会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明申请
    • SHARED REPOSITORY OF MALWARE DATA
    • 共享恶意数据记录
    • US20100169972A1
    • 2010-07-01
    • US12347103
    • 2008-12-31
    • Chengi Jimmy KuoMarc SeinfeldJeff Williams
    • Chengi Jimmy KuoMarc SeinfeldJeff Williams
    • G06F21/00G06F17/00
    • H04L63/145G06F21/564
    • Various principles for maintaining a shared repository of authorization scanning results, which may be populated with results of authorization scans of particular files (and other content units) as well as a signature for those particular files. When a particular file is to be scanned by a client computing device to determine whether it contains unauthorized software, a signature for the file may be calculated and provided to the shared repository. If the repository has a result for that file—as indicated by a signature for the file being present in the repository—the result in the repository may be provided to the client computing device that issued the query, and the client computing device may accept the answer in the shared repository. If the result is not in the repository (i.e., the file has not been scanned), then the file may be scanned, and a result may be placed in the repository.
    • 用于维护授权扫描结果的共享存储库的各种原则,其可以用特定文件(和其他内容单元)的授权扫描结果以及这些特定文件的签名来填充。 当客户端计算设备扫描特定文件以确定其是否包含未授权的软件时,可以计算文件的签名并将其提供给共享存储库。 如果存储库具有该文件的结果(如存储在存储库中的文件的签名所示),则存储库中的结果可以被提供给发出查询的客户端计算设备,并且客户端计算设备可以接受 在共享存储库中回答。 如果结果不在存储库中(即文件未被扫描),则可以扫描该文件,并将结果放置在存储库中。
    • 7. 发明申请
    • COLLECTING AND ANALYZING MALWARE DATA
    • 收集和分析恶意软件数据
    • US20100077481A1
    • 2010-03-25
    • US12234717
    • 2008-09-22
    • Alexey PolyakovMarc SeinfeldJigar J. ModyNing SunTony LeeChengyun Chu
    • Alexey PolyakovMarc SeinfeldJigar J. ModyNing SunTony LeeChengyun Chu
    • G06F21/00
    • G06F21/552G06F21/568
    • A malware analysis system is described that provides information about malware execution history on a client computer and allows automated back-end analysis for faster creation of identification signatures and removal instructions. The malware analysis system collects threat information on client computers and sends the threat information to a back-end analysis component for automated analysis. The back-end analysis component analyzes the threat information by comparing the threat information to information about known threats. The system builds a signature for identifying the threat family and a mitigation script for neutralizing the threat. The system sends the signature and mitigation data to client computers, which use the information to mitigate the threat. Thus, the malware analysis system detects and mitigates threats more quickly than previous systems by reducing the burden on technicians to manually create environments for reproducing the threats and manually analyze the threat behavior.
    • 描述了恶意软件分析系统,其提供关于客户端计算机上的恶意软件执行历史的信息,并允许自动后端分析,以更快地创建身份签名和删除指令。 恶意软件分析系统在客户端计算机上收集威胁信息,并将威胁信息发送到后端分析组件进行自动分析。 后端分析组件通过将威胁信息与已知威胁信息进行比较来分析威胁信息。 该系统构建一个用于识别威胁系列的签名和用于中和威胁的缓解脚本。 系统将签名和缓解数据发送到客户端计算机,客户端计算机使用该信息来减轻威胁。 因此,恶意软件分析系统通过减轻技术人员手动创建用于再现威胁的环境并手动分析威胁行为的负担,可以更快地检测和减轻威胁。
    • 8. 发明申请
    • Latency free scanning of malware at a network transit point
    • 在网络转接点,不间断地扫描恶意软件
    • US20060224724A1
    • 2006-10-05
    • US11097060
    • 2005-03-31
    • Adrian MarinescuMarc SeinfeldMichael KramerYigal Edery
    • Adrian MarinescuMarc SeinfeldMichael KramerYigal Edery
    • G06F15/173
    • H04L63/0209H04L63/1416H04L63/145
    • In accordance with the present invention, a system, method, and computer-readable medium for identifying malware at a network transit point such as a computer that serves as a gateway to an internal or private network is provided. A network transmission is scanned for malware at a network transit point without introducing additional latency to the transmission of data over the network. In accordance with one aspect of the present invention, a computer-implemented method for identifying malware at a network transit point is provided. More specifically, when a packet in a transmission is received at the network transit point, the packet is immediately forwarded to the target computer. Simultaneously, the packet and other data in the transmission are scanned for malware by an antivirus engine. If malware is identified in the transmission, the target computer is notified that the transmission contains malware.
    • 根据本发明,提供了一种系统,方法和计算机可读介质,用于在诸如用作内部或专用网络的网关的计算机之类的网络转接点处识别恶意软件。 在网络传输点扫描网络传输恶意软件,而不会对网络上的数据传输造成额外的延迟。 根据本发明的一个方面,提供了一种用于在网络中转点识别恶意软件的计算机实现的方法。 更具体地,当在网络转接点接收到传输中的分组时,该分组立即被转发到目标计算机。 同时,传输中的数据包和其他数据由防病毒引擎扫描恶意软件。 如果在传输中识别到恶意软件,则通知目标计算机该传输包含恶意软件。
    • 10. 发明申请
    • Optimizing malware recovery
    • 优化恶意软件恢复
    • US20070006304A1
    • 2007-01-04
    • US11172373
    • 2005-06-30
    • Michael KramerScott FieldMarc Seinfeld
    • Michael KramerScott FieldMarc Seinfeld
    • G06F12/14
    • G06F21/554G06F21/55G06F21/568H04L63/1416H04L63/1441
    • Malware recovery optimization is provided in which malware detection processes and protocol processes on a device are monitored for events indicating a breach of security of the device, such as the presence of an infection or other evidence of a malware attack. The devices report the events for collection on a centralized event collector that issues alerts of the events to other devices that may have been compromised as a result of the breach of security. Upon receipt of the alert, the receiving devices may initiate malware recovery optimization, including activating anti-virus software to initiate a targeted scan of those resources that may have been compromised. In this manner, malware recovery processes are optimized to recover the receiving device and/or resources when indicated.
    • 提供了恶意软件恢复优化,其中监视设备上的恶意软件检测过程和协议进程,以指示违反设备安全性的事件,例如是否存在感染或其他恶意软件攻击证据。 这些设备会报告在集中式事件收集器上收集的事件,从而将事件的警报发送到可能由于违反安全性而受到威胁的其他设备。 在接收到警报之后,接收设备可以启动恶意软件恢复优化,包括激活防病毒软件以对可能已经被泄露的那些资源进行有针对性的扫描。 以这种方式,恶意软件恢复过程被优化以在指示时恢复接收设备和/或资源。