|
Match
|
Document |
Document Title |
|
|
7620992 |
System and method for detecting multi-component malware
Malicious behavior of a computer program is detected using an emulation engine, an event detector and an event analyzer. The emulation engine includes a system emulator configured to emulate, in an...
|
|
|
7620991 |
Optimized network cache for virus scanning by examining the magic bytes of a file
A system and method is provided for reliably detecting the file type of a client-requested and by-passing conventional ICAP processing if the detected file type corresponds to a non-viral file. The...
|
|
|
7620990 |
System and method for unpacking packed executables for malware evaluation
A system and method for determining whether a packed executable is malware is presented. In operation, a malware evaluator intercepts incoming data directed to a computer. The malware evaluator...
|
|
|
7620989 |
Network testing methods and systems
Network vulnerability testing methods, systems, devices, appliances and software products generate stateful and stateless network representative of network threats. The traffic is applied to a...
|
|
|
7617535 |
Infected electronic system tracking
Techniques for generating an access control list to block traffic from a network device infected by malware.
|
|
|
7617534 |
Detection of SYSENTER/SYSCALL hijacking
Techniques are disclosed for detecting manipulations of user-kernel transition registers (such as the SYSENTER/SYSCALL critical registers of Intel/AMD processors, respectively), and other such...
|
|
|
7617526 |
Blocking of spam e-mail at a firewall
A method of blocking spam at a firewall involves applying blocking measures for an adaptively determined duration. The blocking measure is then suspended while determining whether the spam has...
|
|
|
7614085 |
Method for the automatic setting and updating of a security policy
The invention relates to a method for creating and/or updating a security policy within a computerized system protected by at least one security package, comprising: (a) Providing at least one...
|
|
|
7614084 |
System and method for detecting multi-component malware
Malicious behavior of a computer program is detected using an emulation engine, an event detector and an event analyzer. The emulation engine includes a system emulator configured to emulate, in an...
|
|
|
7613926 |
Method and system for protecting a computer and a network from hostile downloadables
Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable...
|
|
|
7613918 |
System and method for enforcing a security context on a downloadable
A method for computer security, including receiving content including potentially malicious executable code (“CODE-A”), intended for downloading at a client computer, scanning CODE-A to derive...
|
|
|
7610624 |
System and method for detecting and preventing attacks to a target computer system
A system and method are provided for monitoring data packets received at a target system. The data packets may be monitored at any layer of the communication protocol to characterize the type of...
|
|
|
7607173 |
Method and apparatus for preventing rootkit installation
Call to driver load functions, including associated driver objects to be loaded, are stalled and evaluated for indications of a rootkit. When a rootkit is indicated, protective action is taken, and...
|
|
|
7607172 |
Method of protecting a computing system from harmful active content in documents
Described are a system and method for protecting a computing device from potentially harmful code in a document. One or more definitions of potentially harmful active content are provided in an...
|
|
|
7607171 |
Virus detection by executing e-mail code in a virtual machine
An intermediary isolation server receives e-mails and isolates any viral behavior from harming its intended destination. After the intermediary receives an e-mail, it determines that the e-mail has...
|
|
|
7607170 |
Stateful attack protection
A method for detecting an attack in a computer network includes monitoring communication traffic transmitted over connections on the network that are associated with a stateful application protocol...
|
|
|
7607021 |
Isolation approach for network users associated with elevated risk
An isolation approach for network users associated with elevated risk is disclosed for protecting networks. In one approach a method comprises the computer-implemented steps of determining a user...
|
|
|
7607010 |
System and method for network edge data protection
Disclosed are systems and methods which examine information communication streams to identify and/or eliminate malicious code, while allowing the good code to pass unaffected. Embodiments operate...
|
|
|
7603716 |
Distributed network security service
A method and apparatus to distribute a network security service is disclosed. The security software may be distributed across nodes on a network and may use a separate security device that has two...
|
|
|
7603713 |
Method for accelerating hardware emulator used for malware detection and analysis
A method and system for accelerating malware emulator by using an accelerator. The accelerator allows for a potentially malicious component (i.e., process) containing dummy processes to be executed...
|
|
|
7603712 |
Protecting a computer that provides a Web service from malware
In accordance with the present invention, a system, method, and computer-readable medium for identifying malware in a request to a Web service is provided. One aspect of the present invention is a...
|
|
|
7603711 |
Intrusion detection system
An intrusion detection system monitors the rate and characteristics of Internet attacks on a computer network and filters attack alerts based upon various rates and frequencies of the attacks. The...
|
|
|
7603614 |
Method and system for indicating an executable as trojan horse
A method and system for indicating an executable as Trojan Horse, based on the CRC values of the routines of an executable. The method comprising a preliminary stage in which the CRC values of the...
|
|
|
7600258 |
Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using fictitious buddies
Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. An IM filter module (IM FM) is configured to intercept...
|
|
|
7596811 |
Methods and systems for network traffic security
The present invention is directed to methods of and systems for adaptive networking that monitors a network resource of a network. The method monitors an application performance. The method...
|
|
|
7596808 |
Zero hop algorithm for network threat identification and mitigation
A method, system, apparatus, and computer-readable medium to enable a set of security device interfaces within a broadcast domain to identify and mitigate attacks. For each address of a device...
|
|
|
7594272 |
Detecting malicious software through file group behavior
A malicious software detection module (MSDM) detects worms and other malicious software. The MSDM executes on a computer system connected to a network. The MSDM monitors a storage device of the...
|
|
|
7594271 |
Method and system for real-time tamper evidence gathering for software
A method and system are directed to differentiating between normal characteristics and abnormal characteristics within a software process, such that tampering of the software process may be...
|
|
|
7594266 |
Data security and intrusion detection
Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. Item requests are examined to determine if the request...
|
|
|
7594263 |
Operating a communication network through use of blocking measures for responding to communication traffic anomalies
A communication network is operated by detecting an anomaly in the communication traffic at a plurality of nodes in a communication network. A first blocking measure A is independently applied at...
|
|
|
7594224 |
Distributed enterprise security system
A system and method for distributed enterprise security, comprising, a server operable to update information, wherein the information can include one or more of a policy and configuration...
|
|
|
7591019 |
Method and system for optimization of anti-virus scan
A system and method for optimizing a process of synchronization of a database of files checked by an anti-virus (AV) application implemented as a special AV driver. The database is updated by a...
|
|
|
7591018 |
Portable antivirus device with solid state memory
In one embodiment, a rescue device is employed to disinfect a computer infected with a virus. The rescue device may comprise solid state memory. The rescue device may be removable from the computer...
|
|
|
7591017 |
Apparatus, and method for implementing remote client integrity verification
Apparatus, system, method and computer program product for verifying the integrity of remote network devices that request access to network services and resources. Unintended computer programs such...
|
|
|
7591016 |
System and method for scanning memory for pestware offset signatures
Systems and methods for managing pestware processes on a protected computer are described. In one implementation, a reference point in the executable memory that is associated with a process...
|
|
|
7590834 |
Method and apparatus for tracking boot history
A computer determines whether it has been booted from a hard disk drive or from an alternate source (e.g., a floppy drive or portable memory) that entails a higher risk of importing a virus into...
|
|
|
7590813 |
Cache scanning system and method
A method includes stalling a cache flush instruction to flush a cache; determining that the cache comprises a file that has been infected with malicious code, and terminating the cache flush...
|
|
|
7590707 |
Method and system for identifying network addresses associated with suspect network destinations
A method and system for identifying network addresses associated with suspect network destinations is described. One embodiment receives a target Uniform Resource Locator (URL) to be analyzed;...
|
|
|
7587765 |
Automatic virus fix
A client computer is connected via a network to an anti-virus server. A signal from the anti-virus server notifies the client computer that an anti-virus needs to be immediately downloaded from the...
|
|
|
7587761 |
Adaptive defense against various network attacks
An apparatus for optimizing a filter based on detected attacks on a data network includes an estimation means and an optimization means. The estimation means operates when a detector detects an...
|
|
|
7581254 |
Virus scanner system and method with integrated spyware detection capabilities
A system, method and computer program product are provided for scanning for spyware utilizing a virus scanner. In use, at least one computer is scanned for viruses utilizing a virus scanner. Still...
|
|
|
7581253 |
Secure storage tracking for anti-virus speed-up
A computer system includes a security subsystem which is able to trustfully track which files or storage areas of a storage device have been altered since a last virus scan. The trusted information...
|
|
|
7581252 |
Storage conversion for anti-virus speed-up
A computer system includes a security subsystem which is able to trustfully track which files or storage areas of a storage device have been altered since a last virus scan. The trusted information...
|
|
|
7581250 |
System, computer program product and method of selecting sectors of a hard disk on which to perform a virus scan
A system, computer program product and method of selecting sectors of a disk on which to perform a virus scan are provided. Initially, all data in all sectors of a disk is scanned for viruses....
|
|
|
7577941 |
System and method for identifying potential security risks in controls
Controls of interest are indentified by determining which installed software objects associated with the application of interest exhibit certain characteristics, such as being publicly creatable,...
|
|
|
7577848 |
Systems and methods for validating executable file integrity using partial image hashes
Systems and methods for validating integrity of an executable file are described. In one aspect, multiple partial image hashes are generated, the combination of which represent a digest of an...
|
|
|
7574743 |
Method for ensuring security, data storage apparatus, security ensuring server, and storage medium storing program for the same
A method for ensuring security and a data storage apparatus that enable an efficient security check on a notebook PC or like that are taken outside are provided. By executing a program that is read...
|
|
|
7574742 |
System and method of string matching for uniform data classification
A system and method comprising providing a plurality of signature strings, inputting a plurality of strings, separating the signature strings into a plurality of signature groups, respectively...
|
|
|
7571483 |
System and method for reducing the vulnerability of a computer network to virus threats
A method for reducing vulnerability of a computer network to a detected virus threat includes receiving an identifier of a network device detected as a source of virus activity. The method also...
|
|
|
7571482 |
Automated rootkit detector
Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel...
|