KASPERSKY LAB, ZAO Patent applications |
Patent application number | Title | Published |
20160133144 | SYSTEM AND METHOD FOR ENCOURAGING STUDYING BY CONTROLLING STUDENT'S ACCESS TO A DEVICE BASED ON RESULTS OF STUDYING - Disclosed are systems, methods and computer program products for motivating and rewarding a student to study new subjects by controlling student's access to an electronic device based on results of studying. An example method includes generating, by a hardware processor, an exercise for a user based on a learning criteria; associating the exercise with an access control policy for at least one user's device; providing the exercise to the user and receiving a user's answer to the exercise; determining based on the user's answer whether to apply or not apply to the user's device the access control policy associated with the exercise; and based on the determination whether to apply or not apply the access control policy to the user's device, controlling or not controlling access of the user to the user's device. | 05-12-2016 |
20160117671 | SYSTEM AND METHOD FOR PROTECTING ELECTRONIC MONEY TRANSACTIONS - Disclosed are systems and methods for protecting electronic money transactions from fraud and malware. An exemplary method include scanning a computer to detect software objects associated with electronic money that includes at least one of a wallet configured to store electronic money, an electronic money generating application, and data including an interaction history with an electronic exchange for electronic money; identifying and adjusting electronic money security modules configured to provide data security to the detected software objects associated with the electronic money; and executing, by the adjusted electronic money security modules, at least one electronic money transaction involving the electronic money. In one aspect, the electronic money security modules include a wallet protection module, a malware detection module, and a traffic control module. | 04-28-2016 |
20160080398 | SYSTEM AND METHOD FOR DETECTION OF TARGETED ATTACKS - Methods, systems, and computer programs for detecting targeted attacks on compromised computer. An example method includes receiving from a plurality of computer systems data about the network resource, wherein each of the plurality of computer systems has a set of parameters and associated parameter values; detecting presence of a suspect indicator in the respective data received from each of a first group of the plurality of computer systems; detecting absence of the suspect indicator in the respective data received from each of a second group of the plurality of computer systems; determining at least one suspect parameter and at least one suspect parameter value; and estimating a probability of the targeted attack from the network resource based on the suspect indicator, the at least one suspect parameter, and the at least one parameter value. | 03-17-2016 |
20160036834 | SYSTEM AND METHOD FOR DETERMINING CATEGORY OF TRUSTOF APPLICATIONS PERFORMING INTERFACE OVERLAY - Disclose dare systems and method for determining category of trust of software applications. An example method includes monitoring a first application to detect an overlay of at least one interface element of the first application by at least one interface element of a second application; collecting information about the second application, wherein the information includes at least a danger status of the second application, wherein the danger status determines a danger caused by the second application to the first application; determining a category of trust of the second application based on an analysis of the collected information; and determining, based on the category of trust of the second application, whether to allow or prohibit overlay of the at least one interface element of the first application by the at least one interface element of the second application. | 02-04-2016 |
20160034384 | SYSTEM AND METHOD FOR ALTERING FUNCTIONALITY OF AN APPLICATION - Disclosed are systems and methods for altering functionality of an application. An example method comprises updating the application, wherein the application includes one or more functional modules; detecting events occurring on the computer after the updating, wherein types of the detected events belong to a set of detectable events; determining which of the one or more functional modules of the application caused the detected events; and altering the one or more detected functional modules, wherein the altering of the functional modules and which functional modules are altered depend on the detected events and on which functional modules caused the detected events. | 02-04-2016 |
20150371052 | ENCRYPTION OF USER DATA FOR STORAGE IN A CLOUD SERVER - Disclosed are systems, methods and computer program products for encryption of user data for storage on a remote network server. In one aspect, an example method includes collecting, by a software client, one or more sets of user authentication data from a user device; performing user authentication using one or more sets of user authentication data; when user authentication is successful, calculating a hash of at least one set of the user authentication data; generating an encryption key from the hash of the user authentication data; encrypting the user data using the generated encryption key; and transmitting the encrypted user data to the remote network server for storage. | 12-24-2015 |
20150356291 | SYSTEM AND METHODS FOR DETECTING HARMFUL FILES OF DIFFERENT FORMATS IN VITUAL ENVIRONMENT - Disclosed are systems, methods and computer program products for detection of harmful files of different formats. An example method includes: receiving a suspicious file; determining a file format of the suspicious file; determining, using antivirus software, if the suspicious file is dean or harmful; and when the antivirus software fails to determine whether the suspicious file is clean or harmful, selecting, based on at least the file format of the suspicious file, a configuration of a virtual machine for analyzing a maliciousness of the suspicious file by at least: selecting a program associated with the file format of the suspicious file, opening the suspicious file using the associated program in the virtual machine, collecting data of at least one activity on the virtual machine, and analyzing the data to determine the maliciousness of the suspicious file. | 12-10-2015 |
20150347757 | SYSTEM AND METHOD FOR ENCRYPTION OF DISK BASED ON PRE-BOOT COMPATIBILITY TESTING - Disclosed are systems, methods and computer program products for encryption of disk based on pre-boot compatibility testing. An example method includes upon determining, by a processor, no test booting of the computer, performing one or more pre-boot compatibility tests to boot an operating system of the computer; upon detecting a successful test booting, performing booting the operating system of the computer or performing the one or more pre-boot compatibility tests again; upon detecting an unsuccessful test booting, restoring a process of ordinary booting of the operating system and performing an ordinary booting of the operating system; determining one or more encryption policies applicable to a pre-boot execution stage of the computer; and comparing results of the one or more pre-boot compatibility tests with the encryption policies to determine whether to apply a full disk encryption to the boot disk. | 12-03-2015 |
20150341358 | METHOD AND SYSTEM FOR DETERMINING TRUSTED WIRELESS ACCESS POINTS - Disclosed are systems and method for determining trusted wireless access points. An example method includes identifying, by a mobile device, one or more wireless access points are available to connect to a network resource; obtaining a plurality of access point characteristics of the one or more wireless access points; obtaining a plurality of network resource characteristics for connecting to the network resource; comparing the plurality of access point characteristics and the plurality of network resource characteristics; determining based on the comparison at least one trusted wireless access points that is acceptable for establishing a connection to the network resource; and establishing a connection to the network resource via the trusted wireless access point. | 11-26-2015 |
20150302192 | SYSTEM AND METHODS OF PERFORMING ANTIVIRUS CHECKING IN A VIRTUAL ENVIRONMENT USING DIFFERENT ANTIVIRUS CHECKING TECHNIQUES - Disclosed are methods, systems and computer program products for antivirus checking of software objects in a virtual environment. An example method includes monitoring and identifying, by an antivirus agent running on a virtual machine in the virtual environment, an event occurring in the virtual machine, an object related to the event, and a type of the object; upon determining that the object needs an antivirus checking, sending, by the antivirus agent, to a control module in the virtual environment, information of the object and the event; determining, by the control module, priorities of executing one or more antivirus checking methods determined for the object; and distributing, by the control module, among one or more selected components of an antivirus system in the virtual environment, the one or more antivirus checking methods to be performed on the object based on the priorities. | 10-22-2015 |
20150294112 | SYSTEM AND METHOD FOR EMULATION OF FILES USING MULTIPLE IMAGES OF THE EMULATOR STATE - Disclosed are systems, methods, and computer program products for emulation of files using multiple images of the emulator state. In one example, the method includes loading the file into an emulator of the computer system; initiating emulation of the file by the emulator; storing an initial image of an initial state of the emulator; continuing the emulation of the file and detecting occurrence of a condition that results during the emulation of the file; creating and storing a new image of a next state of the emulator when an occurrence of the condition is detected; determining whether the emulation of the file has terminated correctly or incorrectly; and upon determining that the emulation of the file has terminated incorrectly, loading the new image of the next state into the emulator and resuming the emulation of the file from the next state of the emulator. | 10-15-2015 |
20150269380 | SYSTEM AND METHODS FOR DETECTION OF FRAUDULENT ONLINE TRANSACTIONS - Disclosed are some aspects of systems and methods for providing security for online transactions. An example method includes determining, at a security service, that an online transaction related to a payment service has been initiated at a computer by a user of the computer, collecting first information from the computer and second information from the payment service, and determining, based on the collected information, whether the online transaction is suspicious. These aspects further include, when the online transaction is determined to be suspicious, determining whether a malicious program can be identified on the computer and when the malicious program is identified, performing corresponding remedial actions with respect to the detected malicious program. | 09-24-2015 |
20150237054 | SYSTEM AND METHODS FOR AUTHORIZING OPERATIONS ON A SERVICE USING TRUSTED DEVICES - Disclosed are systems and methods for ensuring confidentiality of information of a user of a service. One example method includes receiving a request to perform an operation for a service; selecting, based on a database of trusted devices, a trusted device for authorizing the operation of the service; establishing a secure connection with the trusted device; sending to the trusted device via the secure connection a request to enter confidential information on the trusted device to authorize the operation of the service; receiving the confidential information from the trusted device; and determining whether to authorize the operation of the service based on the confidential information. | 08-20-2015 |
20150207821 | SYSTEM AND METHOD FOR RESOLVING CONFLICTS BETWEEN APPLICATION CONTROL RULES - Disclosed are systems, methods and computer program products for configuring application control rules. An example method includes, in response to testing a new application control rule, transmitting, from each of a plurality of computing devices in a network, information relating to software applications deployed on each computing device and one or more application control rules including the new application control rule associated with the software applications, each of the one or more application control rules having a priority, the collected information identifying at least one conflict between at least one application control rule and the new application control rule in executing one of the software applications; and receiving, by at least one of the plurality of computing devices, the new application control rule reconfigured with a lower priority to eliminate the at least one conflict. | 07-23-2015 |
20150195283 | SYSTEM AND METHOD FOR MANAGING ACCESS TO COMPUTER RESOURCES - Disclosed are methods, systems, and computer program are provided for managing access to computer resources. An example method includes receiving a request, from a client process, for performing an operation on a computer resource, including receiving the request by a kernel of an operating system for creating a separate process to perform the requested operation on the computer resource; obtaining, by a resource manager, metadata of the computer resource, security policies for the client process to perform the requested operation on the computer resource, and data relating to operations requested by other client processes on the computer resource; and performing the requested operation on the resource upon detecting that the requested operation does not: alter the metadata, violate an isolation condition of the computer resource, violate rights of the client process, and distort the operations requested by the other client processes. | 07-09-2015 |
20150188947 | SYSTEM AND METHODS FOR AUTOMATIC DESIGNATION OF ENCRYPTION POLICIES FOR USER DEVICES - Disclosed are system, methods, and computer program product for designation of encryption policies for user devices. An example method includes determining one or more criteria for the user device related to encryption requirements of the user device; determining numeric values for each of the one of more criteria; determining a coefficient for the device based on the numeric values; determining an encryption policy for the device based on the coefficient; and applying the determined encryption policy to the device. | 07-02-2015 |
20150188946 | SYSTEM AND METHOD FOR AUTOMATIC CONTROL OF SECURITY POLICIES BASED ON AVAILABLE SOFTWARE LICENSES - Disclosed are system, methods, and computer program product for applying security policies based on available licenses to a plurality of devices. An example method includes determining, by a processor, one or more criteria for a device relating to a priority of the device in the network for application of the security policies; determining numeric values for each of the one of more criteria; determining a coefficient for the device based on the numeric values; determining the priority of the device based on the coefficient of the device and respective coefficients of the plurality of devices; designating a security policy for the device based on the priority of the device; determining availability of a license for a software applying the designated security policy to the device; and when the license for the software that applies the designated security policy is available, applying the designated security polity to the device. | 07-02-2015 |
20150186192 | SYSTEM AND METHOD FOR SELECTING A SYNCHRONOUS OR ASYNCHRONOUS INTERPROCESS COMMUNICATION MECHANISM - Disclosed are systems, methods and computer program products for selecting interprocess communication mechanism. In one aspect, the system collects information about resources used by two or more processes involved in an interprocess communication in which a first process can transfer data to a second process using one of a synchronous and asynchronous data transfer methods; analyzes the collected information to determine which data transfer method achieves at least one of minimizing time of the data transfer between processes, maximizing utilization of resources used for the data transfer, minimizing standstill time during the data transfer, minimizing effect of other processes of the operating system on the data transfer, and based on the determination, selects one of the synchronous or asynchronous method of interprocess communication to transfer the data between the first and second processes. | 07-02-2015 |
20150186126 | System and Method of Automating Installation of Applications - Disclosed are systems, methods and computer program products for automating installation of applications. In one aspect, the system launches an application installer of a software application; identifies control elements in an active window of the application installer, wherein the control elements include at least user interface (UI) elements responsible for transitioning the active window to another window of the application installer; transitions to other windows of the application installer and identifies control elements in all other windows of the application installer until the application is installed; generates an automatic installation rule for the application that automatically activates one or more windows of the application installer and one or more control elements of said window to install the application without a participation of a user. | 07-02-2015 |
20150163239 | System and Method of Valuating Resource in a Computer Network for Compliance with Requirements for a Computer System - Disclosed are systems and methods for valuating compliance of computer resources, including valuating compliance of a hardware or software resource of a computer system with requirements for the computer system; valuating compliance of one or more objects of interest associated with the hardware or software resource with requirements for the objects of interest; and valuating overall compliance of the hardware or software resource based on the compliance of said hardware or software resource with the requirements for the computer system and the compliance of the one or more objects of interest associated with said hardware or software resource with the requirements for the objects of interest. | 06-11-2015 |
20150163183 | SYSTEM AND METHOD FOR SPAM FILTERING USING INSIGNIFICANT SHINGLES - Disclosed system and methods for detecting spam using shingles. An example system identifies in a received message one or more insignificant text portions based on a text pattern database storing defined insignificant text patterns not containing spam; removes at least a portion of the one or more identified insignificant text portions from the message to generate an abridged and canonized message; generates a set of shingles from the abridged and canonized message; identifies in the set of shingles one or more shingles based on a shingles database storing defined insignificant shingles that occur only in messages not containing spam; removes one or more identified shingles from the set of shingles to generate a reduced set of shingles upon detecting the one or more identified shingles matching at least one of the defined insignificant shingles; and determines whether the received message contains spam based on the reduced set of shingles. | 06-11-2015 |
20150161364 | SYSTEM AND METHOD OF APPLYING ACCESS RULES TO FILES TRANSMITTED BETWEEN COMPUTERS - Disclosed are systems and methods for providing access to computer files, including receiving, by a hardware processor, from a remote computer, a request to access a file; determining one or more parameters of at least one of the requested file, the remote computer and a user of the remote computer; determining, based on the one or more parameters, access rules for the requested file, wherein the access rules specify at least encryption requirements for the requested file, and applying, by the hardware processor, the access rules to the requested file. | 06-11-2015 |
20150160939 | SYSTEM AND METHOD FOR MODIFYING A SOFTWARE DISTRIBUTION PACKAGE WITHOUT RECALCULATING DIGITAL SIGNATURES - Disclosed are systems, methods and computer program products for modifying a software distribution package. An example method includes receiving a software distribution package that including one or more compressed files and one or more digital signatures of the one or more compressed files. The method further includes determining to add modifications to the software distribution package. The method further includes writing the modifications into a commentary section of the software distribution package or into a free region between the one or more compressed files of the software distribution package without recalculating the digital signatures for the one or more compressed files included in the software distribution package. | 06-11-2015 |
20150160813 | SYSTEM AND METHOD FOR BLOCKING ELEMENTS OF APPLICATION INTERFACE - A method, system and computer program product for blocking access to restricted elements of application interface and covering the restricted elements by trusted interface elements. The system includes an analyzer module, a database of restricted elements and a blocking module. The analyzer module is configured to detect interface elements of an active application rendered on a computer or a mobile device. The analyzer module determines if an application interface element is restricted by comparing the application interface element against the known restricted interface elements from the database. If the restricted element is detected, the analyzer module sends the data about the restricted element to the blocking module. The blocking module covers the restricted interface element by a trusted interface element or by an image. | 06-11-2015 |
20150143521 | SYSTEM AND METHOD FOR DETECTING MALICIOUS SOFTWARE USING MALWARE TRIGGER SCENARIOS IN A MODIFIED COMPUTER ENVIRONMENT - Disclosed system and methods for malware testing of software programs. An example method includes storing a plurality of malware trigger scenarios specifying different sets of malware trigger events known to trigger malicious behaviour in software programs; in response to obtaining a software program, modifying a computer environment for operating the software program by creating malware trigger events associated with a selected one of the plurality of malware trigger scenarios; analyzing an execution of the software program in the modified computer environment in response to the malware trigger events; upon detecting that the software program exhibits malicious behaviour, performing remedial actions on the software program; and upon detecting that the software program exhibits no malicious behaviour, selecting a different malware trigger scenario from the plurality of malware trigger scenarios for malware testing of the software program. | 05-21-2015 |
20150128278 | SYSTEM AND METHOD FOR CORRECTING ANTIVIRUS RECORDS USING ANTIVIRUS SERVER - Disclose are system, method and computer program product for correcting antivirus records. In an example aspect, an antivirus application receives a software object for malware detections using an antivirus database and an antivirus cache. The antivirus database comprising antivirus records and the antivirus cache comprising corrections of the antivirus records. The antivirus application determines that software objection is malicious by activating an antivirus record based on information in the antivirus database or the antivirus cache. The antivirus application transmits information relating to the antivirus record to a server prior to executing actions associated with the antivirus record in response to detecting a selected status indicator of the antivirus record. The antivirus application then receives a correction of the antivirus record from the server for processing the software object. | 05-07-2015 |
20150121531 | SYSTEM AND METHOD FOR PRESERVING AND SUBSEQUENTLY RESTORING EMULATOR STATE - Disclosed are systems, methods, and computer program products for preserving and subsequently restoring a state of a program emulator. In one aspect, the system loads a file into an emulator of the computer system and determines whether an emulation is being performed for the first time. When the emulation is performed for the first time, the system loads into the emulator an initial image of the emulator state and emulates the file using the loaded initial image of the emulator state. During emulation, the system creates and stores new images of the emulator state upon occurrence of predefined conditions. When the emulation is not performed for the first time, the system identifies new images of the emulator state created during initial emulation of the file, loads into the emulator the identified images, and resume emulating the file using the new images of the emulator state. | 04-30-2015 |
20150121089 | SYSTEM AND METHOD FOR COPYING FILES BETWEEN ENCRYPTED AND UNENCRYPTED DATA STORAGE DEVICES - Disclosed are systems, methods and computer program products for copying encrypted and unencrypted files between data storage devices. In one aspect, the system detects a request to copy a file from a first data storage device to a second data storage device, determines one or more parameters of the copied file, the first data storage device and the second data storage device, selects, based on the one or more parameters, a file encryption policy for the copies file, and applies the selected encryption policy to the copied file. | 04-30-2015 |
20150101052 | METHOD FOR FUNCTION CAPTURE AND MAINTAINING PARAMETER STACK - A system and method for capturing and re-calling an application function. The method of function re-call during anti-virus check includes the following steps: function intercept (capture); anti-virus analysis of the parameters used to call the function; preparing of an application stack for function re-call (when the analysis did not detect any malicious functionality); and calling the function again. The exemplary method can be used with browsers and other applications. | 04-09-2015 |
20150096027 | SYSTEM AND METHOD FOR EVALUATING MALWARE DETECTION RULES - A malware detection rule is evaluated for effectiveness and accuracy. The detection rule defines criteria for distinguishing files having a characteristic of interest from other files lacking that characteristic, for instance, malicious files vs. benign files. The detection rule is applied to a set of unknown files. This produces a result set that contains files detected from among the set of unknown files as having the at least one characteristic of interest. Each file from the result set is compared to at least one file from a set of known files having the characteristic to produce a first measure of similarity, and to at least one file from a set of known files lacking the characteristic to produce a second measure of similarity. In response to the first measure of similarity exceeding a first similarity threshold, the detection rule is deemed effective. In response to the second measure of similarity exceeding a second similarity threshold, the detection rule is deemed inaccurate. | 04-02-2015 |
20150088800 | SYSTEM AND METHOD FOR TESTING AND CONFIGURING APPLICATION CONTROL RULES - Disclosed are systems, methods and computer program products for configuring application control rules. The system creates a new application control rule that specifies restrictions or permission on execution a software application, a function of an application or a category of applications. The system then collects information about one or more computers in a network, including information about software applications deployed on the computers and existing application control rules. The system then tests the new application control rule using the collected information to determine verdicts rendered by the new application control rule that restrict or permit execution of an application, certain function of an application or a category of applications. The system then compares verdicts rendered by the new application rule with the verdicts rendered by the existing application control rules to identify conflicting rules, and reconfigures the new application control rule to eliminate conflicts. | 03-26-2015 |
20150088733 | SYSTEM AND METHOD FOR ENSURING SAFETY OF ONLINE TRANSACTIONS - Online transaction security is improved by detecting a start of an online financial transaction between a user-controlled online transaction application and a remote payment service. A protected data input module, a protected environment module, and a safe data transfer module each provides a corresponding set of protection operations. A risk level of conducting the financial transaction is assessed based on a vulnerability assessment and on present condition of the local computing system. An initial degree of protection for each of the modules is set, and subsequently adjusted based on the risk level. | 03-26-2015 |
20150047046 | System and Method for Protecting Computers from Software Vulnerabilities - Disclosed herein are systems, methods and computer program products for protecting computer systems from software vulnerabilities. In one aspect, a system is configured to detect execution of a software application and determine whether the detected application has vulnerabilities. When the application has vulnerabilities, the system may analyze the application to identify typical actions performed by the application. The system may then create one or more restriction rules based on the identified typical actions of the application. The restriction rules allow application to perform typical actions and block atypical actions. The system then controls execution of the application using the created restriction rules. | 02-12-2015 |
20150046706 | System and Method for Controlling Access to Encrypted Files - Disclosed are systems, methods and computer program products for controlling access to encrypted files. In one aspect, the system detects a request from an application to access an encrypted file. The system identifies the application that requested access to the encrypted file and one or more file access policies associated with the application. The file access policy specifies at least a file access method associated with the application. The system then controls access to the file based on the identified one or more file access policies. | 02-12-2015 |
20150033299 | SYSTEM AND METHODS FOR ENSURING CONFIDENTIALITY OF INFORMATION USED DURING AUTHENTICATION AND AUTHORIZATION OPERATIONS - Disclosed are systems and methods for ensuring confidentiality of information of a user of a service. One example method includes receiving a request to carry out an operation control procedure for the service; identifying the user of the service; selecting a trusted device associated with the identified user of the service; sending, to the selected trusted device, a request for confidential information of the user, wherein the confidential information is used to carry out the operation control procedure; receiving the confidential information from the selected trusted device; and carrying out the operation control procedure using the received confidential information. | 01-29-2015 |
20140380481 | PORTABLE SECURITY DEVICE AND METHODS FOR DETECTION AND TREATMENT OF MALWARE - Disclosed is a portable security device and method for detection and treatment of computer malware. An example method includes performing a malware detection experiment by the security device on the computer by simulating a connection to the computer of a simulated data storage device containing a predefined set of data. The method further includes determining if there are any modifications in the set of data contained in the simulated data storage device after termination of the malware detection experiment. The method further includes, based on whether there are any modifications in the set of data, determining whether to perform one or more subsequent malware detection experiments by the security device on the computer. In one example aspect, each of the one or more subsequent malware detection experiments are configured to simulate a different connection to the computer of a different simulated data storage device containing the predefined set of data. | 12-25-2014 |
20140366137 | System and Method for Detecting Malicious Executable Files Based on Similarity of Their Resources - Disclosed are systems, methods and computer program products for detection of malicious executable files based on the similarity of various types of extractable resources of the executable files. In one aspect, the system determines a type of an executable file being analyzed and determines types of extractable resources of the executable file based on the type of the executable file. The system then extracts the identified extractable resources of the executable file and compares the extracted resources to known resources of malicious executable files. The system then determines a degree of similarity between the compared resources. The system then determines whether the executable file is malicious based on a degree of similarity of the one or more compared resources. | 12-11-2014 |
20140365585 | System and Method for Spam Filtering Using Shingles - Disclosed system and methods for detecting spam using shingles. In one aspect, the system receives an electronic message including at least a text portion. The system identifies in the received message insignificant text portions. The system then removes identified insignificant text portions to generate an abridged message. The system then generates a set of shingles from the abridged message. The system then indentifies in the generated set of shingles one or more shingles that occur only in messages not containing spam. The system then removes one or more identified shingles from the generated set of shingles to generate a reduced set of shingles. The system then performs spam filtering of the reduced set of shingles to determine whether the received message contains spam. | 12-11-2014 |
20140325234 | System and Method for Controlling User Access to Encrypted Data - Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials. | 10-30-2014 |
20140325226 | System and Method for Controlling User Access to Encrypted Data - Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials. | 10-30-2014 |
20140298470 | System and Method for Adaptive Modification of Antivirus Databases - Disclosed are systems, methods and computer program products for adaptively modifying antivirus databases. In one example, a system stores in an antivirus database a list of file types and antivirus records for different file types. When the system receives files for performing antivirus analysis, it retrieves from the database the list of file types and uses it to determine file types of the received files. The system then retrieves from the database antivirus lists for the determined file types and uses them to perform antivirus analysis of the files. The system then identifies files with an unknown file type and attempts to determine the file type of these files. The system then updates the antivirus database by (i) adding to the list of file types a new file type corresponding to said unknown file type, and (ii) adding a new empty antivirus list corresponding to said unknown file type. | 10-02-2014 |
20140298324 | SYSTEM AND METHOD FOR AUTOMATED CONFIGURATION OF SOFTWARE INSTALLATION PACKAGE - Automated configuration of a software application to be installed via a software installation package onto different user devices for different users. An initial software installation package is obtained, as is information representing (a) associations between the plurality of users and the plurality of user devices, and (b) user attributes from which access privilege level information for individual users is determinable. The initial software installation package is configured for the user devices based on the information representing (a) and (b), to produce a plurality of different specially-configured software installation packages, each one of which corresponds to one or more specific users and one or more specific user devices. Each specially-configured package includes parameters that establish functionality for the software application based on the access privilege level of the users. Each user is authenticated, and completion of installation of the software application is conditioned on a result of the authentication. | 10-02-2014 |
20140223566 | SYSTEM AND METHOD FOR AUTOMATIC GENERATION OF HEURISTIC ALGORITHMS FOR MALICIOUS OBJECT IDENTIFICATION - A server-based system for generation of heuristic scripts for malware detection includes an automatic heuristics generation system for generating heuristic scripts for curing malware infections; a log database containing logs of events from user computers, including detection of known malicious objects and detection of suspicious objects; a safe objects database accessible containing signatures of known safe objects; a malicious objects database containing signatures of known malicious objects. The system retrieves suspect object metadata from the log database and generates the heuristic script based on data from the safe and malicious objects databases. For multiple computers having the same configuration and having the same logs, only one log common to all the multiple computers is transmitted and only one heuristic script is distributed to the multiple computers. A different and specific heuristic script is distributed to those computers that have a different log than the common log. | 08-07-2014 |
20140215627 | SYSTEM AND METHOD FOR CORRECTING ANTIVIRUS RECORDS TO MINIMIZE FALSE MALWARE DETECTIONS - Disclose are system, method and computer program product for correcting antivirus records. In an example aspect, an antivirus application analyzes a software object for a presence of malware. The antivirus application includes an antivirus database and an antivirus cache. The antivirus application retrieves from the antivirus database an antivirus record associated with the analyzed object. The antivirus record indicates whether the object is clean or malicious and further includes at least a test antivirus record status indicator. The antivirus application checks at least in the antivirus cache for correction of the test antivirus record. The correction includes a change in the test status of the antivirus record. When a correction for the retrieved antivirus record is found in the antivirus cache, the antivirus application uses said correction for the antivirus record for a further processing of the software object. | 07-31-2014 |
20140207724 | System and Method for Adaptive Control of User Actions Based on User's Behavior - Disclosed are system, method and computer program product for adaptive control of actions of a user on a computer system. The system monitors one or more actions of the user, applies restriction rules to detect prohibited user actions, and blocks prohibited actions that violate at least one restriction rule. The system also collects information on allowed actions of the user and corresponding system events, analyzes in real-time the collected information about system events corresponding to the allowed actions to detect anomalous actions that did not violate any of the restriction rules, but caused abnormal increase in the usage of certain system resources. When an anomalous action is detected, the system identifies restriction rules that are associated with the detected anomalous action and edits these rules or creates new restriction rules to include the anomalous action prohibited to the user. | 07-24-2014 |
20140181974 | System and Method for Detecting Malware Using Isolated Environment - Disclosed system and methods for detecting malicious applications. The system provides a library of handler functions. The handlers functions control access of one or more applications to protected resources on a user device The system also modifies the one or more applications to access the library of handler functions instead of corresponding application program interface (API) functions of the user device. The handler functions receive API function calls from a modified application. The system analyzes the received API function calls for malicious behavior characteristics. When the. API function calls do not exhibit malicious behavior characteristics, the handier functions perform the API function calls to the protected resources. When the API function calls exhibit malicious behavior characteristics, the system prevents access of the modified application to the protected resources. | 06-26-2014 |
20140181971 | SYSTEM AND METHOD FOR DETECTING MALWARE THAT INTERFERES WITH THE USER INTERFACE - System and method for detecting ransomware. A current user behavior pattern is monitored based on user input via a user input device. The user behavior is compared against a reference set of behavior patterns associated with user frustration with non-responsiveness of the user interface module. A current status pattern of the operating system is also monitored. The current status pattern is compared against a reference set of operating system status patterns associated with predefined ransomware behavior. In response to indicia of current user frustration with non-responsiveness of the user interface, and further in response to indicia of the current status pattern having a correlation to the predefined ransomware behavior, an indication of a positive detection of ransomware executing on the computer system is provided. | 06-26-2014 |
20140181970 | SYSTEM AND METHOD FOR IMPROVING THE EFFICIENCY OF APPLICATION EMULATION ACCELERATION - An improved emulator for analyzing software code, and associated method. The emulator includes a virtual execution environment in which a series of virtual processing states are represented during emulation of a first portion of the software code, and a hardware accelerator that performs an initialization of the computing hardware to directly execute a second portion of the software code under investigation without emulation thereof in the virtual execution environment. An efficiency assessment module determines a measure of efficiency of performing the executing of the second portion of the software code under investigation without emulation thereof, and an acceleration decision module performs selection of the second portion of the software code under investigation to be directly executed by the hardware accelerator module based on the determined measure of efficiency. | 06-26-2014 |
20140181897 | System and Method for Detection of Malware Using Behavior Model Scripts of Security Rating Rules - Disclosed are systems, methods and computer program products for detecting computer malware using security rating rules. In one example, the system identifies at least one problematic security rating rule that was activated during antivirus analysis of both safe and malicious programs. The system then selects a group of programs for which said problematic rule was activated. The system then identifies in the selected group of programs a plurality of only malicious programs or the plurality of only safe programs based on the problematic security rating rule and at least one different security rating rule. The system then generates a behavior model script based on the problematic security rating rule and the at least one different security rating rule and executes said behavior model script during antivirus analysis of said analyzed program to detect a computer malware in said analyzed program. | 06-26-2014 |
20140181896 | System and Method for Protecting Computer Resources from Unauthorized Access Using Isolated Environment - Disclosed system and methods for protecting computer resources from unauthorized access. The system provides a library of handler functions that control access of applications to protected resources on a computer device. The system associates a security policy with the library to handler functions. The security policy specifies access rules for accessing protected resources by the applications. The system also modifies applications to access the library of handler functions instead of corresponding application program interface (API) functions of the computer device. When a handler function receives an API function call from a modified application, it may determine if the received API function call complies with the access rules. When the API function call complies with the access rules, the handler function performs the API function call from the application to the protected resources. When the API function call violates the access rules, the handler function block that API function call. | 06-26-2014 |
20140181805 | SYSTEM AND METHOD FOR ESTABLISHING RULES FOR FILTERING INSIGNIFICANT EVENTS FOR ANALYSIS OF SOFTWARE PROGRAM - Systems and methods for generating a set of event filtering rules for filtering events being produced in response to emulation of a program. A plurality of sample programs is constructed based on a plurality of known program development tools. Emulated execution of the plurality of sample programs is carried out in an isolated virtual machine environment and events occurring in the virtual machine environment as a result of the emulated execution of the plurality of sample programs are recorded in an event log. A set of rules is formulated for distinguishing events from among the event log that are determined to be insignificant with respect to malware detection processing to be performed. | 06-26-2014 |
20140181801 | SYSTEM AND METHOD FOR DEPLOYING PRECONFIGURED SOFTWARE - Automated deployment of a software application to be installed via a software installation package onto different user devices for different users. An initial software installation package, is obtained, along with information representing (a) associations between the users and the user devices, (b) user attributes from which access privilege level information for individual users is determinable, and (c) device attributes for each of the plurality of user devices, including network connectivity information. The initial software installation package is custom-configured for individual user devices based on the information representing (a) and (b) to produce a different specially-configured software installation packages. Each one includes installation parameters that establish functionality for the software application based on the access privilege level of the corresponding user. Data transfer channels are custom-configured for individual user devices based on the information representing (a) and (c). | 06-26-2014 |
20140181530 | System and Method for Protecting Cloud Services from Unauthorized Access and Malware Attacks - Disclosed are systems, methods and computer program products for protecting cloud security services from unauthorized access and malware attacks. In one example, a cloud server receives one or more queries from security software of the user device. The server analyzes a system state and configuration of the user device to determine the level of trust associated with the user device. The server also analyzes the one or more queries received from the security software to determine whether to update the level of trust associated with the user device. The server determines, based on the level of trust, how to process the one or more queries. Finally, the server provides responses to the one or more queries from the security software based on the determination of how to process the one or more queries. | 06-26-2014 |
20140165130 | APPLICATION-SPECIFIC RE-ADJUSTMENT OF COMPUTER SECURITY SETTINGS - System and method for re-adjustment of a security application to various application execution scenarios. Application execution scenarios for each of a set of software applications are created, each representing a specific subset of functionality of a corresponding application. Sets of security application configuration instructions are stored, each corresponding to at least one of the application execution scenarios. A current one or more of the application execution scenarios that is being executed in the computing device is determined and, in response, a set of security application configuration instructions corresponding to each current application execution scenario are carried out, such that the security application is adjusted to perform a specific subset of security functionality that is particularized to the current one or more of the application execution scenarios. | 06-12-2014 |
20140130161 | System and Method for Cloud-Based Detection of Computer Malware - Disclosed are systems, methods and computer program products for detecting computer malware. In one example, a security server receives information about a suspicious software object detected by a client computer using one or more malware detection methods. The server identifies the malware detection methods used to detect the suspicious object, and selects one or more different malware detection methods to check whether the suspicious object is malicious or clean. The server analyzes the suspicious object using the selected one or more different malware analysis methods to check whether the object is malicious or clean. If the object is determined to be malicious, the server generates and sends to the client computer detection instructions specific to the one or more malware detection methods used by the client computer for detecting and blocking the malicious object on the client computer. | 05-08-2014 |
20140130160 | SYSTEM AND METHOD FOR RESTRICTING PATHWAYS TO HARMFUL HOSTS IN COMPUTER NETWORKS - System and method for detecting malicious activity in a computer network that includes hosts and connectors between the hosts. Network pathways to a plurality of investigated hosts are explored. A graph is formed based on results of the exploring of the network pathways. The graph represents topology of explored portions of the computer network, including connectors (e.g., communication links) between the investigated hosts and intermediary hosts situated along explored pathways that include the investigated hosts, and an indication of a prevalence of connectors in pathways to each of the investigated hosts. The prevalence of connectors along pathways to each of the investigated hosts is compared against a threshold, and any suspicious host situated along pathways to a common investigated host that is associated with a connector having a low prevalence that is below the prevalence threshold is identified. An access restriction can be associated with the suspicious host. | 05-08-2014 |
20140096250 | SYSTEM AND METHOD FOR COUNTERING DETECTION OF EMULATION BY MALWARE - Instructions of an application program are emulated such that they are carried out sequentially in a first virtual execution environment that represents the user-mode data processing of the operating system. A system API call requesting execution of a user-mode system function is detected. In response, the instructions of the user-mode system function called by the API are emulated according to a second emulation mode in which the instructions of the user-mode system function are carried out sequentially in a second virtual execution environment that represents the user-mode data processing of the operating system, including tracking certain processor and memory states affected by the instructions of the user-mode system function. Results of the emulating of the application program instructions according to the first emulation mode are analyzed for any presence of malicious code. | 04-03-2014 |
20140096184 | System and Method for Assessing Danger of Software Using Prioritized Rules - Disclosed are system, method and computer program product for assessing security danger of software. The system collects information about a suspicious, high-danger software objects, including one or more malicious characteristics of the software object, security rating of the software object, and information about one or more security rating rules used in assessing the security rating of the software object. The system then determines whether the suspicious object is a clean (i.e., harmless). When the suspicious object is determined to be clean, the system identifies one or more unique, non-malicious characteristics of the software object and generates a new security rating rule that identifies the software object as clean based on the one or more selected non-malicious characteristics. The system then assigns high priority ranking to the new security rating rule to ensure that the rule precedes all other rules. | 04-03-2014 |
20140095682 | System and Method for Performing Administrative Tasks on Mobile Devices - Disclosed are system, method and computer program product for remote administration of mobile devices. The system includes an administration server that receives a request to perform a remote administrative task on a mobile device. The server selects a function that performs the requested remote administrative task. The server identifies one or more management protocols that perform the selected function, wherein different protocols use different mechanisms to perform the same function. The server determines if the mobile device supports one or more of the identified protocols. When the mobile device supports two or more different management protocols, the server selects a protocol with the highest priority for performing the selected function. The server then executes the selected management protocol to perform the selected function that performs the requested remote administrative task on the mobile device. | 04-03-2014 |
20140047531 | System and Method for Controlling User's Access to Protected Resources Using Multi-Level Authentication - Disclosed are systems, methods and computer program products for multi-level user authentication. In one example, method includes detecting a plug-in token connected to a device that controls user access to a protected resource; identifying one or more authorized users associated with the detected token who are authorized to access the protected resource; authenticating whether a first user requesting accessing the protected resource is associated with the detected token and authorized to access the protected resource; detecting presence of one or more wireless transponders of one or more authorized users associated with the token, including at least a transponder of the first user; and providing access to the protected resource to the first user when the first user is authenticated as an authorized user associated with the detected token and the transponder of at least the first user is detected. | 02-13-2014 |
20130340080 | System and Method for Preventing Spread of Malware in Peer-to-Peer Network - Disclosed are systems, methods and computer program products for detecting and preventing spread of malware in a peer-to-peer (P2P) network. The system includes a P2P server receiving from a peer client computer a request for a metadata object and determining if the requested metadata object is associated with one of a verified clean data object, a verified malicious data, or an unverified data object. If the requested metadata object is associated with a verified clean data object, transmitting the requested metadata object to the peer client computer. If the requested metadata object is associated with an unverified data object, determining if the peer client computer has an antivirus software for testing the unverified data object for malware. If the peer client computer has an antivirus software, transmitting to the peer client computer the requested metadata object, otherwise denying client' request. | 12-19-2013 |
20130333018 | Portable Security Device and Methods for Secure Communication - Disclosed a portable personal security device and methods for secure communication. In one example, the personal security device may wirelessly connect to a user device and collect information about the user device. The personal security device may then assess security characteristics of the user device based on the collected information. When the user device is determined to be unsecure, the personal security devices may instruct the user to use a secure internet application of the personal security device instead of an unsecure internet application of the user device. In addition, the personal security device may instruct the user to use a secure data input device of the personal security device instead of an unsecure data input device of the user device. The personal security device then receives via the secure data input device a user input data for the secure internet application, and transmit it to the user device. | 12-12-2013 |
20130326626 | ASYNCHRONOUS FILTERING AND PROCESSING OF EVENTS FOR MALWARE DETECTION - A method for asynchronous processing of system calls, including detecting a system call on a computer system; filtering the system call to determine when the system call call matches a filter parameter; making a copy of the system call and asynchronously asynchronously processing the system call copy, if the system call does not pass through at through at least one filter, and the filter parameter does not match the system call; placing placing the system call into a queue; releasing the system call after an anti-virus (AV) (AV) check of the system call copy and terminating an object that caused the system call call when the AV check reveals that the system call is malicious; and for an object associated with the system call that has behavior differences compared to a previous known known non-malicious version of the object but also similarities to the previous known non-known non-malicious object, classifying the object as non-malicious. | 12-05-2013 |
20130318610 | System and Method for Detection and Treatment of Malware on Data Storage Devices - Disclosed are systems and methods for detection and repair of malware on data storage devices. The system includes a controller, a communication interface for connecting an external data storage device, and a memory for storing antivirus software. The antivirus software is configured to scan the data contained in the data storage device, perform repair or removal of malicious files or programs found on the data storage device, identify suspicious files or programs on the data storage device and malicious files or programs that cannot be repaired or removed from the data storage device, send information about these files or programs to the antivirus software provider, receive updates for the antivirus software from the antivirus software provider, and rescan the suspicious files or programs and malicious files or programs that cannot be repaired or removed using updated antivirus software. | 11-28-2013 |
20130305365 | SYSTEM AND METHOD FOR OPTIMIZATION OF SECURITY TRAFFIC MONITORING - A method and system for security processing of a network data stream. Threat-related statistics are collected and the network data stream is selectively checked based on the statistics data identifying the areas of the stream where the threats had been previously detected. A system for processing a network data stream includes at least one network Intrusion Detection System (IDS) for checking a pre-determined portion of the data stream for presence of threats. The IDS collects threat-related statistics and provides it to statistics database. A unit for determining areas of the data stream to be checked queries the statistics database for determining or changing the current checked area based on the received statistics. The information about changes in the areas of the data stream to be checked is provided to the IDS, which checks the selected areas of the data stream. | 11-14-2013 |
20130268470 | SYSTEM AND METHOD FOR FILTERING SPAM MESSAGES BASED ON USER REPUTATION - System for updating filtering rules for messages received by a plurality of users including a filtering rules database storing filtering rules for the users; means for distributing the filtering rules to the users; a user reputation database comprising a reputation weight for each user; and means for receiving and processing of user reports that indicate that a message belongs to a particular category. The means for receiving (i) calculates a message weight in its category based on a number of reports received from multiple users and a reputation weights of those users, (ii) decides whether the message belongs to the particular category if the message weight exceeds a predefined threshold, (iii) updates the filtering rules in the filtering rules database based on the deciding, and (iv) distributes the updated filtering rules from the filtering rules database to the users using the means for distributing. | 10-10-2013 |
20130247202 | DYNAMIC MANAGEMENT OF RESOURCE UTILIZATION BY AN ANTIVIRUS APPLICATION - System and method for dynamically managing utilization of computing capacity by an antivirus application having distinct security modules configurable by adjustment of operational parameters. An identification of the computing resources required by each of the security modules to perform certain corresponding security-related functionality is obtained. A current state of authorization granted to the antivirus application to access each of the plurality of computing resources is determined. The operational parameters are adjusted for the at least one of the security modules in response to a determination that the current state of authorization is insufficient for the antivirus application to access certain ones of the computing resources required by the at least one of the security modules to perform its corresponding functionality. The operational parameters are adjusted to disable the corresponding functionality and to thereby de-allocate a portion of the computing capacity needed to execute that corresponding functionality. | 09-19-2013 |
20130247193 | SYSTEM AND METHOD FOR REMOVAL OF MALICIOUS SOFTWARE FROM COMPUTER SYSTEMS AND MANAGEMENT OF TREATMENT SIDE-EFFECTS - Removing malware from a computer system. An inspection module obtains an inspection log representing operational history of the operating system and the application programs of the computer system. The inspection log is analyzed to detect a presence of any malware on the computer system. A treatment scenario is generated that defines a plurality of actions to be executed for removing any malware present on the computer system, as detected in the analyzing. The treatment scenario is generated based on the information contained in the inspection log and on a knowledge base of malware removal rules. The generated treatment scenario is evaluated to assess the actions defined in the generated treatment scenario that are associated with a risk of damaging the operating system or the application programs of the computer system. A modified treatment scenario can be created to reduce the risk in response to an assessment of the risk. | 09-19-2013 |
20130227692 | SYSTEM AND METHOD FOR OPTIMIZATION OF ANTIVIRUS PROCESSING OF DISK FILES - A system and method for optimization of AV processing of disk files. The system includes an AV scanner, a data cache module, an AV service and file analysis module. The optimization allows for reduction of time needed for the AV processing. Trusted files associated with a trusted key file are found. The trusted files that have been found are cached and excluded from further AV processing and the AV processing time is reduced. | 08-29-2013 |
20130227680 | AUTOMATED PROTECTION AGAINST COMPUTER EXPLOITS - Protection of a computer system against exploits. A computer system has a memory access control arrangement in which at least write and execute privileges are enforced for allocated portions of memory. An association of the process thread and the first portion of memory is recorded. A limited access regime in which one of the write and execute privileges is disabled, is established, and is monitored for any exceptions occurring due to attempted writing or execution in violation thereof. In response to the exception being determined as a write exception, the associated process thread is looked up, and analyzed for a presence of malicious code. In response to the exception type being determined as an execute exception, the first portion of memory is analyzed for a presence of malicious code. In response to detection of a presence of malicious code, execution of the malicious code is prevented. | 08-29-2013 |
20130227300 | System and Method for Detecting Unknown Packers and Cryptors - Disclosed are systems, methods and computer program products for detecting unknown packers and cryptors. An example method comprises emulating execution of a software object modified by an unknown packer or cryptor; collecting information about memory operations performed during the emulation; combining information about a plurality of related memory operations into at least one sequential set of memory operations; identifying from the at least one sequential set of related memory operations one or more high-level operations associated with unpacking or decryption of the emulated object; and generating based on the one or more high-level operations a record of the unknown packer or cryptor to be used for detecting the unknown packer or cryptor. | 08-29-2013 |
20130219495 | SYSTEM AND METHOD FOR OPTIMIZATION OF SECURITY TASKS BY CONFIGURING SECURITY MODULES - A system and method for dynamic configuration of the security modules for optimization of execution of security tasks are provided. The system includes: a mechanism for identifying the clients connected to the network; a client data collection unit that determines hardware/software configurations of each detected client; a security module selection and installation unit that selects required modules for each client; a statistics collection unit that collects the security tasks execution statistics from user modules and from client modules; and a configuration unit that configures the client and server modules based on the collected statistics in order to optimize execution of the security tasks. | 08-22-2013 |
20130145437 | PROTECTION AGAINST MALWARE ON WEB RESOURCES UTILIZING SCRIPTS FOR CONTENT SCANNING - A method and system for identification of malware threats on web resources. The system employs a scheduled antivirus (AV) scanning of web resources. The scheduled scanning of web resources allows to create malware check lists and to configure access to web resources. Frequency and depth of inspection (i.e., scan) are determined for each web resource. The user identifiers are used for scheduled AV scanning of web resources. The system allows for scanning a web resource based on selected configurations without using additional client applications. | 06-06-2013 |
20130139265 | SYSTEM AND METHOD FOR CORRECTING ANTIVIRUS RECORDS TO MINIMIZE FALSE MALWARE DETECTIONS - Disclose are system, method and computer program product for correcting antivirus records. In an example method, during analysis of a software object for malware, an antivirus application retrieves from an antivirus database an antivirus record associated with the analyzed object, which identifies the object as malicious or clean. The application also checks if there is a correction for the antivirus record in an antivirus cache and use the correction for analysis of the software object. If no correction is found in the cache, the application checks correctness of the antivirus record with an antivirus server. The antivirus server uses statistical information about software objects collected from antivirus applications deployed on different computers to validate correctness of antivirus records. If the antivirus server provides a correction for the antivirus record, the application uses the provided correction for analysis of the software object for malware. | 05-30-2013 |
20130133069 | SILENT-MODE SIGNATURE TESTING IN ANTI-MALWARE PROCESSING - Method and computer program product for signature testing used in anti-malware processing. Silent signatures, after being tested, are not updated into a white list and are sent directly to users instead. If the silent signature coincides with malware signature, a user is not informed. A checksum (e.g., hash value) of a suspected file is sent to a server, where statistics are kept and analyzed. Based on collected false positive statistics of the silent-signature, the silent-signature is either valid or invalid. Use of the silent signatures provides for effective signature testing and reduces response time to new malware-related threats. The silent signature method is used for turning off a signature upon first false positive occurrence. Use of silent signatures allows improving heuristic algorithms for detection of unknown malware. | 05-23-2013 |
20130125208 | PORTABLE SECURITY DEVICE AND METHODS OF USER AUTHENTICATION - Disclosed a portable security device and methods for secure user authentication. The security device stores operating system agents that enable communication with user devices that have different operating systems. The security device also stores user authentication data for accessing different Internet resources by the user devices. The security devices connects to the user device using an operating system agent corresponding to the operating system of the user device, and receives from the user device a request to access an Internet resource. The security device select user authentication data associated with the requested Internet resource, and obtains the requested Internet resource using the selected user authentication data. | 05-16-2013 |
20130055399 | AUTOMATIC ANALYSIS OF SECURITY RELATED INCIDENTS IN COMPUTER NETWORKS - Solutions for responding to security-related incidents in a computer network, including a security server, and a client-side arrangement. The security server includes an event collection module communicatively coupled to the computer network, an event analysis module operatively coupled to the event collection module, and a solution module operatively coupled to the event analysis module. The event collection module is configured to obtain incident-related information that includes event-level information from at least one client computer of the plurality of client computers, the incident-related information being associated with at least a first incident which was detected by that at least one client computer and provided to the event collection module in response to that detection. The event analysis module is configured to reconstruct at least one chain of events causally related to the first incident and indicative of a root cause of the first incident based on the incident-related information. The solution module is configured to formulate at least one recommendation for use by the at least one client computer, the at least one recommendation being based on the at least one chain of events, and including corrective/preventive action particularized for responding to the first incident. | 02-28-2013 |
20130055278 | EFFICIENT MANAGEMENT OF COMPUTER RESOURCES - System, method, and computer-readable medium for managing removal of unused objects on a subject computer system that includes a plurality of computing resources. Current configuration and operational state information of a subject computer system are analyzed to detect a presence of unused objects on the subject computer system. An estimated degree of impact that unused objects have on the workload of at least one computing resource of the plurality of computing resources is obtained. A measure of the exigency of taking action to remove the unused objects is determined based on the estimated degree of impact and on the current degree of workload of the at least one computing resource. Instructions are generated for removing specific ones of the unused objects for which the exigency of taking action is sufficiently great. | 02-28-2013 |
20130007883 | Portable Security Device and Methods for Detection and Treatment of Malware - Disclosed is a portable security device and method for detection and treatment of computer malware. The security device includes a communication interface for connecting to a computer, a memory for storing a set of data for use in malware detection experiments, and an antivirus engine configured to perform one or more malware detection experiments on the computer. A malware detection experiment includes simulating a connection to the computer of a data storage device containing a predefined set of data. The antivirus engine further configured to identify modifications in the set of data contained in the data storage device after termination of one or more malware detection experiments, analyze a modified set of data for presences of computer malware, determine a treatment mechanism for the detected malware, perform treatment of the detected malware on the computer, and generate user reports. | 01-03-2013 |
20130007527 | SYSTEM AND METHOD FOR AUTOMATED SOLUTION OF FUNCTIONALITY PROBLEMS IN COMPUTER SYSTEMS - An automated support system includes a database of statistics used to calculate and store the solution ratings. The database is connected to a decision-making module that selects appropriate solutions. A known computer operation-related problem is stored in the database. The problem is represented by a set of parameters of a user computer system. Any given set of parameters defines a problem existing on the user(s) computer system. A solution formed by the solution adding module is represented by a special file. The selected solution is automatically executed on the user computer system and operation-related problem is solved. The effective solution is assigned rating stored in the solution database. | 01-03-2013 |
20120272318 | SYSTEM AND METHOD FOR DYNAMIC GENERATION OF ANTI-VIRUS DATABASES - A method for reducing the size of the AV database on a user computer by dynamically generating an AV database according to user parameters is provided. Critical user parameters that affect the content of the AV database required for this user are determined. The AV database for the single user is generated based on the user parameters. When the parameters of the user computer change or when new malware threats are detected, the user AV database is dynamically updated according to the new parameters and the new malware threats. The update procedure becomes more efficient since a need of updating large volumes of data is eliminated. The AV system, working with a small AV database, finds malware objects more efficiently and uses less of computer system resources. | 10-25-2012 |
20120173609 | SYSTEM AND METHOD FOR OPTIMIZATION OF EXECUTION OF SECURITY TASKS IN LOCAL NETWORK - A system and method for dynamic configuration of the security modules for optimization of execution of security tasks are provided. The system includes: a client detection unit that finds the clients on the network; a client data collection unit that determines hardware/software configurations of each detected client; a security module selection and installation unit that selects required modules for each client from a modules database; a statistics collection unit that collects the security tasks execution statistics from user modules and from client modules; and a re-configuration unit that reconfigures the client and server modules based on the collected statistics in order to optimize execution of the security tasks. | 07-05-2012 |
20120167219 | OPTIMIZATION OF ANTI-MALWARE PROCESSING BY AUTOMATED CORRECTION OF DETECTION RULES - A system, method and computer program product for optimization of execution of anti-malware (AV) applications. A number of false-positive determinations by an AV system are reduced by correcting malware detection rules using correction coefficients. A number of malware objects detected by the AV system are increased by correction of ratings determined by the rules using correction coefficients. An automated testing of new detection rules used by the AV system is provided. The new rules having zero correction coefficients are added to the rules database and results of application of the new rules are analyzed and the rules are corrected or modified for further testing. | 06-28-2012 |
20120023579 | PROTECTION AGAINST MALWARE ON WEB RESOURCES - A method and system for identification of malware threats on web resources. The system employs a scheduled antivirus (AV) scanning of web resources. The scheduled scanning of web resources allows to create malware check lists and to configure access to web resources. Frequency and depth of inspection (i.e., scan) are determined for each web resource. The user identifiers are used for scheduled AV scanning of web resources. The system allows for scanning a web resource based on selected configurations without using additional client applications. | 01-26-2012 |
20110219049 | SYSTEM FOR PERMANENT FILE DELETION - A system for permanent data deletion is provided. The file deletion system consists of a permanent deletion unit, an analysis module, a database of rules for forming deletion algorithm and an algorithm forming unit. A file to be deleted is passed into the system and the system permanently deletes the file. The system dynamically forms the deletion algorithm based on algorithm forming rules. The rules are selected from the database according to file parameters and user criteria. The file parameters are determined by the analysis module. A user has an access to algorithm forming rules and can edit the rules. Algorithm forming rules can be based on an arbitrary number of complex conditions. | 09-08-2011 |
20110126286 | SILENT-MODE SIGNATURE TESTING IN ANTI-MALWARE PROCESSING - Method and computer program product for signature testing used in anti-malware processing. Silent signatures, after being tested, are not updated into a white list and are sent directly to users instead. If the silent signature coincides with malware signature, a user is not informed. A checksum (e.g., hash value) of a suspected file is sent to a server, where statistics are kept and analyzed. Based on collected false positive statistics of the silent-signature, the silent-signature is either valid or invalid. Use of the silent signatures provides for effective signature testing and reduces response time to new malware-related threats. The silent signature method is used for turning off a signature upon first false positive occurrence. Use of silent signatures allows improving heuristic algorithms for detection of unknown malware. | 05-26-2011 |
20110083180 | METHOD AND SYSTEM FOR DETECTION OF PREVIOUSLY UNKNOWN MALWARE - A system, method and computer program product for detection of the previously unknown malware, the method comprising: (a) receiving event information and file metadata from a remote computer; (b) identifying whether the event information or the file metadata are indicative of the already known malware presence, indicative of the unknown malware presence, or indicative of malware absence; (c) if the event information or the file metadata are indicative of the known malware or indicative of malware absence, filtering out the event information and the file metadata; (d) performing a risk analysis and risk assessment for the remaining event information and the remaining file metadata to determine if the event and the file metadata are indicative of the previously unknown malware presence; and (e) where performing a risk analysis and risk assessment includes a “parent-child” hierarchy of the files, and the risk assessed to the parent is based on the risk associated with the child. | 04-07-2011 |
20110083176 | ASYNCHRONOUS PROCESSING OF EVENTS FOR MALWARE DETECTION - A system, method and computer program product for malware detection based on the behavior of applications running on a computer system, including: asynchronous processing of system events for malware threat analyses using application filters; analyzing events using heuristic and signature data; analyzing applications behavior and detecting abnormal behavior of “clean” applications; automatically classifying applications (i.e., detecting new versions) based on behavior analysis; automatically analyzing the reliability of web sites based on behavior triggered by the web site accesses; in enterprise networks, detecting abnormalities in configuration of user computer systems; recognizing a user by his behavior profile and using the profile for an automatic configuration of user applications. | 04-07-2011 |
20100281468 | METHOD AND SYSTEM FOR MONITORING EXECUTION PERFORMANCE OF SOFTWARE PROGRAM PRODUCT - A method, computer program product and system for monitoring execution behavior of a program product in a data processing system include development of a trace tool having trace strings written in a human language and provided with data fields for diagnostic information relevant to executable portions of the program product. Identifiers of the trace tool, trace strings, and data fields and components of the diagnostic information are encoded using a coded binary language. After monitoring execution of the program product, a trace report of the trace tool is translated for an intended recipient from the coded binary language into the human language, whereas an unauthorized access to the contents of the trace record is restricted. The encoding or decoding operations are performed using databases containing the respective identifiers and components of the diagnostic information in the coded binary language and the human language. | 11-04-2010 |
20100008579 | SYSTEM AND METHOD FOR IDENTIFYING TEXT-BASED SPAM IN RASTERIZED IMAGES - A system, method and computer program product for identifying spam in an image, including (a) identifying a plurality of contours in the image, the contours corresponding to probable symbols; (b) ignoring contours that are too small or too large; (c) identifying text lines in the image, based on the remaining contours; (d) parsing the text lines into words; (e) ignoring words that are too short or too long from the identified text lines; (f) ignoring text lines that are too short; (g) verifying that the image contains text by comparing a number of pixels of a symbol color within remaining contours to a total number of pixels of the symbol color in the image, and that there is at least one text line after filtration; and (h) if the image contains text, rendering a spam/no spam verdict based on a contour representation of the text that which appears after step (f). | 01-14-2010 |
20100008569 | SYSTEM AND METHOD FOR IDENTIFYING TEXT-BASED SPAM IN RASTERIZED IMAGES - A system, method and computer program product for identifying spam in an image, including (a) identifying a plurality of contours in the image, the contours corresponding to probable symbols; (b) ignoring contours that are too small or too large; (c) identifying text lines in the image, based on the remaining contours; (d) parsing the text lines into words; (e) ignoring words that are too short or too long from the identified text lines; (f) ignoring text lines that are too short; (g) verifying that the image contains text by comparing a number of pixels of a symbol color within remaining contours to a total number of pixels of the symbol color in the image, and that there is at least one text line after filtration; and (h) if the image contains text, rendering a spam/no spam verdict based on a contour representation of the text that which appears after step (f). | 01-14-2010 |