专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07844700B2 Latency free scanning of malware at a network transit point 有权
标题翻译：在网络转接点，不间断地扫描恶意软件
公开(公告)号：US07844700B2
公开(公告)日：2010-11-30
申请号：US11097060
申请日：2005-03-31
申请人： Adrian M Marinescu , Marc E Seinfeld , Michael Kramer , Yigal Edery
发明人： Adrian M Marinescu , Marc E Seinfeld , Michael Kramer , Yigal Edery
IPC分类号： G06F15/173 , G06F11/30
CPC分类号： H04L63/0209 , H04L63/1416 , H04L63/145
摘要： In accordance with the present invention, a system, method, and computer-readable medium for identifying malware at a network transit point such as a computer that serves as a gateway to an internal or private network is provided. A network transmission is scanned for malware at a network transit point without introducing additional latency to the transmission of data over the network. In accordance with one aspect of the present invention, a computer-implemented method for identifying malware at a network transit point is provided. More specifically, when a packet in a transmission is received at the network transit point, the packet is immediately forwarded to the target computer. Simultaneously, the packet and other data in the transmission are scanned for malware by an antivirus engine. If malware is identified in the transmission, the target computer is notified that the transmission contains malware.
摘要翻译：根据本发明，提供了一种系统，方法和计算机可读介质，用于在诸如用作内部或专用网络的网关的计算机之类的网络转接点处识别恶意软件。在网络传输点扫描网络传输恶意软件，而不会对网络上的数据传输造成额外的延迟。根据本发明的一个方面，提供了一种用于在网络中转点识别恶意软件的计算机实现的方法。更具体地，当在网络转接点接收到传输中的分组时，该分组立即被转发到目标计算机。同时，传输中的数据包和其他数据由防病毒引擎扫描恶意软件。如果在传输中识别到恶意软件，则通知目标计算机该传输包含恶意软件。

2. 发明授权

US07603712B2 Protecting a computer that provides a Web service from malware 有权
标题翻译：保护从恶意软件提供Web服务的计算机
公开(公告)号：US07603712B2
公开(公告)日：2009-10-13
申请号：US11112507
申请日：2005-04-21
申请人： Marc E Seinfeld , Adrian M Marinescu , Charles W Kaufman , Jeffrey M Cooperstein , Michael Kramer
发明人： Marc E Seinfeld , Adrian M Marinescu , Charles W Kaufman , Jeffrey M Cooperstein , Michael Kramer
IPC分类号： G08B23/00 , G06F12/16
CPC分类号： G06F21/564 , G06F21/56 , H04L63/1408 , H04L63/168
摘要： In accordance with the present invention, a system, method, and computer-readable medium for identifying malware in a request to a Web service is provided. One aspect of the present invention is a computer-implemented method for protecting a computer that provides a Web service from malware made in a Web request. When a request is received, an on-demand compilation system compiles high-level code associated with the request into binary code that may be executed. However, before the code is executed, antivirus software designed to identify malware scans the binary code for malware. If malware is identified, the antivirus software prevents the binary code associated with the request from being executed.
摘要翻译：根据本发明，提供了一种用于在对Web服务的请求中识别恶意软件的系统，方法和计算机可读介质。本发明的一个方面是一种用于保护提供Web服务的计算机免受在Web请求中产生的恶意软件的计算机实现的方法。当接收到请求时，按需编译系统将与请求相关联的高级代码编译成可执行的二进制代码。但是，在执行代码之前，旨在识别恶意软件的防病毒软件会扫描二进制代码以查找恶意软件。如果识别出恶意软件，防病毒软件可防止与请求相关联的二进制代码被执行。

3. 发明授权

US08561190B2 System and method of opportunistically protecting a computer from malware 有权
标题翻译：机会性地保护计算机免受恶意软件的系统和方法
公开(公告)号：US08561190B2
公开(公告)日：2013-10-15
申请号：US11130570
申请日：2005-05-16
申请人： Adrian M Marinescu , Marc E Seinfeld , Matthew I Braverman
发明人： Adrian M Marinescu , Marc E Seinfeld , Matthew I Braverman
IPC分类号： H04L29/06
CPC分类号： G06F21/56 , G06F21/568 , G06F21/577 , G06F2221/2115 , H04L63/1416 , H04L63/1433
摘要： The present invention provides a system, method, and computer-readable medium that opportunistically install a software update on a computer that closes a vulnerability that existed on the computer. In accordance with one aspect of the present invention, when antivirus software on a computer identifies malware, a method causes a software update that closes the vulnerability exploited by the malware to be installed on the computer. The method includes identifying the vulnerability exploited by the malware, using a software update system to obtain a software update that is configured to close the vulnerability; and causing the software update to be installed on the computer where the vulnerability exists.
摘要翻译：本发明提供了一种在关闭计算机上存在的漏洞的计算机上机会地安装软件更新的系统，方法和计算机可读介质。根据本发明的一个方面，当计算机上的防病毒软件识别恶意软件时，一种方法导致软件更新，其关闭被安装在计算机上的恶意软件所利用的漏洞。该方法包括识别恶意软件利用的漏洞，使用软件更新系统获取配置为关闭漏洞的软件更新; 并使软件更新安装在存在该漏洞的计算机上。

4. 发明授权

US07765410B2 System and method of aggregating the knowledge base of antivirus software applications 失效
标题翻译：聚合防毒软件应用知识库的系统和方法
公开(公告)号：US07765410B2
公开(公告)日：2010-07-27
申请号：US10984611
申请日：2004-11-08
申请人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
发明人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
IPC分类号： G06F12/14 , G06F7/04 , H04L29/06 , G08B23/00
CPC分类号： G06F21/56
摘要： In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要翻译：根据本发明，提供了聚合多个防病毒软件应用的知识库的系统，方法和计算机可读介质。诸如防病毒软件应用程序之类的用户模式应用程序通过通用信息模型获得对文件系统操作的访问，从而避免了防病毒软件供应商创建内核模式过滤器的需要。当文件系统操作可用于防病毒软件应用时，本发明可以使得安装在计算设备上的每个防病毒软件应用程序执行扫描以确定数据是否是恶意软件。

5. 发明授权

US07765400B2 Aggregation of the knowledge base of antivirus software 失效
标题翻译：防病毒软件知识库的汇总
公开(公告)号：US07765400B2
公开(公告)日：2010-07-27
申请号：US10984615
申请日：2004-11-08
申请人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
发明人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
IPC分类号： H04L29/06 , G06F11/30 , G06F7/00 , G06F12/00 , G08B23/00
CPC分类号： G06F21/566 , G06F21/564 , Y10S707/99931
摘要： In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要翻译：根据本发明，提供了聚合多个防病毒软件应用的知识库的系统，方法和计算机可读介质。诸如防病毒软件应用程序之类的用户模式应用程序通过通用信息模型获得对文件系统操作的访问，从而避免了防病毒软件供应商创建内核模式过滤器的需要。当文件系统操作可用于防病毒软件应用时，本发明可以使得安装在计算设备上的每个防病毒软件应用程序执行扫描以确定数据是否是恶意软件。

6. 发明授权

US07636856B2 Proactive computer malware protection through dynamic translation 有权
标题翻译：通过动态翻译主动的计算机恶意软件保护
公开(公告)号：US07636856B2
公开(公告)日：2009-12-22
申请号：US11005000
申请日：2004-12-06
申请人： Gheorghe Marius Gheorghescu , Adrian M Marinescu , Adrian E Stepan
发明人： Gheorghe Marius Gheorghescu , Adrian M Marinescu , Adrian E Stepan
IPC分类号： G06F11/30 , G06F11/00
CPC分类号： G06F21/566 , G06F21/563
摘要： The present invention includes a system and method for translating potential malware devices into safe program code. The potential malware is translated from any one of a number of different types of source languages, including, but not limited to, native CPU program code, platform independent .NET byte code, scripting program code, and the like. Then the translated program code is compiled into program code that may be understood and executed by the native CPU. Before and/or during execution, the present invention causes a scanner to search for potential malware stored in memory. If malware is not detected, the computing device causes the CPU to execute the translated program code. However, execution and/or analysis of potential malware may be interrupted if computer memory that stores potential malware is altered during execution. In this instance, the potential malware now stored in memory is translated into safe program code before being executed.
摘要翻译：本发明包括用于将潜在恶意软件设备转换为安全程序代码的系统和方法。潜在的恶意软件是从许多不同类型的源语言中的任何一种转换出来的，包括但不限于本地CPU程序代码，独立于平台的.NET字节码，脚本程序代码等。然后将翻译的程序代码编译成可由本机CPU理解和执行的程序代码。在执行之前和/或执行期间，本发明使扫描仪搜索存储在存储器中的潜在恶意软件。如果未检测到恶意软件，则计算设备使CPU执行已翻译的程序代码。但是，如果在执行过程中改变存储潜在恶意软件的计算机内存，则可能会中断潜在恶意软件的执行和/或分析。在这种情况下，现在存储在存储器中的潜在恶意软件在执行之前被转换为安全的程序代码。

7. 发明授权

US08387139B2 Thread scanning and patching to disable injected malware threats 有权
标题翻译：线程扫描和修补以禁用注入的恶意软件威胁
公开(公告)号：US08387139B2
公开(公告)日：2013-02-26
申请号：US12025142
申请日：2008-02-04
申请人： Michael S. Jarrett , Adrian M Marinescu , Marius Gheorghe Gheorghescu , George C. Chicioreanu
发明人： Michael S. Jarrett , Adrian M Marinescu , Marius Gheorghe Gheorghescu , George C. Chicioreanu
IPC分类号： G06F12/14 , G06F12/16 , G06F11/00
CPC分类号： G06F21/566
摘要： An arrangement for scanning and patching injected malware code that is executing in otherwise legitimate processes running on a computer system is provided in which malware code is located in the memory of processes by extracting the start addresses of processes' threads and then searching near these addresses. Additional blocks of code in memory that are invoked by the code identified by each start address are also identified and the blocks are then matched against scanning signatures associated with known malware threads. If the entire signature can be matched against a subset of the blocks, then the thread is determined to be infected. The infected thread is suspended and in-memory modifications are performed to patch the injected code to render it harmless. The thread can be resumed or terminated to disable the protection mechanisms of the malware without causing any harm to the process in which the thread is injected.
摘要翻译：提供扫描和修补在计算机系统上运行的其他合法进程中执行的注入的恶意软件代码的布置，其中通过提取进程的线程的开始地址然后在这些地址附近进行搜索，其中恶意代码位于进程的存储器中。由每个起始地址识别的代码调用的内存中的其他代码块也被识别，然后将块与已知恶意软件线程相关的扫描签名进行匹配。如果整个签名可以与块的子集进行匹配，则确定线程被感染。受感染的线程被暂停，并且执行内存中的修改来修补注入的代码以使其无害化。可以恢复或终止线程以禁用恶意软件的保护机制，而不会对注入线程的进程造成任何损害。

8. 发明授权

US07660797B2 Scanning data in an access restricted file for malware 有权
标题翻译：在恶意软件的访问限制文件中扫描数据
公开(公告)号：US07660797B2
公开(公告)日：2010-02-09
申请号：US11139409
申请日：2005-05-27
申请人： Adrian M Marinescu , George C Chicioreanu , Marius Gheorghe Gheorghescu , Scott A Field
发明人： Adrian M Marinescu , George C Chicioreanu , Marius Gheorghe Gheorghescu , Scott A Field
IPC分类号： G06F7/00 , G06F17/30 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/56
摘要： The present invention is directed toward a system, method, and computer-readable medium that scan a file for malware that maintains a restrictive access attribute that limits access to the file. In accordance with one aspect of the present invention, a method for performing a scan for malware is provided when antivirus software on a computer encounters a file with a restrictive access attribute that prevents the file from being scanned. More specifically, the method includes identifying the restrictive access attribute that limits access to the file; bypassing the restrictive access attribute to access data in the file; and using a scan engine to scan the data in the file for malware.
摘要翻译：本发明涉及一种系统，方法和计算机可读介质，其扫描文件以维护限制对该文件的访问的限制性访问属性的恶意软件。根据本发明的一个方面，当计算机上的防病毒软件遇到具有阻止文件被扫描的限制性访问属性的文件时，提供了用于执行恶意软件扫描的方法。更具体地，该方法包括识别限制对文件的访问的限制性访问属性; 绕过限制访问属性访问文件中的数据; 并使用扫描引擎来扫描文件中的恶意软件数据。

9. 发明授权

US07478237B2 System and method of allowing user mode applications with access to file data 有权
标题翻译：允许用户模式应用访问文件数据的系统和方法
公开(公告)号：US07478237B2
公开(公告)日：2009-01-13
申请号：US10984207
申请日：2004-11-08
申请人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
发明人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
IPC分类号： H04L9/00 , H04L9/32 , G06F11/30
CPC分类号： G06F21/566 , G06F21/564
摘要： In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要翻译：根据本发明，提供了聚合多个防病毒软件应用的知识库的系统，方法和计算机可读介质。诸如防病毒软件应用程序之类的用户模式应用程序通过通用信息模型获得对文件系统操作的访问，从而避免了防病毒软件供应商创建内核模式过滤器的需要。当文件系统操作可用于防病毒软件应用时，本发明可以使得安装在计算设备上的每个防病毒软件应用程序执行扫描以确定数据是否是恶意软件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式