会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Systems and methods for detecting malware
    • 用于检测恶意软件的系统和方法
    • US08402539B1
    • 2013-03-19
    • US13227997
    • 2011-09-08
    • Joseph ChenAdam GlickJeffrey Wilhelm
    • Joseph ChenAdam GlickJeffrey Wilhelm
    • H04L29/06G06F15/16G06F11/30
    • G06F21/566H04L63/1416
    • A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.
    • 用于检测恶意软件的方法可以包括:1)接收确定从客户端设备到服务器的连接是否被阻止的请求,2)尝试从客户端设备的内核模式连接到服务器,3) 客户端设备从内核模式成功连接到服务器,4)尝试从客户端设备的用户模式连接到服务器; 5)确定客户端设备没有从用户模式成功连接到服务器; 6) 基于客户端设备从内核模式成功地连接到服务器并且未能从用户模式连接到服务器,该恶意软件阻止从客户端设备到服务器的连接,以及7)响应于确定 恶意软件阻止连接,执行至少一个安全措施。
    • 4. 发明授权
    • Method and apparatus for accelerating load-point scanning
    • 用于加速加载点扫描的方法和装置
    • US08656489B1
    • 2014-02-18
    • US11864955
    • 2007-09-29
    • Adam Glick
    • Adam Glick
    • G06F21/00
    • G06F21/562G06F21/564
    • A method and apparatus for accelerating a load point scanning process. In one embodiment, the method and apparatus comprise creating, at an initial scan, a detection area map identifying files referenced by detection areas. Upon a subsequent scan, determining whether the detection area has changed with respect to the detection area map. If the detection area map has changed, re-evaluating the detection area and repopulating the detection area map entry. In another embodiment, the method and apparatus avoid rescanning files as allowed using information in a file attribute cache.
    • 一种用于加速加载点扫描过程的方法和装置。 在一个实施例中,所述方法和装置包括在初始扫描时创建识别由检测区域引用的文件的检测区域图。 在随后的扫描中,确定检测区域是否相对于检测区域图变化。 如果检测区域图已经改变,重新评估检测区域并重新填充检测区域图条目。 在另一个实施例中,该方法和装置避免使用文件属性高速缓存中的信息来允许重新扫描文件。
    • 6. 发明授权
    • Systems and methods for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions
    • 使用信誉信息评估通过洪流交易获得的文件的可信赖性的系统和方法
    • US08627463B1
    • 2014-01-07
    • US12880581
    • 2010-09-13
    • Adam GlickNicholas GrafSpencer Smith
    • Adam GlickNicholas GrafSpencer Smith
    • G06F11/00
    • H04L63/1408G06F17/30206G06F21/56G06F2221/033H04L63/12H04L63/1416H04L63/145
    • A computer-implemented method for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions may include (1) identifying a torrent file that includes metadata for facilitating a torrent transaction for obtaining a target file via a peer-to-peer file-sharing protocol, (2) identifying at least one entity involved in the torrent transaction, (3) obtaining reputation information associated with the entity involved in the torrent transaction, wherein the reputation information identifies a community's opinion on the trustworthiness of the entity, (4) determining, based at least in part on the reputation information associated with the entity involved in the torrent transaction, that the target file represents a potential security risk, and then (5) performing a security action on the target file. Various other methods, systems, and computer-readable media are also disclosed.
    • 用于使用信誉信息来评估通过种子事务获得的文件的可信赖性的计算机实现的方法可以包括(1)识别包括元数据的torrent文件,以便于通过点对点文件获取目标文件的洪流事务, (2)确定洪流交易中涉及到的至少一个实体,(3)获取与洪流交易相关的实体相关的信誉信息,其中信誉信息识别社区对该实体的可信度的意见(4 )至少部分地基于与所述洪流事务中涉及的实体相关联的信誉信息确定所述目标文件表示潜在的安全风险,然后(5)对所述目标文件执行安全动作。 还公开了各种其它方法,系统和计算机可读介质。
    • 7. 发明授权
    • Replace malicious driver at boot time
    • 在启动时更换恶意驱动程序
    • US07917952B1
    • 2011-03-29
    • US11873583
    • 2007-10-17
    • Adam GlickDavid KaneYung-Shuo Lin
    • Adam GlickDavid KaneYung-Shuo Lin
    • G06F11/00G06F12/14G06F12/16G08B23/00G06F11/30
    • G06F21/568G06F21/575
    • A malicious driver replacement application is installed on a host computer system and registered as a boot execute application. On notification of a malicious driver detection, the malicious driver replacement application reboots the host computer system and locks the volume of a storage disk containing the malicious driver. The malicious driver is replaced directly on the storage disk with a dummy driver having innocuous code. The malicious driver replacement application reboots the host computer system, and on reboot of the host computer system, the dummy driver is loaded rather than the malicious driver thus preventing the malicious driver from interfering with the standard operating system routines and allowing the malicious driver to be remediated.
    • 恶意的驱动程序更换应用程序安装在主机系统上并注册为启动执行应用程序。 在通知恶意驱动程序检测时,恶意驱动程序替换应用程序重新启动主机系统,并锁定包含恶意驱动程序的存储磁盘的卷。 恶意驱动程序直接在存储磁盘上替换为具有无害代码的虚拟驱动程序。 恶意驱动程序更换应用程序重新启动主机系统,并且在重新启动主机系统时,加载虚拟驱动程序而不是恶意驱动程序,从而防止恶意驱动程序干扰标准操作系统程序,并允许恶意驱动程序 补救
    • 9. 发明授权
    • Systems and methods for automatically detecting and preventing phishing attacks
    • 用于自动检测和防止网络钓鱼攻击的系统和方法
    • US08776196B1
    • 2014-07-08
    • US13557051
    • 2012-07-24
    • Ian OliverAdam GlickNicholas GrafSpencer Smith
    • Ian OliverAdam GlickNicholas GrafSpencer Smith
    • G06F7/04G06F12/14G06F17/30H04L29/06
    • H04L63/1483H04L63/1408
    • A computer-implemented method for automatically detecting and preventing phishing attacks may include (1) maintaining a credentials store for a user of the computing device that identifies both at least one known-legitimate website and credentials associated with the known-legitimate website, (2) detecting an attempt by the user to enter the same credentials that are associated with the known-legitimate website into a new website that is not associated with the credentials in the credentials store, and then, prior to allowing the credentials to pass to the new website, (3) automatically warning the user that the new website potentially represents an attempt to phish the credentials associated with the known-legitimate website from the user. Various other methods, systems, and computer-readable media are also disclosed.
    • 用于自动检测和防止网络钓鱼攻击的计算机实现的方法可以包括(1)维护用于识别至少一个已知合法网站和与已知合法网站相关联的证书的计算设备的用户的凭证存储(2) )检测用户尝试将与已知合法网站相关联的相同凭证输入到与凭证存储器中的凭证不相关联的新网站,然后在允许凭据传递到新的 网站,(3)自动向用户发出警告,表示新网站可能代表尝试从用户那里窃取与已知合法网站相关联的凭据。 还公开了各种其它方法,系统和计算机可读介质。
    • 10. 发明授权
    • Behavior based signatures
    • 基于行为的签名
    • US08701192B1
    • 2014-04-15
    • US12495127
    • 2009-06-30
    • Adam GlickSpencer Dale SmithNicholas Robert Graf
    • Adam GlickSpencer Dale SmithNicholas Robert Graf
    • G06F21/00
    • G06F21/566
    • Behavior based signatures for identifying applications are generated. An application is monitored as it runs. Specific behaviors concerning the execution of the application are detected, and a behavior based signature representing detected behaviors is created, such that the behavior based signature can be used subsequently to identify instances of the application. Behavior based signatures identifying known malicious and/or non-malicious applications can be used to determine whether other applications comprise malware. To do so, a running application is monitored, and specific behaviors concerning the execution of the application are detected. The detected behaviors are compared to one or more behavior based signatures. Responsive to whether the detected behaviors match, a behavior based signature, it can be determined whether the application comprises malware. An additional malware detection test, such as a heuristic analysis, can also be performed and used in determining whether the application comprises malware.
    • 生成用于识别应用程序的基于行为的签名。 一个应用程序在运行时被监视。 检测与执行应用程序有关的具体行为,并且创建表示检测到的行为的基于行为的签名,使得随后可以使用基于行为的签名来识别应用的实例。 识别已知恶意和/或非恶意应用程序的基于行为的签名可用于确定其他应用程序是否包含恶意软件。 为此,监视正在运行的应用程序,并检测到与执行应用程序有关的具体行为。 将检测到的行为与一个或多个基于行为的签名进行比较。 响应于检测到的行为是否匹配,基于行为的签名,可以确定应用是否包括恶意软件。 还可以执行额外的恶意软件检测测试,例如启发式分析,并用于确定应用程序是否包含恶意软件。