专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明授权

US08001603B1 Variable scan of files based on file context 有权
标题翻译：基于文件上下文的文件变量扫描
公开(公告)号：US08001603B1
公开(公告)日：2011-08-16
申请号：US11492290
申请日：2006-07-24
申请人： Mark Kennedy
发明人： Mark Kennedy
IPC分类号： G06F21/00
CPC分类号： G06F21/577 , G06F21/563 , G06F21/564 , G06F21/566 , H04L63/0227 , H04L63/1441
摘要： The file context of a target file to be scanned is determined and the scan level for the file context is determined. Generally, the security risk for each file context is assessed, and the scan level appropriate for the security risk is associated with the file context. The target file is scanned at the scan level. Accordingly, a target file having a file context indicating that the file is a high security risk is scanned at a high scan level, i.e., is subject to a maximum-security scan. In this manner, high-level security is maintained. Conversely, a target file having a file context indicating that the file is a low security risk is scanned at a low scan level, i.e., is subject to a minimum-security scan or no scan at all. In this manner, high security is maintained while at the same time maximum performance is achieved.
摘要翻译：确定要扫描的目标文件的文件上下文，并确定文件上下文的扫描级别。通常，评估每个文件上下文的安全风险，并且适合于安全风险的扫描级别与文件上下文相关联。在扫描级别扫描目标文件。因此，具有指示文件是高安全性风险的文件上下文的目标文件被扫描在高扫描级，即经受最大安全扫描。以这种方式，保持高级别的安全。相反，具有指示文件是低安全风险的文件上下文的目标文件被扫描在低扫描级，即经受最小安全扫描或根本不扫描。以这种方式，保持高安全性，同时实现最大性能。

32. 发明授权

US07926106B1 Utilizing early exclusive volume access and direct volume manipulation to remove protected files 有权
标题翻译：利用早期专用卷访问和直接卷操作来删除受保护的文件
公开(公告)号：US07926106B1
公开(公告)日：2011-04-12
申请号：US11400538
申请日：2006-04-06
申请人： Mark Kennedy , Michael Spertus , Peter Linhardt , Richard Gough , Adam Glick , Patrick Gardner , Spencer Smith , Tim Naftel
发明人： Mark Kennedy , Michael Spertus , Peter Linhardt , Richard Gough , Adam Glick , Patrick Gardner , Spencer Smith , Tim Naftel
IPC分类号： G06F11/00
CPC分类号： G06F21/568
摘要： Upon detection of a rootkit, a host computer system is rebooted. The boot process is interrupted. Access to a media, e.g., a volume or disk, containing the rootkit is gained and the media is directly accessed. The rootkit is disabled, e.g., renamed or deleted, and the host computer system is rebooted a second time. If the rootkit has not been previously removed, e.g., only renamed, the rootkit is removed, e.g., using a conventional antivirus application. Thus, upon detection of a rootkit, the rootkit is removed without a clean boot.
摘要翻译：在检测到rootkit后，重新启动主机系统。引导过程中断。获得对包含rootkit的媒体（例如卷或磁盘）的访问，并直接访问媒体。 rootkit被禁用，例如重命名或删除，并且主计算机系统第二次重新启动。如果rootkit尚未被除去，例如，仅被重命名，则rootkit被去除，例如使用传统的防病毒应用程序。因此，在检测到一个rootkit后，rootkit将被删除而无需干净启动。

33. 发明申请

US20110055123A1 Systems and Methods for Using Multiple In-line Heuristics to Reduce False Positives 有权
标题翻译：使用多重在线启发式减少虚假积分的系统和方法
公开(公告)号：US20110055123A1
公开(公告)日：2011-03-03
申请号：US12550880
申请日：2009-08-31
申请人： Mark Kennedy
发明人： Mark Kennedy
IPC分类号： G06F15/18 , G06F21/00
CPC分类号： G06N99/005
摘要： An exemplary method for using multiple in-line heuristics to reduce false positives may include: 1) training a first heuristic using a set of training data, 2) deploying the first heuristic, 3) identifying false positives produced by the first heuristic during deployment, 4) modifying the training data to include the false positives produced by the first heuristic, 5) creating a second heuristic using the modified training data, 6) deploying both the first heuristic and the second heuristic, and then 7) applying both the first heuristic and the second heuristic, in sequence, to a set of field data.
摘要翻译：使用多个在线启发式来减少误报的示例性方法可以包括：1）使用一组训练数据训练第一启发式，2）部署第一启发式，3）识别在部署期间由第一启发式产生的假阳性， 4）修改训练数据以包括由第一启发式产生的假阳性，5）使用修改的训练数据创建第二启发式，6）部署第一启发式和第二启发式，然后7）应用第一启发式而第二个启发式依次是一组现场数据。

34. 发明申请

US20100162395A1 Methods and Systems for Detecting Malware 有权
标题翻译：检测恶意软件的方法和系统
公开(公告)号：US20100162395A1
公开(公告)日：2010-06-24
申请号：US12338877
申请日：2008-12-18
申请人： Mark Kennedy
发明人： Mark Kennedy
IPC分类号： G06F11/00 , G06F15/18 , G06F17/00
CPC分类号： H04L63/145 , G06F21/563 , G06F2221/033 , G06F2221/2101
摘要： A method for detecting malware is disclosed. The method may include examining a plurality of metadata fields of a plurality of known-clean-executable files. The method may also include examining a plurality of metadata fields of a plurality of known-malicious-executable files. The method may further include deducing, based on information obtained from examining the plurality of metadata fields of the plurality of known-clean- and known-malicious-executable files, metadata-field attributes indicative of malware. Corresponding systems and computer-readable media are also disclosed.
摘要翻译：公开了一种用于检测恶意软件的方法。该方法可以包括检查多个已知清洁可执行文件的多个元数据字段。该方法还可以包括检查多个已知恶意可执行文件的多个元数据字段。该方法可以进一步包括基于通过检查多个已知干净和已知恶意可执行文件中的多个元数据字段获得的信息来推导指示恶意软件的元数据字段属性。还公开了相应的系统和计算机可读介质。

35. 发明授权

US07694296B1 Preventing unauthorized installs and uninstalls of software modules 有权
标题翻译：防止未经授权的安装和卸载软件模块
公开(公告)号：US07694296B1
公开(公告)日：2010-04-06
申请号：US11135708
申请日：2005-05-24
申请人： Mark Kennedy
发明人： Mark Kennedy
IPC分类号： G06F9/44 , G06F9/445
CPC分类号： G06F8/61 , G06F21/566
摘要： Apparati, methods, and computer-readable media for preventing unauthorized installs and uninstalls of software modules on a computer. One method embodiment of the present invention comprises the steps of amending (41) an uninstall instructions file (32) to include an invention attribute (33) and at least one pre-selected uninstall condition (34); detecting (42) an attempt to open said uninstall instructions file (32); checking (43) the uninstall instructions file (32) for presence of said invention attribute (33); determining (45) whether the at least one condition (34) is satisfied; and aborting (46) the uninstall when at least one condition (34) is not satisfied.
摘要翻译： Apparati，方法和计算机可读介质，用于防止在计算机上未经授权的安装和卸载软件模块。本发明的一个方法实施例包括以下步骤：修改卸载指令文件（32）以包括发明属性（33）和至少一个预先选择的卸载条件（34）; 检测（42）打开所述卸载指令文件（32）的尝试; 检查（43）卸载指令文件（32）以存在所述发明属性（33）; 确定（45）是否满足所述至少一个条件（34）; 并且当不满足至少一个条件（34）时，中止（46）卸载。

36. 发明申请

US20090089814A1 METHODS AND SYSTEMS FOR CONFIGURING A SPECIFIC-USE COMPUTING SYSTEM 有权
标题翻译：用于配置特定计算机系统的方法和系统
公开(公告)号：US20090089814A1
公开(公告)日：2009-04-02
申请号：US11864957
申请日：2007-09-29
申请人： Mark Kennedy , Mark Obrecht
发明人： Mark Kennedy , Mark Obrecht
IPC分类号： G06F13/00
CPC分类号： G06F21/51 , G06F2221/2153
摘要： Systems and methods for configuring a specific-use computing system are disclosed. A computing system may comprise a first set of predetermined application programs and a processor limited to executing the first set of predetermined application programs and pre-approved application programs received from a pre-approved computing device. The computing system may also include a communication interface configured to enable communication between the first computing system and the pre-approved computing device. Exemplary methods and computer-readable media are also enclosed.
摘要翻译：公开了用于配置特定用途计算系统的系统和方法。计算系统可以包括第一组预定应用程序和处理器，该处理器被限制为执行从预先认可的计算设备接收的第一组预定应用程序和预先批准的应用程序。计算系统还可以包括被配置为实现第一计算系统和预先认可的计算设备之间的通信的通信接口。示例性方法和计算机可读介质也被封闭。

37. 外观设计

USD411731S Padlocking hasp 失效
公开(公告)号：USD411731S
公开(公告)日：1999-06-29
申请号：US80247
申请日：1997-12-05
申请人： Burl Finkelstein , Mark Kennedy
设计人： Burl Finkelstein , Mark Kennedy

38. 发明授权

US08381302B1 Systems and methods for translating non-comparable values into comparable values for use in heuristics 有权
标题翻译：将不可比值翻译成可比值以用于启发式的系统和方法
公开(公告)号：US08381302B1
公开(公告)日：2013-02-19
申请号：US12558845
申请日：2009-09-14
申请人： Mark Kennedy , Abubakar Wawda
发明人： Mark Kennedy , Abubakar Wawda
IPC分类号： G06F21/00
CPC分类号： G06F21/55 , G06F21/56
摘要： An exemplary method for translating non-comparable values into comparable values for use in heuristics may include: 1) identifying a data object, 2) identifying a non-comparable value associated with the data object, 3) translating the non-comparable value into a comparable value, and then 4) processing the comparable value in a heuristic. In some examples, the heuristic may include a malware-detection heuristic, such as a decision tree.
摘要翻译：用于将不可比值转换为用于启发式的可比值的示例性方法可以包括：1）识别数据对象，2）识别与数据对象相关联的不可比值，3）将不可比值翻译成可比价值，然后4）在启发式中处理可比价值。在一些示例中，启发式可以包括恶意软件检测启发式，例如决策树。

39. 发明授权

US08353038B1 Monitoring and managing changes to non-structured storage of system configuration information 有权
标题翻译：监视和管理对系统配置信息的非结构化存储的更改
公开(公告)号：US08353038B1
公开(公告)日：2013-01-08
申请号：US11386573
申请日：2006-03-21
申请人： Mark Kennedy
发明人： Mark Kennedy
IPC分类号： G06F11/00
CPC分类号： G06F11/3034 , G06F11/3051 , G06F21/56
摘要： A configuration information manager monitors attempts by processes to update non-structured storage of system configuration information, such as plain text files which contain system configuration information. When such an attempt is made, the configuration information manager makes a copy of the target file, and redirects the write operation to this copy. The configuration information manager then analyzes the process that did the writing, as well as the content that was written. If the process and/or the content is deemed to be suspicious, the changes will be logged and discarded, thus protecting the system. Should the changes be deemed legitimate, then the configuration information manager folds them into the real file, typically in an annotated manner, so as enable subsequent reversion of the changes as desired.
摘要翻译：配置信息管理器监视进程的尝试，以更新系统配置信息的非结构化存储，例如包含系统配置信息的明文文件。当进行这样的尝试时，配置信息管理器制作目标文件的副本，并将写入操作重定向到该副本。配置信息管理器然后分析写入的过程以及写入的内容。如果过程和/或内容被认为是可疑的，则将记录和丢弃更改，从而保护系统。如果这些更改被认为是合法的，则配置信息管理器将它们折叠成真实的文件，通常以注释的方式，以便根据需要启用后续的更改。

40. 发明授权

US08352438B1 Systems and methods for contextual evaluation of files for use in file restoration 有权
标题翻译：用于文件恢复的文件的上下文评估的系统和方法
公开(公告)号：US08352438B1
公开(公告)日：2013-01-08
申请号：US12882497
申请日：2010-09-15
申请人： Mark Kennedy
发明人： Mark Kennedy
IPC分类号： G06F7/00 , G06F17/00
CPC分类号： G06F21/568
摘要： A method for contextual evaluation of files for use in file restoration. The method may include receiving a request to replace a damaged file on a computing system with a clean instance of the damaged file and identifying a clean file that corresponds to the damaged file. The method may also include identifying at least one file set that includes the clean file. The method may further include evaluating the suitability of the clean file for use as a replacement for the damaged file by: 1) determining whether the computing system includes an instance of each file in the file set and 2) deciding, based on the determination of whether the computing system includes an instance of each file in the file set, whether to replace the damaged file with the clean file. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于文件恢复的文件的上下文评估方法。该方法可以包括使用损坏文件的干净实例来接收用计算系统替换损坏文件的请求，并且识别与损坏文件相对应的干净文件。该方法还可以包括识别包括干净文件的至少一个文件集。该方法可以进一步包括：通过以下操作来评估干净文件用于替换损坏文件的适用性：1）确定计算系统是否包括文件集中的每个文件的实例，以及2）基于计算系统是否包括文件集中的每个文件的实例，是否用干净的文件替换损坏的文件。还公开了各种其它方法，系统和计算机可读介质。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式