专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08627463B1 Systems and methods for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions 有权
标题翻译：使用信誉信息评估通过洪流交易获得的文件的可信赖性的系统和方法
公开(公告)号：US08627463B1
公开(公告)日：2014-01-07
申请号：US12880581
申请日：2010-09-13
申请人： Adam Glick , Nicholas Graf , Spencer Smith
发明人： Adam Glick , Nicholas Graf , Spencer Smith
IPC分类号： G06F11/00
CPC分类号： H04L63/1408 , G06F17/30206 , G06F21/56 , G06F2221/033 , H04L63/12 , H04L63/1416 , H04L63/145
摘要： A computer-implemented method for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions may include (1) identifying a torrent file that includes metadata for facilitating a torrent transaction for obtaining a target file via a peer-to-peer file-sharing protocol, (2) identifying at least one entity involved in the torrent transaction, (3) obtaining reputation information associated with the entity involved in the torrent transaction, wherein the reputation information identifies a community's opinion on the trustworthiness of the entity, (4) determining, based at least in part on the reputation information associated with the entity involved in the torrent transaction, that the target file represents a potential security risk, and then (5) performing a security action on the target file. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于使用信誉信息来评估通过种子事务获得的文件的可信赖性的计算机实现的方法可以包括（1）识别包括元数据的torrent文件，以便于通过点对点文件获取目标文件的洪流事务，（2）确定洪流交易中涉及到的至少一个实体，（3）获取与洪流交易相关的实体相关的信誉信息，其中信誉信息识别社区对该实体的可信度的意见（4 ）至少部分地基于与所述洪流事务中涉及的实体相关联的信誉信息确定所述目标文件表示潜在的安全风险，然后（5）对所述目标文件执行安全动作。还公开了各种其它方法，系统和计算机可读介质。

2. 发明授权

US08402539B1 Systems and methods for detecting malware 有权
标题翻译：用于检测恶意软件的系统和方法
公开(公告)号：US08402539B1
公开(公告)日：2013-03-19
申请号：US13227997
申请日：2011-09-08
申请人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
发明人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F15/16 , G06F11/30
CPC分类号： G06F21/566 , H04L63/1416
摘要： A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.
摘要翻译：用于检测恶意软件的方法可以包括：1）接收确定从客户端设备到服务器的连接是否被阻止的请求，2）尝试从客户端设备的内核模式连接到服务器，3）客户端设备从内核模式成功连接到服务器，4）尝试从客户端设备的用户模式连接到服务器; 5）确定客户端设备没有从用户模式成功连接到服务器; 6）基于客户端设备从内核模式成功地连接到服务器并且未能从用户模式连接到服务器，该恶意软件阻止从客户端设备到服务器的连接，以及7）响应于确定恶意软件阻止连接，执行至少一个安全措施。

3. 发明授权

US07917952B1 Replace malicious driver at boot time 有权
标题翻译：在启动时更换恶意驱动程序
公开(公告)号：US07917952B1
公开(公告)日：2011-03-29
申请号：US11873583
申请日：2007-10-17
申请人： Adam Glick , David Kane , Yung-Shuo Lin
发明人： Adam Glick , David Kane , Yung-Shuo Lin
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F11/30
CPC分类号： G06F21/568 , G06F21/575
摘要： A malicious driver replacement application is installed on a host computer system and registered as a boot execute application. On notification of a malicious driver detection, the malicious driver replacement application reboots the host computer system and locks the volume of a storage disk containing the malicious driver. The malicious driver is replaced directly on the storage disk with a dummy driver having innocuous code. The malicious driver replacement application reboots the host computer system, and on reboot of the host computer system, the dummy driver is loaded rather than the malicious driver thus preventing the malicious driver from interfering with the standard operating system routines and allowing the malicious driver to be remediated.
摘要翻译：恶意的驱动程序更换应用程序安装在主机系统上并注册为启动执行应用程序。在通知恶意驱动程序检测时，恶意驱动程序替换应用程序重新启动主机系统，并锁定包含恶意驱动程序的存储磁盘的卷。恶意驱动程序直接在存储磁盘上替换为具有无害代码的虚拟驱动程序。恶意驱动程序更换应用程序重新启动主机系统，并且在重新启动主机系统时，加载虚拟驱动程序而不是恶意驱动程序，从而防止恶意驱动程序干扰标准操作系统程序，并允许恶意驱动程序补救

4. 发明授权

US08914888B1 Systems and methods for classifying an unclassified process as a potential trusted process based on dependencies of the unclassified process 有权
标题翻译：基于未分类过程的依赖关系将未分类过程分类为潜在可信过程的系统和方法
公开(公告)号：US08914888B1
公开(公告)日：2014-12-16
申请号：US12603429
申请日：2009-10-21
申请人： Sourabh Satish , Shane Pereira , Adam Glick
发明人： Sourabh Satish , Shane Pereira , Adam Glick
IPC分类号： G06F11/00
CPC分类号： H04L63/145 , G06F21/57 , G06F2221/2145
摘要： A computer-implemented method for classifying an unclassified process as a potentially trusted process based on dependencies of the unclassified process is described. A component loaded by the unclassified process is identified. A determination is made as to whether a hard dependency exists between the unclassified process and the loaded component. A hard dependency exists if the unclassified process depends on the loaded component in order to execute. The unclassified process is classified as a potentially trusted process if a hard dependency exists between the unclassified process and the loaded component.
摘要翻译：描述了一种用于将未分类过程分类为基于未分类过程的依赖性的潜在受信任过程的计算机实现的方法。识别由未分类过程加载的组件。确定在未分类的进程和加载的组件之间是否存在硬依赖关系。如果未分类的进程依赖于加载的组件来执行，则存在硬依赖性。如果未分类的进程和加载的组件之间存在硬依赖关系，则未分类进程被分类为潜在的可信任进程。

5. 发明授权

US08656489B1 Method and apparatus for accelerating load-point scanning 有权
标题翻译：用于加速加载点扫描的方法和装置
公开(公告)号：US08656489B1
公开(公告)日：2014-02-18
申请号：US11864955
申请日：2007-09-29
申请人： Adam Glick
发明人： Adam Glick
IPC分类号： G06F21/00
CPC分类号： G06F21/562 , G06F21/564
摘要： A method and apparatus for accelerating a load point scanning process. In one embodiment, the method and apparatus comprise creating, at an initial scan, a detection area map identifying files referenced by detection areas. Upon a subsequent scan, determining whether the detection area has changed with respect to the detection area map. If the detection area map has changed, re-evaluating the detection area and repopulating the detection area map entry. In another embodiment, the method and apparatus avoid rescanning files as allowed using information in a file attribute cache.
摘要翻译：一种用于加速加载点扫描过程的方法和装置。在一个实施例中，所述方法和装置包括在初始扫描时创建识别由检测区域引用的文件的检测区域图。在随后的扫描中，确定检测区域是否相对于检测区域图变化。如果检测区域图已经改变，重新评估检测区域并重新填充检测区域图条目。在另一个实施例中，该方法和装置避免使用文件属性高速缓存中的信息来允许重新扫描文件。

6. 发明授权

US07926106B1 Utilizing early exclusive volume access and direct volume manipulation to remove protected files 有权
标题翻译：利用早期专用卷访问和直接卷操作来删除受保护的文件
公开(公告)号：US07926106B1
公开(公告)日：2011-04-12
申请号：US11400538
申请日：2006-04-06
申请人： Mark Kennedy , Michael Spertus , Peter Linhardt , Richard Gough , Adam Glick , Patrick Gardner , Spencer Smith , Tim Naftel
发明人： Mark Kennedy , Michael Spertus , Peter Linhardt , Richard Gough , Adam Glick , Patrick Gardner , Spencer Smith , Tim Naftel
IPC分类号： G06F11/00
CPC分类号： G06F21/568
摘要： Upon detection of a rootkit, a host computer system is rebooted. The boot process is interrupted. Access to a media, e.g., a volume or disk, containing the rootkit is gained and the media is directly accessed. The rootkit is disabled, e.g., renamed or deleted, and the host computer system is rebooted a second time. If the rootkit has not been previously removed, e.g., only renamed, the rootkit is removed, e.g., using a conventional antivirus application. Thus, upon detection of a rootkit, the rootkit is removed without a clean boot.
摘要翻译：在检测到rootkit后，重新启动主机系统。引导过程中断。获得对包含rootkit的媒体（例如卷或磁盘）的访问，并直接访问媒体。 rootkit被禁用，例如重命名或删除，并且主计算机系统第二次重新启动。如果rootkit尚未被除去，例如，仅被重命名，则rootkit被去除，例如使用传统的防病毒应用程序。因此，在检测到一个rootkit后，rootkit将被删除而无需干净启动。

7. 发明授权

US08904538B1 Systems and methods for user-directed malware remediation 有权
标题翻译：用于用户导向的恶意软件修复的系统和方法
公开(公告)号：US08904538B1
公开(公告)日：2014-12-02
申请号：US13419360
申请日：2012-03-13
申请人： Adam Glick , Spencer Smith , Nicholas Graf
发明人： Adam Glick , Spencer Smith , Nicholas Graf
IPC分类号： G06F21/00 , G06F21/56
CPC分类号： G06F21/56 , G06F21/567 , G06F21/568 , G06F21/577 , H04L63/145
摘要： A computer-implemented method for user-directed malware remediation may include 1) identifying a window within a graphical user interface of a computing environment, 2) identifying a user-directed interface event directed at the window, 3) determining, based at least in part on the user-directed interface event, that a process represented by the window poses a security risk, and 4) performing a remediation action on the process based on determining that the process poses the security risk. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于用户导向的恶意软件修复的计算机实现的方法可以包括：1）识别计算环境的图形用户界面内的窗口，2）识别指向该窗口的用户导向的接口事件，3）至少基于部分用户导向的接口事件，由窗口表示的进程造成安全风险，以及4）基于确定该过程造成安全风险，对进程执行修复操作。还公开了各种其它方法，系统和计算机可读介质。

8. 发明授权

US08844024B1 Systems and methods for using tiered signing certificates to manage the behavior of executables 有权
标题翻译：使用分层签名证书来管理可执行文件的行为的系统和方法
公开(公告)号：US08844024B1
公开(公告)日：2014-09-23
申请号：US12408950
申请日：2009-03-23
申请人： Nicholas Graf , Spencer Smith , Adam Glick
发明人： Nicholas Graf , Spencer Smith , Adam Glick
IPC分类号： G06F21/00 , G06F21/44
CPC分类号： G06F21/44 , G06F21/53
摘要： Computer-implemented methods and systems for using tiered signing certificates to manage the behavior of executables are disclosed. In one example, a method for performing such a task may include: 1) identifying an executable file, 2) identifying a signing certificate associated with the executable file, 3) identifying, within the signing certificate, a privilege level associated with the executable file, and then 4) managing behavior of the executable file in accordance with the privilege level associated with the executable file. Corresponding methods and systems for generating tiered signing certificates for executable files are also disclosed.
摘要翻译：公开了使用分层签名证书来管理可执行文件行为的计算机实现的方法和系统。在一个示例中，用于执行这样的任务的方法可以包括：1）识别可执行文件，2）识别与可执行文件相关联的签名证书，3）在签名证书内识别与可执行文件相关联的特权级别，然后4）根据与可执行文件相关联的权限级别来管理可执行文件的行为。还公开了用于生成可执行文件的分层签名证书的相应方法和系统。

9. 发明授权

US08782790B1 Signature creation for malicious network traffic 有权
标题翻译：恶意网络流量的签名创建
公开(公告)号：US08782790B1
公开(公告)日：2014-07-15
申请号：US12709432
申请日：2010-02-19
申请人： Spencer Smith , Adam Glick , Nicholas Graf , Uriel Mann
发明人： Spencer Smith , Adam Glick , Nicholas Graf , Uriel Mann
IPC分类号： H04L29/06
CPC分类号： H04L63/1441 , H04L63/1416
摘要： An endpoint on a network uses detection data to detect a malicious software attack. The endpoint identifies content associated with the attack, such as a component of a web page, and generates a description of the content. The endpoint sends the description to a security server. The security server analyzes the content and identifies characteristics of the content that are present when the content is carried by network traffic. The security server generates a traffic signature that specifies the identified characteristics and provides the traffic signature to inspection points. The inspection points, in turn, use the traffic signature to examine network traffic passing through the inspection points to detect network traffic carrying the content. The attack detection at the endpoint thus informs the traffic signature-based detection at the inspection points and reduces the spread of malicious software.
摘要翻译：网络上的端点使用检测数据来检测恶意软件攻击。端点识别与攻击相关联的内容，例如网页的组件，并生成内容的描述。端点将说明发送到安全服务器。安全服务器分析内容并识别内容由网络流量携带时存在的内容的特征。安全服务器生成指定已识别特征的流量签名，并向检查点提供流量签名。检查点依次使用流量签名来检查通过检查点的网络流量，以检测携带内容的网络流量。因此，端点的攻击检测通知了检查点的基于流量签名的检测，减少了恶意软件的传播。

10. 发明授权

US08621632B1 Systems and methods for locating malware 有权
标题翻译：查找恶意软件的系统和方法
公开(公告)号：US08621632B1
公开(公告)日：2013-12-31
申请号：US12470312
申请日：2009-05-21
申请人： Spencer Smith , Adam Glick , Nicholas Graf
发明人： Spencer Smith , Adam Glick , Nicholas Graf
IPC分类号： H04L29/06
CPC分类号： G06F21/566 , H04L63/1425
摘要： A computer-implemented method for locating malware may include identifying a malicious behavior in a computing system. The computer-implemented method may also include determining that the malicious behavior arises from a set of interrelated executable objects. The computer-implemented method may further include identifying an executable object recently added to the set of interrelated executable objects. The computer-implemented method may additionally include attributing the malicious behavior to the recently added executable object based on when the recently added executable object was added to the set of interrelated executable objects. The computer-implemented method may also include performing a security action on the recently added executable object. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于定位恶意软件的计算机实现的方法可以包括识别计算系统中的恶意行为。计算机实现的方法还可以包括确定恶意行为是由一组相互关联的可执行对象产生的。计算机实现的方法还可以包括识别最近添加到相关联的可执行对象集合中的可执行对象。计算机实现的方法可以另外包括基于最近添加的可执行对象何时添加到相关联的可执行对象的集合，将恶意行为归因于最近添加的可执行对象。计算机实现的方法还可以包括对最近添加的可执行对象执行安全动作。还公开了各种其它方法，系统和计算机可读介质。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式