专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20060242709A1 Protecting a computer that provides a Web service from malware 有权
公开(公告)号：US20060242709A1
公开(公告)日：2006-10-26
申请号：US11112507
申请日：2005-04-21
申请人： Marc Seinfeld , Adrian Marinescu , Charles Kaufman , Jeffrey Cooperstein , Michael Kramer
发明人： Marc Seinfeld , Adrian Marinescu , Charles Kaufman , Jeffrey Cooperstein , Michael Kramer
IPC分类号： G06F12/14
CPC分类号： G06F21/564 , G06F21/56 , H04L63/1408 , H04L63/168
摘要： In accordance with the present invention, a system, method, and computer-readable medium for identifying malware in a request to a Web service is provided. One aspect of the present invention is a computer-implemented method for protecting a computer that provides a Web service from malware made in a Web request. When a request is received, an on-demand compilation system compiles high-level code associated with the request into binary code that may be executed. However, before the code is executed, antivirus software designed to identify malware scans the binary code for malware. If malware is identified, the antivirus software prevents the binary code associated with the request from being executed.

2. 发明申请

US20060224724A1 Latency free scanning of malware at a network transit point 有权
标题翻译：在网络转接点，不间断地扫描恶意软件
公开(公告)号：US20060224724A1
公开(公告)日：2006-10-05
申请号：US11097060
申请日：2005-03-31
申请人： Adrian Marinescu , Marc Seinfeld , Michael Kramer , Yigal Edery
发明人： Adrian Marinescu , Marc Seinfeld , Michael Kramer , Yigal Edery
IPC分类号： G06F15/173
CPC分类号： H04L63/0209 , H04L63/1416 , H04L63/145
摘要： In accordance with the present invention, a system, method, and computer-readable medium for identifying malware at a network transit point such as a computer that serves as a gateway to an internal or private network is provided. A network transmission is scanned for malware at a network transit point without introducing additional latency to the transmission of data over the network. In accordance with one aspect of the present invention, a computer-implemented method for identifying malware at a network transit point is provided. More specifically, when a packet in a transmission is received at the network transit point, the packet is immediately forwarded to the target computer. Simultaneously, the packet and other data in the transmission are scanned for malware by an antivirus engine. If malware is identified in the transmission, the target computer is notified that the transmission contains malware.
摘要翻译：根据本发明，提供了一种系统，方法和计算机可读介质，用于在诸如用作内部或专用网络的网关的计算机之类的网络转接点处识别恶意软件。在网络传输点扫描网络传输恶意软件，而不会对网络上的数据传输造成额外的延迟。根据本发明的一个方面，提供了一种用于在网络中转点识别恶意软件的计算机实现的方法。更具体地，当在网络转接点接收到传输中的分组时，该分组立即被转发到目标计算机。同时，传输中的数据包和其他数据由防病毒引擎扫描恶意软件。如果在传输中识别到恶意软件，则通知目标计算机该传输包含恶意软件。

3. 发明申请

US20060137010A1 Method and system for a self-healing device 有权
标题翻译：自愈装置的方法和系统
公开(公告)号：US20060137010A1
公开(公告)日：2006-06-22
申请号：US11018412
申请日：2004-12-21
申请人： Michael Kramer , Scott Field , Marc Seinfeld , Carl Carter-Schwendler , Paul Luber , Adrian Marinescu
发明人： Michael Kramer , Scott Field , Marc Seinfeld , Carl Carter-Schwendler , Paul Luber , Adrian Marinescu
IPC分类号： G06F12/14
CPC分类号： G06F21/568 , G06F21/554 , Y10S707/99953
摘要： A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes were made, whether the changes were bona fide or malware induced, whether the changes were made after the time that the infection likely occurred, and whether new software was installed.
摘要翻译：提供了一种自愈设备，其中，可以在至少部分地恢复在检测到由设备的攻击引起的感染的时间与设备能够恢复到的较早时间点之间进行的改变关于什么样的变化，这些变化是真正的还是恶意软件引起的，这些变化是否在感染可能发生的时间之后进行，以及是否安装了新的软件。

4. 发明申请

US20060130141A1 System and method of efficiently identifying and removing active malware from a computer 有权
标题翻译：从计算机有效识别和删除活动恶意软件的系统和方法
公开(公告)号：US20060130141A1
公开(公告)日：2006-06-15
申请号：US11012892
申请日：2004-12-15
申请人： Michael Kramer , Matthew Braverman , Marc Seinfeld , Jason Garms , Adrian Marinescu , George Chicioreanu , Scott Field
发明人： Michael Kramer , Matthew Braverman , Marc Seinfeld , Jason Garms , Adrian Marinescu , George Chicioreanu , Scott Field
IPC分类号： G06F12/14
CPC分类号： H04L63/1408 , G06F21/562
摘要： The present invention provides a system, method, and computer-readable medium for identifying and removing active malware from a computer. Aspects of the present invention are included in a cleaner tool that may be obtained automatically with an update service or may be downloaded manually from a Web site or similar distribution system. The cleaner tool includes a specialized scanning engine that searches a computer for active malware. Since the scanning engine only searches for active malware, the amount of data downloaded and resource requirements of the cleaner tool are less than traditional antivirus software. The scanning engine searches specific locations on a computer, such as data mapped in memory, configuration files, and file metadata for data characteristic of malware. If malware is detected, the cleaner tool removes the malware from the computer.
摘要翻译：本发明提供一种用于从计算机识别和去除活动恶意软件的系统，方法和计算机可读介质。本发明的方面包括在可以使用更新服务自动获得的清洁工具中，或者可以从网站或类似的分发系统手动下载。更清洁的工具包括专门的扫描引擎，可在计算机上搜索主动恶意软件。由于扫描引擎仅搜索活动的恶意软件，所以下载的数据量和清洁工具的资源需求比传统的防病毒软件要少。扫描引擎在计算机上搜索特定位置，例如映射到内存中的数据，配置文件和文件元数据，以便恶意软件的特征。如果检测到恶意软件，则清洁工具会从计算机中删除恶意软件。

5. 发明申请

US20060259974A1 System and method of opportunistically protecting a computer from malware 有权
公开(公告)号：US20060259974A1
公开(公告)日：2006-11-16
申请号：US11130570
申请日：2005-05-16
申请人： Adrian Marinescu , Marc Seinfeld , Matthew Braverman
发明人： Adrian Marinescu , Marc Seinfeld , Matthew Braverman
IPC分类号： G06F11/00
CPC分类号： G06F21/56 , G06F21/568 , G06F21/577 , G06F2221/2115 , H04L63/1416 , H04L63/1433
摘要： The present invention provides a system, method, and computer-readable medium that opportunistically install a software update on a computer that closes a vulnerability that existed on the computer. In accordance with one aspect of the present invention, when antivirus software on a computer identifies malware, a method causes a software update that closes the vulnerability exploited by the malware to be installed on the computer. The method includes identifying the vulnerability exploited by the malware, using a software update system to obtain a software update that is configured to close the vulnerability; and causing the software update to be installed on the computer where the vulnerability exists.

6. 发明申请

US20110314543A1 SYSTEM STATE BASED DIAGNOSTIC SCAN 有权
标题翻译：基于系统状态的诊断扫描
公开(公告)号：US20110314543A1
公开(公告)日：2011-12-22
申请号：US12816567
申请日：2010-06-16
申请人： Randal P. Treit , Joseph J. Johnson , Adrian Marinescu , Nitin Sood , Marc E. Seinfeld
发明人： Randal P. Treit , Joseph J. Johnson , Adrian Marinescu , Nitin Sood , Marc E. Seinfeld
IPC分类号： G06F21/00
CPC分类号： G06F21/577
摘要： In some embodiments, a local agent on a target system may evaluate current and/or historical system state information from a store (either local or remote) and dynamically adjust the level of diagnosis performed during the scan based on the evaluated state information. Individual diagnostic scans may, for example, be enabled and disabled based on the context in the store, and each scan may update the context for further evaluation. By employing such an approach, systems with a low risk profile and lacking symptoms of a problem may be scanned quickly while systems that show signs of a problem or have a high risk profile may receive a more thorough evaluation.
摘要翻译：在一些实施例中，目标系统上的本地代理可以从存储（本地或远程）评估当前和/或历史系统状态信息，并且基于所评估的状态信息动态地调整在扫描期间执行的诊断级别。例如，可以基于商店中的上下文来启用和禁用各个诊断扫描，并且每个扫描可以更新上下文以供进一步评估。通过采用这种方法，可以快速扫描具有低风险概况和缺乏问题症状的系统，而显示问题迹象或具有高风险特征的系统可能会得到更彻底的评估。

7. 发明申请

US20070130621A1 Controlling the isolation of an object 有权
标题翻译：控制对象的隔离
公开(公告)号：US20070130621A1
公开(公告)日：2007-06-07
申请号：US11294835
申请日：2005-12-06
申请人： Adrian Marinescu , Neill Clift
发明人： Adrian Marinescu , Neill Clift
IPC分类号： H04L9/32 , G06F12/14 , G06F11/00 , G06K9/00 , G06F17/30 , G06F12/16 , G06F7/04 , G06F15/18 , G08B23/00
CPC分类号： G06F21/6281 , G06F21/52 , G06F2221/2147 , G06F2221/2149
摘要： Generally described, a method, software system, and computer-readable medium are provided for preventing a malware from colliding on a named object. In accordance with one aspect, a method is provided for creating a private namespace. More specifically, the method includes receiving a request to create a private namespace that contains data for defining the boundary of the private namespace from the current process. Then a determination is made regarding whether a principle associated with the current process has the security attributes that are alleged in the request. In this regard, if the principle that is associated with the current process has the security attributes that are alleged in the request, the method creates a container object to implement the private namespace that is defined by the data received in the request.
摘要翻译：通常描述，提供了一种方法，软件系统和计算机可读介质，用于防止恶意软件与命名对象冲突。根据一个方面，提供了一种创建私有命名空间的方法。更具体地，该方法包括接收创建私有命名空间的请求，该私有命名空间包含用于从当前进程定义私有命名空间的边界的数据。然后确定与当前进程相关联的原则是否具有在请求中被指称的安全属性。在这方面，如果与当前进程相关联的原则具有在请求中声称的安全属性，则该方法将创建一个容器对象来实现由请求中接收的数据定义的私有命名空间。

8. 发明申请

US20060288416A1 System and method for efficiently scanning a file for malware 有权
标题翻译：用于高效扫描恶意软件文件的系统和方法
公开(公告)号：US20060288416A1
公开(公告)日：2006-12-21
申请号：US11154267
申请日：2005-06-16
申请人： Mihai Costea , Adrian Bivol , Adrian Marinescu , Anil Thomas , Cenk Ergan , David Goebel , George Chicioreanu , Marius Gheorghescu , Michael Fortin
发明人： Mihai Costea , Adrian Bivol , Adrian Marinescu , Anil Thomas , Cenk Ergan , David Goebel , George Chicioreanu , Marius Gheorghescu , Michael Fortin
IPC分类号： G06F12/14
CPC分类号： G06F21/51 , G06F21/566
摘要： The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect of the present invention is a method that identifies a pattern in which data in a file is loaded into memory from a computer-readable medium. Then the method identifies a pattern in which data in the file may be loaded into memory in a way that minimizes the time required to read data in the file. When a subsequent scan of the file is scheduled to occur, the method causes data in the file to be loaded in memory using the pattern that minimizes the time required to read data in the file.
摘要翻译：本发明涉及一种用于将数据有效地加载到存储器中以便扫描恶意软件的数据的系统，方法和计算机可读介质。本发明提供的逻辑提高了用户在操作受防病毒软件保护的计算机时的体验。本发明的一个方面是从计算机可读介质中识别文件中的数据被加载到存储器中的模式的方法。然后，该方法识别可以以最小化在文件中读取数据所需的时间的方式将文件中的数据加载到存储器中的模式。当调度文件的后续扫描时，该方法会使文件中的数据使用最小化文件中读取数据所需的时间的模式加载到内存中。

9. 发明申请

US20060161988A1 Privacy friendly malware quarantines 有权
标题翻译：隐私权恶意软件隔离
公开(公告)号：US20060161988A1
公开(公告)日：2006-07-20
申请号：US11035584
申请日：2005-01-14
申请人： Mihai Costea , Adrian Marinescu , Anil Thomas , Gheorghe Gheorghescu , Kyle Larsen , Vadim Bluvstein
发明人： Mihai Costea , Adrian Marinescu , Anil Thomas , Gheorghe Gheorghescu , Kyle Larsen , Vadim Bluvstein
IPC分类号： G06F11/00
CPC分类号： G06F21/56 , G06F21/6209 , G06F21/64
摘要： The present invention provides a system, method, and computer-readable medium for quarantining a file. Embodiments of the present invention are included in antivirus software that maintains a user interface. From the user interface, a user may issue a command to quarantine a file or the quarantine process may be initiated automatically by the antivirus software after malware is identified. When a file is marked for quarantine, aspects of the present invention encode file data with a function that is reversible. Then a set of metadata is identified that describes attributes of the file including any heightened security features that are used to limit access to the file. The metadata is moved to a quarantine folder, while the encoded file remains at the same location in the file system. As a result, the encoded file maintains the same file attributes as the original, non-quarantined file, including any heightened security features.
摘要翻译：本发明提供了用于隔离文件的系统，方法和计算机可读介质。本发明的实施例包括在维护用户界面的防病毒软件中。从用户界面，用户可能会发出隔离文件的命令，或者在识别恶意软件后，防病毒软件可以自动启动隔离进程。当文件被标记为隔离区时，本发明的方面用可逆的功能对文件数据进行编码。然后识别一组描述文件属性的元数据，包括用于限制对文件访问的任何更高级的安全功能。元数据移动到隔离文件夹，而编码文件保留在文件系统中的相同位置。因此，编码文件保持与原始，未隔离文件相同的文件属性，包括任何更高级的安全功能。

10. 发明申请

US20050172337A1 System and method for unpacking packed executables for malware evaluation 有权
标题翻译：打包包装可执行文件进行恶意软件评估的系统和方法
公开(公告)号：US20050172337A1
公开(公告)日：2005-08-04
申请号：US10769103
申请日：2004-01-30
申请人： Daniel Bodorin , Adrian Marinescu
发明人： Daniel Bodorin , Adrian Marinescu
IPC分类号： G06F21/00 , H04L9/32
CPC分类号： G06F21/51 , G06F21/56
摘要： A system and method for determining whether a packed executable is malware is presented. In operation, a malware evaluator intercepts incoming data directed to a computer. The malware evaluator evaluates the incoming data to determine whether the incoming data is a packed executable. If the incoming data is a packed executable, the malware evaluator passes the packed executable to an unpacking module. The unpacking module includes a set of unpacker modules for unpacking a packed executable of a particular type. The unpacking module selects an unpacker module according to the type of the packed executable, and executes the selected unpacker module. Executing the unpacker module generates an unpacked executable corresponding to the packed executable. The unpacked executable is returned to the malware evaluator where it is evaluated to determine whether the packed executable is malware.
摘要翻译：提出了一种用于确定打包的可执行文件是否是恶意软件的系统和方法。在操作中，恶意软件评估器拦截指向计算机的传入数据。恶意软件评估程序评估传入数据以确定传入数据是否是打包的可执行文件。如果传入的数据是打包的可执行文件，则恶意软件评估程序将打包的可执行文件传递到拆包模块。拆包模块包括一组解包器模块，用于解包特定类型的打包可执行文件。解包模块根据打包的可执行文件的类型选择解包器模块，并执行所选的解包器模块。执行解包器模块生成与打包的可执行文件相对应的解包的可执行文件。解压缩的可执行文件被返回到恶意软件评估器，在其中进行评估，以确定打包的可执行文件是否为恶意软件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式