Offline extraction of configuration data
    1.
    发明授权
    Offline extraction of configuration data 有权
    离线提取配置数据

    公开(公告)号:US08381300B2

    公开(公告)日:2013-02-19

    申请号:US12359347

    申请日:2009-01-26

    CPC classification number: G06F21/56 G06F17/30351

    Abstract: A configuration scanning system is described herein that scans a system configuration database for malware-related information with less impact on other operations that access the system configuration database. The system employs techniques to reduce the impact on other operations that access the configuration database, including parsing a file-based stored version of the configuration database, accessing the configuration database using opportunistic locking, and caching configuration information obtained by scanning the configuration database. In this way, the system is able to respond to requests antimalware programs using cached information without impacting other programs using the configuration database. Thus, the configuration scanning system protects a computer system against malware while reducing the burden on the configuration database and on other programs that access the configuration database.

    Abstract translation: 本文描述了一种配置扫描系统,其扫描系统配置数据库以获得与访问系统配置数据库的其他操作相关的恶意软件相关信息。 该系统采用技术来减少对访问配置数据库的其他操作的影响,包括解析基于文件的存储版本的配置数据库,使用机会锁定访问配置数据库,以及缓存通过扫描配置数据库获取的配置信息。 以这种方式,系统能够使用缓存信息来响应请求反恶意软件程序,而不会使用配置数据库影响其他程序。 因此,配置扫描系统保护计算机系统免受恶意软件的影响,同时减少配置数据库和访问配置数据库的其他程序的负担。

    OFFLINE EXTRACTION OF CONFIGURATION DATA
    2.
    发明申请
    OFFLINE EXTRACTION OF CONFIGURATION DATA 有权
    离线提取配置数据

    公开(公告)号:US20100192227A1

    公开(公告)日:2010-07-29

    申请号:US12359347

    申请日:2009-01-26

    CPC classification number: G06F21/56 G06F17/30351

    Abstract: A configuration scanning system is described herein that scans a system configuration database for malware-related information with less impact on other operations that access the system configuration database. The system employs techniques to reduce the impact on other operations that access the configuration database, including parsing a file-based stored version of the configuration database, accessing the configuration database using opportunistic locking, and caching configuration information obtained by scanning the configuration database. In this way, the system is able to respond to requests antimalware programs using cached information without impacting other programs using the configuration database. Thus, the configuration scanning system protects a computer system against malware while reducing the burden on the configuration database and on other programs that access the configuration database.

    Abstract translation: 本文描述了一种配置扫描系统,其扫描系统配置数据库以获得与访问系统配置数据库的其他操作相关的恶意软件相关信息。 该系统采用技术来减少对访问配置数据库的其他操作的影响,包括解析基于文件的存储版本的配置数据库,使用机会锁定访问配置数据库,以及缓存通过扫描配置数据库获取的配置信息。 以这种方式,系统能够使用缓存信息来响应请求反恶意软件程序,而不会使用配置数据库影响其他程序。 因此,配置扫描系统保护计算机系统免受恶意软件的影响,同时减少配置数据库和访问配置数据库的其他程序的负担。

    System and method for detecting malware in executable scripts according to its functionality
    3.
    发明授权
    System and method for detecting malware in executable scripts according to its functionality 有权
    根据其功能,在可执行脚本中检测恶意软件的系统和方法

    公开(公告)号:US07707634B2

    公开(公告)日:2010-04-27

    申请号:US10769104

    申请日:2004-01-30

    CPC classification number: G06F21/562 G06F21/563 G06F21/564

    Abstract: A malware detection system and method for determining whether an executable script is malware is presented. The malware detection system determines whether the executable script is malware by comparing the functional contents of the executable script to the functional contents of known malware. In practice, the executable script is obtained. The executable script is normalized, thereby generating a script signature corresponding to the functionality of the executable script. The script signature is compared to known malware script signatures in a malware signature store to determine whether the executable script is malware. If a complete match is made, the executable script is considered to be malware. If a partial match is made, the executable script is considered to likely be malware. The malware detection system may perform two normalizations, each normalization generating a script signature which is compared to similarly normalized known malware script signatures in the malware signature store.

    Abstract translation: 用于确定可执行脚本是否是恶意软件的恶意软件检测系统和方法。 恶意软件检测系统通过将可执行脚本的功能内容与已知恶意软件的功能内容进行比较来确定可执行脚本是否为恶意软件。 在实践中,获得可执行脚本。 可执行脚本被归一化,从而生成与可执行脚本的功能相对应的脚本签名。 将脚本签名与恶意软件签名存储中的已知恶意软件脚本签名进行比较,以确定可执行脚本是否为恶意软件。 如果完成匹配,可执行脚本被认为是恶意软件。 如果进行了部分匹配,则可执行脚本被认为可能是恶意软件。 恶意软件检测系统可以执行两个规范化,每个规范化生成脚本签名,其与恶意软件签名存储中的类似规范化的已知恶意软件脚本签名进行比较。

Patent Agency Ranking