公开(公告)号：US11921610B2

公开(公告)日：2024-03-05

申请号：US17734250

申请日：2022-05-02

Applicant: VMware LLC

Inventor： Laxmikant Vithal Gunda ,  Arnold Poon ,  Farzad Ghannadian

IPC: G06F11/34 ,  G06F9/455 ,  G06F11/30

CPC classification number: G06F11/3452 ,  G06F9/45558 ,  G06F11/301 ,  G06F2009/45591

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Some embodiments collect, each time a request for a new data message flow is initiated, a set of contextual attributes (i.e., context data) associated with the requested new data message flow. The method, in some embodiments, generates a correlation data set and provides the correlation data set to be included in flow data regarding the requested data message flow to be used by the analysis appliance to correlate context data and flow data received as separate data sets from multiple host computers.

公开(公告)号：US12299126B2

公开(公告)日：2025-05-13

申请号：US17825684

申请日：2022-05-26

Applicant: VMware LLC

Inventor： Rayanagouda Bheemanagouda Patil ,  Kedar Bhalchandra Chaudhari ,  Clemens Kolbitsch ,  Laxmikant Vithal Gunda ,  Vaibhav Kulkarni

IPC: G06F21/56 ,  G06F21/53

Abstract: The disclosure herein describes executing unknown processes while preventing sandbox-evading malware therein from performing malicious behavior. A process execution event associated with an executable is detected, wherein the executable is to be executed in a production environment. The executable is determined to be an unknown executable (e.g., an executable that has not been analyzed for malware) using signature data in the process execution event. A function call hook interface of a sandbox simulator is activated, and a process of the executable is executed in the production environment. Any function calls from the executing process are intercepted by the activated function call hook interface, and sandbox-style responses to the intercepted function call are generated using sandbox response data of the sandbox simulator. The generated sandbox responses are provided to the executing process, whereby malware included in the executable behaves as if the executing process is executing in a sandbox environment.

公开(公告)号：US12197971B2

公开(公告)日：2025-01-14

申请号：US17397936

申请日：2021-08-09

Applicant: VMware LLC

Inventor： Sirisha Myneni ,  Arijit Chanda ,  Laxmikant Vithal Gunda ,  Arnold Koon-Chee Poon ,  Farzad Ghannadian ,  Kausum Kumar

IPC: G06F9/54 ,  G06F8/60 ,  H04L9/40

Abstract: Some embodiments of the invention provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.