专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08402539B1 Systems and methods for detecting malware 有权
标题翻译：用于检测恶意软件的系统和方法
公开(公告)号：US08402539B1
公开(公告)日：2013-03-19
申请号：US13227997
申请日：2011-09-08
申请人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
发明人： Joseph Chen , Adam Glick , Jeffrey Wilhelm
IPC分类号： H04L29/06 , G06F15/16 , G06F11/30
CPC分类号： G06F21/566 , H04L63/1416
摘要： A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.
摘要翻译：用于检测恶意软件的方法可以包括：1）接收确定从客户端设备到服务器的连接是否被阻止的请求，2）尝试从客户端设备的内核模式连接到服务器，3）客户端设备从内核模式成功连接到服务器，4）尝试从客户端设备的用户模式连接到服务器; 5）确定客户端设备没有从用户模式成功连接到服务器; 6）基于客户端设备从内核模式成功地连接到服务器并且未能从用户模式连接到服务器，该恶意软件阻止从客户端设备到服务器的连接，以及7）响应于确定恶意软件阻止连接，执行至少一个安全措施。

2. 发明授权

US09733929B1 Systems and methods for restoring applications 有权
公开(公告)号：US09733929B1
公开(公告)日：2017-08-15
申请号：US12839615
申请日：2010-07-20
申请人： Nicholas Graf , Adam Glick , Spencer Smith
发明人： Nicholas Graf , Adam Glick , Spencer Smith
IPC分类号： G06F9/44
CPC分类号： G06F8/71 , G06F8/61 , G06F11/006 , G06F11/1451 , G06F11/1469 , G06F11/3003 , G06F11/302 , G06F21/51 , G06F2201/865 , G06F2221/033
摘要： A method for restoring applications may include: 1) identifying an installation file that includes an application; 2) monitoring the installation file to identify a set of application files generated as a result of installing the application from the installation file; 3) assigning, to each application file in the set of application files, an application identifier that associates each application file in the set of application files with the application; 4) backing up the application by copying each application file in the set of application files to a backup storage system; 5) receiving a request to restore each application file in the set of application files; and 6) restoring the application by using the application identifier to locate each application file in the set of application files within the backup storage system. Various other methods, systems, and computer-readable media are also disclosed.

3. 发明授权

US08914888B1 Systems and methods for classifying an unclassified process as a potential trusted process based on dependencies of the unclassified process 有权
标题翻译：基于未分类过程的依赖关系将未分类过程分类为潜在可信过程的系统和方法
公开(公告)号：US08914888B1
公开(公告)日：2014-12-16
申请号：US12603429
申请日：2009-10-21
申请人： Sourabh Satish , Shane Pereira , Adam Glick
发明人： Sourabh Satish , Shane Pereira , Adam Glick
IPC分类号： G06F11/00
CPC分类号： H04L63/145 , G06F21/57 , G06F2221/2145
摘要： A computer-implemented method for classifying an unclassified process as a potentially trusted process based on dependencies of the unclassified process is described. A component loaded by the unclassified process is identified. A determination is made as to whether a hard dependency exists between the unclassified process and the loaded component. A hard dependency exists if the unclassified process depends on the loaded component in order to execute. The unclassified process is classified as a potentially trusted process if a hard dependency exists between the unclassified process and the loaded component.
摘要翻译：描述了一种用于将未分类过程分类为基于未分类过程的依赖性的潜在受信任过程的计算机实现的方法。识别由未分类过程加载的组件。确定在未分类的进程和加载的组件之间是否存在硬依赖关系。如果未分类的进程依赖于加载的组件来执行，则存在硬依赖性。如果未分类的进程和加载的组件之间存在硬依赖关系，则未分类进程被分类为潜在的可信任进程。

4. 发明授权

US08656489B1 Method and apparatus for accelerating load-point scanning 有权
标题翻译：用于加速加载点扫描的方法和装置
公开(公告)号：US08656489B1
公开(公告)日：2014-02-18
申请号：US11864955
申请日：2007-09-29
申请人： Adam Glick
发明人： Adam Glick
IPC分类号： G06F21/00
CPC分类号： G06F21/562 , G06F21/564
摘要： A method and apparatus for accelerating a load point scanning process. In one embodiment, the method and apparatus comprise creating, at an initial scan, a detection area map identifying files referenced by detection areas. Upon a subsequent scan, determining whether the detection area has changed with respect to the detection area map. If the detection area map has changed, re-evaluating the detection area and repopulating the detection area map entry. In another embodiment, the method and apparatus avoid rescanning files as allowed using information in a file attribute cache.
摘要翻译：一种用于加速加载点扫描过程的方法和装置。在一个实施例中，所述方法和装置包括在初始扫描时创建识别由检测区域引用的文件的检测区域图。在随后的扫描中，确定检测区域是否相对于检测区域图变化。如果检测区域图已经改变，重新评估检测区域并重新填充检测区域图条目。在另一个实施例中，该方法和装置避免使用文件属性高速缓存中的信息来允许重新扫描文件。

5. 发明授权

US07926106B1 Utilizing early exclusive volume access and direct volume manipulation to remove protected files 有权
标题翻译：利用早期专用卷访问和直接卷操作来删除受保护的文件
公开(公告)号：US07926106B1
公开(公告)日：2011-04-12
申请号：US11400538
申请日：2006-04-06
申请人： Mark Kennedy , Michael Spertus , Peter Linhardt , Richard Gough , Adam Glick , Patrick Gardner , Spencer Smith , Tim Naftel
发明人： Mark Kennedy , Michael Spertus , Peter Linhardt , Richard Gough , Adam Glick , Patrick Gardner , Spencer Smith , Tim Naftel
IPC分类号： G06F11/00
CPC分类号： G06F21/568
摘要： Upon detection of a rootkit, a host computer system is rebooted. The boot process is interrupted. Access to a media, e.g., a volume or disk, containing the rootkit is gained and the media is directly accessed. The rootkit is disabled, e.g., renamed or deleted, and the host computer system is rebooted a second time. If the rootkit has not been previously removed, e.g., only renamed, the rootkit is removed, e.g., using a conventional antivirus application. Thus, upon detection of a rootkit, the rootkit is removed without a clean boot.
摘要翻译：在检测到rootkit后，重新启动主机系统。引导过程中断。获得对包含rootkit的媒体（例如卷或磁盘）的访问，并直接访问媒体。 rootkit被禁用，例如重命名或删除，并且主计算机系统第二次重新启动。如果rootkit尚未被除去，例如，仅被重命名，则rootkit被去除，例如使用传统的防病毒应用程序。因此，在检测到一个rootkit后，rootkit将被删除而无需干净启动。

6. 发明授权

US08627463B1 Systems and methods for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions 有权
标题翻译：使用信誉信息评估通过洪流交易获得的文件的可信赖性的系统和方法
公开(公告)号：US08627463B1
公开(公告)日：2014-01-07
申请号：US12880581
申请日：2010-09-13
申请人： Adam Glick , Nicholas Graf , Spencer Smith
发明人： Adam Glick , Nicholas Graf , Spencer Smith
IPC分类号： G06F11/00
CPC分类号： H04L63/1408 , G06F17/30206 , G06F21/56 , G06F2221/033 , H04L63/12 , H04L63/1416 , H04L63/145
摘要： A computer-implemented method for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions may include (1) identifying a torrent file that includes metadata for facilitating a torrent transaction for obtaining a target file via a peer-to-peer file-sharing protocol, (2) identifying at least one entity involved in the torrent transaction, (3) obtaining reputation information associated with the entity involved in the torrent transaction, wherein the reputation information identifies a community's opinion on the trustworthiness of the entity, (4) determining, based at least in part on the reputation information associated with the entity involved in the torrent transaction, that the target file represents a potential security risk, and then (5) performing a security action on the target file. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于使用信誉信息来评估通过种子事务获得的文件的可信赖性的计算机实现的方法可以包括（1）识别包括元数据的torrent文件，以便于通过点对点文件获取目标文件的洪流事务，（2）确定洪流交易中涉及到的至少一个实体，（3）获取与洪流交易相关的实体相关的信誉信息，其中信誉信息识别社区对该实体的可信度的意见（4 ）至少部分地基于与所述洪流事务中涉及的实体相关联的信誉信息确定所述目标文件表示潜在的安全风险，然后（5）对所述目标文件执行安全动作。还公开了各种其它方法，系统和计算机可读介质。

7. 发明授权

US07917952B1 Replace malicious driver at boot time 有权
标题翻译：在启动时更换恶意驱动程序
公开(公告)号：US07917952B1
公开(公告)日：2011-03-29
申请号：US11873583
申请日：2007-10-17
申请人： Adam Glick , David Kane , Yung-Shuo Lin
发明人： Adam Glick , David Kane , Yung-Shuo Lin
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F11/30
CPC分类号： G06F21/568 , G06F21/575
摘要： A malicious driver replacement application is installed on a host computer system and registered as a boot execute application. On notification of a malicious driver detection, the malicious driver replacement application reboots the host computer system and locks the volume of a storage disk containing the malicious driver. The malicious driver is replaced directly on the storage disk with a dummy driver having innocuous code. The malicious driver replacement application reboots the host computer system, and on reboot of the host computer system, the dummy driver is loaded rather than the malicious driver thus preventing the malicious driver from interfering with the standard operating system routines and allowing the malicious driver to be remediated.
摘要翻译：恶意的驱动程序更换应用程序安装在主机系统上并注册为启动执行应用程序。在通知恶意驱动程序检测时，恶意驱动程序替换应用程序重新启动主机系统，并锁定包含恶意驱动程序的存储磁盘的卷。恶意驱动程序直接在存储磁盘上替换为具有无害代码的虚拟驱动程序。恶意驱动程序更换应用程序重新启动主机系统，并且在重新启动主机系统时，加载虚拟驱动程序而不是恶意驱动程序，从而防止恶意驱动程序干扰标准操作系统程序，并允许恶意驱动程序补救

8. 发明授权

US09152790B1 Systems and methods for detecting fraudulent software applications that generate misleading notifications 有权
标题翻译：用于检测产生误导性通知的欺诈性软件应用程序的系统和方法
公开(公告)号：US09152790B1
公开(公告)日：2015-10-06
申请号：US12470213
申请日：2009-05-21
申请人： Adam Glick , Nicholas Graf , Spencer Smith
发明人： Adam Glick , Nicholas Graf , Spencer Smith
IPC分类号： G06F21/56
CPC分类号： G06F21/566 , G06F21/554
摘要： A computer-implemented method for detecting fraudulent software applications that generate misleading notifications is disclosed. In one example, such a method may comprise: 1) detecting a notification generated by an application installed on the computing device, 2) accessing criteria for determining, based at least in part on characteristics of the notification, whether the application is trustworthy, 3) determining, by applying the criteria, that the application is untrustworthy, and then 4) performing a security operation on the application. Corresponding systems and computer-readable media are also disclosed.
摘要翻译：公开了一种用于检测产生误导通知的欺诈软件应用的计算机实现的方法。在一个示例中，这样的方法可以包括：1）检测由安装在计算设备上的应用产生的通知，2）访问用于至少部分地基于通知的特征确定应用是否可信的准入）通过应用标准确定应用程序不可信任，然后4）对应用程序执行安全操作。还公开了相应的系统和计算机可读介质。

9. 发明授权

US08776196B1 Systems and methods for automatically detecting and preventing phishing attacks 有权
标题翻译：用于自动检测和防止网络钓鱼攻击的系统和方法
公开(公告)号：US08776196B1
公开(公告)日：2014-07-08
申请号：US13557051
申请日：2012-07-24
申请人： Ian Oliver , Adam Glick , Nicholas Graf , Spencer Smith
发明人： Ian Oliver , Adam Glick , Nicholas Graf , Spencer Smith
IPC分类号： G06F7/04 , G06F12/14 , G06F17/30 , H04L29/06
CPC分类号： H04L63/1483 , H04L63/1408
摘要： A computer-implemented method for automatically detecting and preventing phishing attacks may include (1) maintaining a credentials store for a user of the computing device that identifies both at least one known-legitimate website and credentials associated with the known-legitimate website, (2) detecting an attempt by the user to enter the same credentials that are associated with the known-legitimate website into a new website that is not associated with the credentials in the credentials store, and then, prior to allowing the credentials to pass to the new website, (3) automatically warning the user that the new website potentially represents an attempt to phish the credentials associated with the known-legitimate website from the user. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于自动检测和防止网络钓鱼攻击的计算机实现的方法可以包括（1）维护用于识别至少一个已知合法网站和与已知合法网站相关联的证书的计算设备的用户的凭证存储（2））检测用户尝试将与已知合法网站相关联的相同凭证输入到与凭证存储器中的凭证不相关联的新网站，然后在允许凭据传递到新的网站，（3）自动向用户发出警告，表示新网站可能代表尝试从用户那里窃取与已知合法网站相关联的凭据。还公开了各种其它方法，系统和计算机可读介质。

10. 发明授权

US08701192B1 Behavior based signatures 有权
标题翻译：基于行为的签名
公开(公告)号：US08701192B1
公开(公告)日：2014-04-15
申请号：US12495127
申请日：2009-06-30
申请人： Adam Glick , Spencer Dale Smith , Nicholas Robert Graf
发明人： Adam Glick , Spencer Dale Smith , Nicholas Robert Graf
IPC分类号： G06F21/00
CPC分类号： G06F21/566
摘要： Behavior based signatures for identifying applications are generated. An application is monitored as it runs. Specific behaviors concerning the execution of the application are detected, and a behavior based signature representing detected behaviors is created, such that the behavior based signature can be used subsequently to identify instances of the application. Behavior based signatures identifying known malicious and/or non-malicious applications can be used to determine whether other applications comprise malware. To do so, a running application is monitored, and specific behaviors concerning the execution of the application are detected. The detected behaviors are compared to one or more behavior based signatures. Responsive to whether the detected behaviors match, a behavior based signature, it can be determined whether the application comprises malware. An additional malware detection test, such as a heuristic analysis, can also be performed and used in determining whether the application comprises malware.
摘要翻译：生成用于识别应用程序的基于行为的签名。一个应用程序在运行时被监视。检测与执行应用程序有关的具体行为，并且创建表示检测到的行为的基于行为的签名，使得随后可以使用基于行为的签名来识别应用的实例。识别已知恶意和/或非恶意应用程序的基于行为的签名可用于确定其他应用程序是否包含恶意软件。为此，监视正在运行的应用程序，并检测到与执行应用程序有关的具体行为。将检测到的行为与一个或多个基于行为的签名进行比较。响应于检测到的行为是否匹配，基于行为的签名，可以确定应用是否包括恶意软件。还可以执行额外的恶意软件检测测试，例如启发式分析，并用于确定应用程序是否包含恶意软件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式