专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08516583B2 Aggregating the knowledge base of computer systems to proactively protect a computer from malware 有权
标题翻译：汇总计算机系统的知识库，主动保护计算机免受恶意软件攻击
公开(公告)号：US08516583B2
公开(公告)日：2013-08-20
申请号：US11096490
申请日：2005-03-31
申请人： Anil Francis Thomas , Michael Kramer , Mihai Costea , Efim Hudis , Pradeep Bahl , Rajesh K Dadhia , Yigal Edery
发明人： Anil Francis Thomas , Michael Kramer , Mihai Costea , Efim Hudis , Pradeep Bahl , Rajesh K Dadhia , Yigal Edery
IPC分类号： G06F21/00
CPC分类号： G06F21/56 , G06F21/562 , G06F21/577
摘要： In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.
摘要翻译：根据本发明，提供了一种用于聚合多个安全服务或其他事件收集系统的知识库以保护计算机免受恶意软件的系统，方法和计算机可读介质。本发明的一个方面是通过使用反恶意软件服务或其他事件收集系统来观察潜在地指示恶意软件的可疑事件来主动地保护计算机免受恶意软件的影响; 确定可疑事件是否满足预定阈值; 并且如果可疑事件满足预定阈值，则实施旨在防止恶意软件传播的限制性安全策略。

2. 发明授权

US07478237B2 System and method of allowing user mode applications with access to file data 有权
标题翻译：允许用户模式应用访问文件数据的系统和方法
公开(公告)号：US07478237B2
公开(公告)日：2009-01-13
申请号：US10984207
申请日：2004-11-08
申请人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
发明人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
IPC分类号： H04L9/00 , H04L9/32 , G06F11/30
CPC分类号： G06F21/566 , G06F21/564
摘要： In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要翻译：根据本发明，提供了聚合多个防病毒软件应用的知识库的系统，方法和计算机可读介质。诸如防病毒软件应用程序之类的用户模式应用程序通过通用信息模型获得对文件系统操作的访问，从而避免了防病毒软件供应商创建内核模式过滤器的需要。当文件系统操作可用于防病毒软件应用时，本发明可以使得安装在计算设备上的每个防病毒软件应用程序执行扫描以确定数据是否是恶意软件。

3. 发明授权

US07861296B2 System and method for efficiently scanning a file for malware 有权
标题翻译：用于高效扫描恶意软件文件的系统和方法
公开(公告)号：US07861296B2
公开(公告)日：2010-12-28
申请号：US11154267
申请日：2005-06-16
申请人： Mihai Costea , Adrian Bivol , Adrian M. Marinescu , Anil Francis Thomas , Cenk Ergan , David Goebel , George C. Chicioreanu , Marius Gheorghe Gheorghescu , Michael R. Fortin
发明人： Mihai Costea , Adrian Bivol , Adrian M. Marinescu , Anil Francis Thomas , Cenk Ergan , David Goebel , George C. Chicioreanu , Marius Gheorghe Gheorghescu , Michael R. Fortin
IPC分类号： G06F11/00
CPC分类号： G06F21/51 , G06F21/566
摘要： The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect of the present invention is a method that identifies a pattern in which data in a file is loaded into memory from a computer-readable medium. Then the method identifies a pattern in which data in the file may be loaded into memory in a way that minimizes the time required to read data in the file. When a subsequent scan of the file is scheduled to occur, the method causes data in the file to be loaded in memory using the pattern that minimizes the time required to read data in the file.
摘要翻译：本发明涉及一种用于将数据有效地加载到存储器中以便扫描恶意软件的数据的系统，方法和计算机可读介质。本发明提供的逻辑提高了用户在操作受防病毒软件保护的计算机时的体验。本发明的一个方面是从计算机可读介质中识别文件中的数据被加载到存储器中的模式的方法。然后，该方法识别可以以最小化在文件中读取数据所需的时间的方式将文件中的数据加载到存储器中的模式。当调度文件的后续扫描时，该方法会使文件中的数据使用最小化文件中读取数据所需的时间的模式加载到内存中。

4. 发明授权

US07882561B2 System and method of caching decisions on when to scan for malware 有权
标题翻译：缓存何时扫描恶意软件的系统和方法
公开(公告)号：US07882561B2
公开(公告)日：2011-02-01
申请号：US11047810
申请日：2005-01-31
申请人： Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas
发明人： Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas
IPC分类号： G06F11/00
CPC分类号： G06F21/564
摘要： In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.
摘要翻译：根据本发明，提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统，方法和计算机可读介质。本发明的一个方面包括当接收到包括恶意软件签名的软件更新时，识别需要扫描恶意软件的文件。更具体地，通过搜索与恶意软件相关联的元数据来识别新的恶意软件的属性。然后，该方法将搜索扫描缓存，并确定每个具有扫描缓存中的条目的文件是否是可能被恶意软件感染的类型。如果文件是可能被恶意软件感染的文件，那么当发生诸如I / O请求的扫描事件时，该文件将被扫描恶意软件。相反，如果文件不是可能被恶意软件感染的类型，则可能会访问该文件，而不执行扫描。

5. 发明授权

US07716743B2 Privacy friendly malware quarantines 有权
标题翻译：隐私权恶意软件隔离
公开(公告)号：US07716743B2
公开(公告)日：2010-05-11
申请号：US11035584
申请日：2005-01-14
申请人： Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas , Gheorghe Marius Gheorghescu , Kyle A. Larsen , Vadim N. Bluvstein
发明人： Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas , Gheorghe Marius Gheorghescu , Kyle A. Larsen , Vadim N. Bluvstein
IPC分类号： G06F11/00 , H04L29/06
CPC分类号： G06F21/56 , G06F21/6209 , G06F21/64
摘要： The present invention provides a system, method, and computer-readable medium for quarantining a file. Embodiments of the present invention are included in antivirus software that maintains a user interface. From the user interface, a user may issue a command to quarantine a file or the quarantine process may be initiated automatically by the antivirus software after malware is identified. When a file is marked for quarantine, aspects of the present invention encode file data with a function that is reversible. Then a set of metadata is identified that describes attributes of the file including any heightened security features that are used to limit access to the file. The metadata is moved to a quarantine folder, while the encoded file remains at the same location in the file system. As a result, the encoded file maintains the same file attributes as the original, non-quarantined file, including any heightened security features.
摘要翻译：本发明提供了用于隔离文件的系统，方法和计算机可读介质。本发明的实施例包括在维护用户界面的防病毒软件中。从用户界面，用户可能会发出隔离文件的命令，或者在识别恶意软件后，防病毒软件可能会自动启动隔离进程。当文件被标记为隔离区时，本发明的方面用可逆的功能对文件数据进行编码。然后识别一组描述文件属性的元数据，包括用于限制对文件访问的任何更高级的安全功能。元数据移动到隔离文件夹，而编码文件保留在文件系统中的相同位置。因此，编码文件保持与原始，未隔离文件相同的文件属性，包括任何更高级的安全功能。

6. 发明授权

US08161557B2 System and method of caching decisions on when to scan for malware 有权
标题翻译：缓存何时扫描恶意软件的系统和方法
公开(公告)号：US08161557B2
公开(公告)日：2012-04-17
申请号：US12949622
申请日：2010-11-18
申请人： Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas
发明人： Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas
IPC分类号： G06F11/00
CPC分类号： G06F21/564
摘要： In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.
摘要翻译：根据本发明，提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统，方法和计算机可读介质。本发明的一个方面包括当接收到包括恶意软件签名的软件更新时，识别需要扫描恶意软件的文件。更具体地，通过搜索与恶意软件相关联的元数据来识别新的恶意软件的属性。然后，该方法将搜索扫描缓存，并确定每个具有扫描缓存中的条目的文件是否是可能被恶意软件感染的类型。如果文件是可能被恶意软件感染的文件，那么当发生诸如I / O请求的扫描事件时，该文件将被扫描恶意软件。相反，如果文件不是可能被恶意软件感染的类型，则可能会访问该文件，而不执行扫描。

7. 发明申请

US20110067109A1 SYSTEM AND METHOD OF CACHING DECISIONS ON WHEN TO SCAN FOR MALWARE 有权
标题翻译：系统和方法在何时扫描恶意软件时执行决定
公开(公告)号：US20110067109A1
公开(公告)日：2011-03-17
申请号：US12949622
申请日：2010-11-18
申请人： Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas
发明人： Mihai Costea , Adrian M. Marinescu , Anil Francis Thomas
IPC分类号： G06F21/00
CPC分类号： G06F21/564
摘要： In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.
摘要翻译：根据本发明，提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统，方法和计算机可读介质。本发明的一个方面包括当接收到包括恶意软件签名的软件更新时，识别需要扫描恶意软件的文件。更具体地，通过搜索与恶意软件相关联的元数据来识别新的恶意软件的属性。然后，该方法将搜索扫描缓存，并确定每个具有扫描缓存中的条目的文件是否是可能被恶意软件感染的类型。如果文件是可能被恶意软件感染的文件，那么当发生诸如I / O请求的扫描事件时，该文件将被扫描恶意软件。相反，如果文件不是可能被恶意软件感染的类型，则可能会访问该文件，而不执行扫描。

8. 发明授权

US07765410B2 System and method of aggregating the knowledge base of antivirus software applications 失效
标题翻译：聚合防毒软件应用知识库的系统和方法
公开(公告)号：US07765410B2
公开(公告)日：2010-07-27
申请号：US10984611
申请日：2004-11-08
申请人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
发明人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
IPC分类号： G06F12/14 , G06F7/04 , H04L29/06 , G08B23/00
CPC分类号： G06F21/56
摘要： In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要翻译：根据本发明，提供了聚合多个防病毒软件应用的知识库的系统，方法和计算机可读介质。诸如防病毒软件应用程序之类的用户模式应用程序通过通用信息模型获得对文件系统操作的访问，从而避免了防病毒软件供应商创建内核模式过滤器的需要。当文件系统操作可用于防病毒软件应用时，本发明可以使得安装在计算设备上的每个防病毒软件应用程序执行扫描以确定数据是否是恶意软件。

9. 发明授权

US07765400B2 Aggregation of the knowledge base of antivirus software 失效
标题翻译：防病毒软件知识库的汇总
公开(公告)号：US07765400B2
公开(公告)日：2010-07-27
申请号：US10984615
申请日：2004-11-08
申请人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
发明人： Mihai Costea , David Allen Goebel , Adrian M Marinescu , Anil Francis Thomas
IPC分类号： H04L29/06 , G06F11/30 , G06F7/00 , G06F12/00 , G08B23/00
CPC分类号： G06F21/566 , G06F21/564 , Y10S707/99931
摘要： In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要翻译：根据本发明，提供了聚合多个防病毒软件应用的知识库的系统，方法和计算机可读介质。诸如防病毒软件应用程序之类的用户模式应用程序通过通用信息模型获得对文件系统操作的访问，从而避免了防病毒软件供应商创建内核模式过滤器的需要。当文件系统操作可用于防病毒软件应用时，本发明可以使得安装在计算设备上的每个防病毒软件应用程序执行扫描以确定数据是否是恶意软件。

10. 发明授权

US07676845B2 System and method of selectively scanning a file on a computing device for malware 有权
标题翻译：有选择地扫描计算设备上的恶意软件文件的系统和方法
公开(公告)号：US07676845B2
公开(公告)日：2010-03-09
申请号：US11090086
申请日：2005-03-24
申请人： Anil Francis Thomas , Michael Kramer , Scott A Field
发明人： Anil Francis Thomas , Michael Kramer , Scott A Field
IPC分类号： G06F12/14 , G06F7/04
CPC分类号： G06F21/51 , G06F21/564
摘要： In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One or more files may be sent from a trusted source to a computing device that implements the present invention. The integrity of the files that originate from a trusted source is validated using a signature-based hashing function. Any modifications made to files stored on the computing device are tracked by a component of the operating system. In instances when the file is not modified after being validated, an aspect of the present invention prevents the file from being scanned for malware when a scanning event is directed to the file. As a result, the performance of the computing device is improved as static files from trusted sources are not repeatedly scanned for malware.
摘要翻译：根据本发明，提供了选择扫描存储在计算设备上的用于恶意软件的文件的系统，方法和计算机可读介质。一个或多个文件可以从可信源发送到实现本发明的计算设备。源自可信源的文件的完整性使用基于签名的散列函数进行验证。对存储在计算设备上的文件的任何修改由操作系统的组件跟踪。在文件在被验证之后未被修改的情况下，本发明的一个方面防止当扫描事件被引导到该文件时该文件被扫描恶意软件。因此，由于来自可信源的静态文件不会重复扫描恶意软件，因此计算设备的性能得到改善。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式