-
Patent Agency Ranking
公开(公告)号:US11163880B2
公开(公告)日:2021-11-02
申请号:US15721508
申请日:2017-09-29
Applicant: CrowdStrike, Inc.
Inventor: Cat S. Zimmermann , Steven King
Abstract: A security agent for a host computing device may be implemented with multiple levels of indirection from an operating system (OS) kernel of the computing device in order to facilitate software upgrades for the security agent. An unserviceable kernel-mode component of the security agent may directly interface with the OS kernel and hook into a function (e.g., a security callback function) of the OS kernel in a first level of indirection, while a serviceable kernel-mode component of the security agent, which is upgradable, may indirectly interface with the OS kernel via the unserviceable kernel-mode component in a second level of indirection. The serviceable kernel-mode component may be configured to process events, and/or data related thereto, received from the OS kernel via the unserviceable kernel-mode component in order to monitor activity on the computing device for malware attacks.
-
公开(公告)号:US20190065171A1
公开(公告)日:2019-02-28
申请号:US15690182
申请日:2017-08-29
Applicant: CrowdStrike, Inc.
Inventor: Cat S. Zimmermann , Steven King
Abstract: A remote security system may generate multiple different binary programs for corresponding operating system (OS) kernel versions that are to receive a software upgrade. A suppression process may then compare code in the code sections between pairs of binary programs, and may also compare the data in the data sections between the pairs of binary programs to identify subsets of “identical” binaries. The remote security system may send a representative binary (while suppressing the remaining binaries in a subset of identical binaries) to host computing devices that run different OS kernel versions. On the receiving end, a host computing device that runs a particular OS kernel version may receive a binary program, and prior to loading the binary program, modify the binary program to render the binary loadable by (or compatible with) the particular OS kernel version running on the host computing device.
-
公开(公告)号:US11017086B2
公开(公告)日:2021-05-25
申请号:US15721508
申请日:2017-09-29
Applicant: CrowdStrike, Inc.
Inventor: Cat S. Zimmermann , Steven King
Abstract: A security agent for a host computing device may be implemented with multiple levels of indirection from an operating system (OS) kernel of the computing device in order to facilitate software upgrades for the security agent. An unserviceable kernel-mode component of the security agent may directly interface with the OS kernel and hook into a function (e.g., a security callback function) of the OS kernel in a first level of indirection, while a serviceable kernel-mode component of the security agent, which is upgradable, may indirectly interface with the OS kernel via the unserviceable kernel-mode component in a second level of indirection. The serviceable kernel-mode component may be configured to process events, and/or data related thereto, received from the OS kernel via the unserviceable kernel-mode component in order to monitor activity on the computing device for malware attacks.
-
公开(公告)号:US10664262B2
公开(公告)日:2020-05-26
申请号:US15690182
申请日:2017-08-29
Applicant: CrowdStrike, Inc.
Inventor: Cat S. Zimmermann , Steven King
Abstract: A remote security system may generate multiple different binary programs for corresponding operating system (OS) kernel versions that are to receive a software upgrade. A suppression process may then compare code in the code sections between pairs of binary programs, and may also compare the data in the data sections between the pairs of binary programs to identify subsets of “identical” binaries. The remote security system may send a representative binary (while suppressing the remaining binaries in a subset of identical binaries) to host computing devices that run different OS kernel versions. On the receiving end, a host computing device that runs a particular OS kernel version may receive a binary program, and prior to loading the binary program, modify the binary program to render the binary loadable by (or compatible with) the particular OS kernel version running on the host computing device.
-
公开(公告)号:US20190102551A1
公开(公告)日:2019-04-04
申请号:US15721508
申请日:2017-09-29
Applicant: CrowdStrike, Inc.
Inventor: Cat S. Zimmermann , Steven King
Abstract: A security agent for a host computing device may be implemented with multiple levels of indirection from an operating system (OS) kernel of the computing device in order to facilitate software upgrades for the security agent. An unserviceable kernel-mode component of the security agent may directly interface with the OS kernel and hook into a function (e.g., a security callback function) of the OS kernel in a first level of indirection, while a serviceable kernel-mode component of the security agent, which is upgradable, may indirectly interface with the OS kernel via the unserviceable kernel-mode component in a second level of indirection. The serviceable kernel-mode component may be configured to process events, and/or data related thereto, received from the OS kernel via the unserviceable kernel-mode component in order to monitor activity on the computing device for malware attacks.
-
-
-
-
Search Results
5
records
(took 0.013 seconds)
