Class / Patent application number | Description | Number of patent applications / Date published |
713188000 | COMPUTER VIRUS DETECTION BY CRYPTOGRAPHY | 11 |
20090044024 | NETWORK SERVICE FOR THE DETECTION, ANALYSIS AND QUARANTINE OF MALICIOUS AND UNWANTED FILES - A system is provided for detecting, analyzing and quarantining unwanted files in a network environment. A host agent residing on a computing device in the network environment detects a new file introduced to the computing device and sends the new file to a network service for analysis. The network service is accessible to computing devices in the network environment. An architecture for the network service may include: a request dispatcher configured to receive a candidate file for inspection from a given computing device in the network environment and distribute the candidate file to one or more of a plurality of detection engines, where the detection engines operate in parallel to analyze the candidate file and output a report regarding the candidate file; and a result aggregator configured to receive reports from each of the detection engines regarding the candidate file and aggregates the reports in accordance with an aggregation algorithm. | 02-12-2009 |
20090187768 | Software virus detection methods, apparatus and articles of manufacture - Methods, apparatus and articles of manufacture for identifying, authenticating and securing code through proscribed code detection and deletion are shown. The preferred embodiments provide for scanning code to determine the presence of proscribed code and then transmitting the code to a file reconstructor upon the detection of proscribed code. At the file reconstructor, templates of the specific document type are used to provide the document file structure, and so delete with precision the proscribed code from the original code. | 07-23-2009 |
20110004770 | ENCRYPTION SYSTEM THAT PREVENTS ACTIVATION OF COMPUTER VIRUSES - System for preventing activation of computer viruses operates in such a way that all executable files must be kept separated from other files and encrypted when written to Hard Disk Drive or Solid State Drive, with a key that is uniquely assigned to this hardware and entered by user. During the reading procedure all data is decrypted automatically by the hardware with the same key written in this hardware and used only for decryption. Since only regular programs can be installed and encrypted with the key known to the user, viruses and the other malicious software can be kept on Hard Disk Drive or Solid State Drive just in plaintext. This causes only regular programs can be sent into the main memory in plaintext, but viruses cannot, because they are destroyed in decryption procedure. | 01-06-2011 |
20110167275 | MALWARE DETECTION METHOD AND APPARATUS - According to a first aspect of the present invention there is provided a malware detection method implemented within a computer. The method includes, for a given electronic file, determining if the file is associated with a valid digital signature. If the file is associated with a valid digital signature, then verifying that the signature belongs to a trusted source. If the signature does belong to a trusted source then not performing a malware scan of said file, and if the signature cannot be verified as belonging to a trusted source then performing said scan. | 07-07-2011 |
20110219238 | Method and System for Detecting Malware Using a Remote Server - The present disclosure is directed to a method and system for detecting malware using a remote server. In accordance with a particular embodiment of the present disclosure a hash value for a file is generated. The hash value is transmitted to a remote server. A notification is received from the remote server indicating whether the file comprises malware. At least one operation on the file is prevented if the notification indicates the file comprises malware. | 09-08-2011 |
20110231669 | Computer Virus Protection - A network is protected from e-mail viruses through the use of a sacrificial server. Any executable programs or other suspicious parts of incoming e-mail messages are forwarded to a sacrificial server, where they are converted to non-executable format such as Adobe Acrobat PDF and sent to the recipient. The sacrificial server is then checked for virus activity. After the execution is completed, the sacrificial server is rebooted. | 09-22-2011 |
20110307711 | DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT - Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner. | 12-15-2011 |
20120159181 | Virus Localization Using Cryptographic Hashing - Methods for using integrity checking techniques to identify and locate computer viruses are provided. A method for virus localization for each of three types of virus infections is provided, including the steps of computing a sequence of file blocks, calculating hashes for the sequences of file blocks from a host file and calculating hashes for the same or related sequences of file blocks from an infected file, and comparing the hashes from host file to the hashes from the infected file from the same or related sequences of file blocks such that when some of said first hashes and said second hashes do not match, a location of a virus is output. Methods for computing the sequence of file blocks depending on the type of virus infection, and for calculating the hashes using a collision resistant hash function, a digital signature scheme, a message authentication code, or a pseudo-random function. | 06-21-2012 |
20120290848 | Emulating Mixed-Code Programs Using a Virtual Machine Instance - The subject disclosure is directed towards a technology for efficiently emulating program code that is protected by one or more various code virtualization techniques to detect the presence of malware. An emulation engine emulates a program containing a mix of native code, custom (e.g., virtualized obfuscated) code, and at least one emulator and/or interpreter that understands the custom code, by building a custom emulation component that is built by detecting and analyzing the internal emulator or interpreter. The custom emulation component may access a translation table built from the analysis, and also may simplify a plurality of instructions in the program into a lesser number of instructions in an intermediate language used for emulation. | 11-15-2012 |
20130227300 | System and Method for Detecting Unknown Packers and Cryptors - Disclosed are systems, methods and computer program products for detecting unknown packers and cryptors. An example method comprises emulating execution of a software object modified by an unknown packer or cryptor; collecting information about memory operations performed during the emulation; combining information about a plurality of related memory operations into at least one sequential set of memory operations; identifying from the at least one sequential set of related memory operations one or more high-level operations associated with unpacking or decryption of the emulated object; and generating based on the one or more high-level operations a record of the unknown packer or cryptor to be used for detecting the unknown packer or cryptor. | 08-29-2013 |
20160012226 | SYSTEM AND METHOD FOR IDENTIFYING INSTALLED SOFTWARE PRODUCTS | 01-14-2016 |