Patent application number | Description | Published |
20100132038 | System and Method for Computer Malware Detection - Disclosed are systems and methods for computer malware detection. The system is configured to emulate execution of a program code, monitor events of program execution, classify the monitored events as malicious or non-malicious, and collect information about unclassifiable events. The system further includes one or more analyst workstations configured to isolate a program analyst from external audiovisual stimuli. The workstation includes a video output device operable to display a list of unclassifiable events and event-related information to the program analyst and a user input device operable to receive analyst's physiological response indicative of whether the displayed list of unclassifiable events exhibits malicious behavior. | 05-27-2010 |
20110289585 | Systems and Methods for Policy-Based Program Configuration - Disclosed are systems, methods and computer program products for adaptive policy-based configuration of programs. An example method comprises collecting from computer system configuration and performance information and rating system performance based on the collected information. The method further includes selecting based on the performance rating an operational policy for a computer program. The policy specifies program settings and limits of system resource utilization by the program. The method further includes monitoring system resource utilization during program execution on the computer system to determine whether system resource utilization exceeds the limit specified in the operational policy. If the system resource utilization exceeds the specified limit, the method selects another policy specifying different program settings and a different limit of system resource utilization. | 11-24-2011 |
20120272290 | System and Method for Reducing Security Risk in Computer Network - Disclosed are systems, methods and computer program products for reducing security risk in a computer network. The system includes an administration server that collect information about one or more computers in the network, including the following information: computer user's external drive usage history, software installation history, and Web browsing history. The server calculates based on the collected information a security rating of the computer user. The server then adjust a security rating of the computer user based on the security rating of at least one other user of another computer connected to the same computer network. The server then selects security policy of the security software based on the adjusted security rating of the computer user. Different security policies provide different network security settings and prohibitions on launching of executable files from external drives. | 10-25-2012 |
20140047531 | System and Method for Controlling User's Access to Protected Resources Using Multi-Level Authentication - Disclosed are systems, methods and computer program products for multi-level user authentication. In one example, method includes detecting a plug-in token connected to a device that controls user access to a protected resource; identifying one or more authorized users associated with the detected token who are authorized to access the protected resource; authenticating whether a first user requesting accessing the protected resource is associated with the detected token and authorized to access the protected resource; detecting presence of one or more wireless transponders of one or more authorized users associated with the token, including at least a transponder of the first user; and providing access to the protected resource to the first user when the first user is authenticated as an authorized user associated with the detected token and the transponder of at least the first user is detected. | 02-13-2014 |
20140096184 | System and Method for Assessing Danger of Software Using Prioritized Rules - Disclosed are system, method and computer program product for assessing security danger of software. The system collects information about a suspicious, high-danger software objects, including one or more malicious characteristics of the software object, security rating of the software object, and information about one or more security rating rules used in assessing the security rating of the software object. The system then determines whether the suspicious object is a clean (i.e., harmless). When the suspicious object is determined to be clean, the system identifies one or more unique, non-malicious characteristics of the software object and generates a new security rating rule that identifies the software object as clean based on the one or more selected non-malicious characteristics. The system then assigns high priority ranking to the new security rating rule to ensure that the rule precedes all other rules. | 04-03-2014 |
20140165130 | APPLICATION-SPECIFIC RE-ADJUSTMENT OF COMPUTER SECURITY SETTINGS - System and method for re-adjustment of a security application to various application execution scenarios. Application execution scenarios for each of a set of software applications are created, each representing a specific subset of functionality of a corresponding application. Sets of security application configuration instructions are stored, each corresponding to at least one of the application execution scenarios. A current one or more of the application execution scenarios that is being executed in the computing device is determined and, in response, a set of security application configuration instructions corresponding to each current application execution scenario are carried out, such that the security application is adjusted to perform a specific subset of security functionality that is particularized to the current one or more of the application execution scenarios. | 06-12-2014 |
20140181805 | SYSTEM AND METHOD FOR ESTABLISHING RULES FOR FILTERING INSIGNIFICANT EVENTS FOR ANALYSIS OF SOFTWARE PROGRAM - Systems and methods for generating a set of event filtering rules for filtering events being produced in response to emulation of a program. A plurality of sample programs is constructed based on a plurality of known program development tools. Emulated execution of the plurality of sample programs is carried out in an isolated virtual machine environment and events occurring in the virtual machine environment as a result of the emulated execution of the plurality of sample programs are recorded in an event log. A set of rules is formulated for distinguishing events from among the event log that are determined to be insignificant with respect to malware detection processing to be performed. | 06-26-2014 |
20140181897 | System and Method for Detection of Malware Using Behavior Model Scripts of Security Rating Rules - Disclosed are systems, methods and computer program products for detecting computer malware using security rating rules. In one example, the system identifies at least one problematic security rating rule that was activated during antivirus analysis of both safe and malicious programs. The system then selects a group of programs for which said problematic rule was activated. The system then identifies in the selected group of programs a plurality of only malicious programs or the plurality of only safe programs based on the problematic security rating rule and at least one different security rating rule. The system then generates a behavior model script based on the problematic security rating rule and the at least one different security rating rule and executes said behavior model script during antivirus analysis of said analyzed program to detect a computer malware in said analyzed program. | 06-26-2014 |
20140380481 | PORTABLE SECURITY DEVICE AND METHODS FOR DETECTION AND TREATMENT OF MALWARE - Disclosed is a portable security device and method for detection and treatment of computer malware. An example method includes performing a malware detection experiment by the security device on the computer by simulating a connection to the computer of a simulated data storage device containing a predefined set of data. The method further includes determining if there are any modifications in the set of data contained in the simulated data storage device after termination of the malware detection experiment. The method further includes, based on whether there are any modifications in the set of data, determining whether to perform one or more subsequent malware detection experiments by the security device on the computer. In one example aspect, each of the one or more subsequent malware detection experiments are configured to simulate a different connection to the computer of a different simulated data storage device containing the predefined set of data. | 12-25-2014 |