided. The method generally includes storing, at a first endpoint, a mapping of a first file hash and a first file path for a first file classified as an unknown file, opening, at the first endpoint, the first file prior to determining whether the first file is benign or malicious, determining, at the first endpoint, a first verdict for the first file, the first verdict indicating the first file is benign or malicious, locating the first file using the mapping of the first file hash and the first file path, and taking one or more actions based on a policy configured for the first endpoint and the first verdict indicating the first file is benign or malicious.

公开(公告)号：US20220210127A1

公开(公告)日：2022-06-30

申请号：US17177257

申请日：2021-02-17

Applicant: VMWARE, INC.

Inventor： VASANTHA KUMAR DHANASEKAR ,  Shirish VIJAYVARGIYA ,  Rayanagouda Bheemanagouda PATIL

IPC: H04L29/06 ,  H04L9/32

Abstract: Example methods and systems for attribute-based firewall rule enforcement are described. One example method may comprise a computer system obtaining, from a management entity, one or more first firewall rules configured based on first attribute information. The computer system may detect a login event associated with a user operating a user device to log onto a virtualized computing instance. In response to determination that the user is associated with the first attribute information, the one or more first firewall rules may be applied. Otherwise, in response to determination that the user is associated with second attribute information that is different from the first attribute information, the computer system may obtain and apply one or more second firewall rules configured based on the second attribute information.