公开(公告)号：US20170111388A1

公开(公告)日：2017-04-20

申请号：US15088931

申请日：2016-04-01

Applicant: McAfee, Inc.

Inventor： Kunal Mehta ,  Dmitri Rubakha ,  Carl D. Woodward ,  Steven L. Grobman ,  Adrian R. Pearson ,  Faraz A. Siddiqi

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  G06F21/554 ,  G06F21/568 ,  G06F21/572 ,  G06F21/575

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a secured storage communicatively coupled to the client. The system further includes a client application including computer-executable instructions on the medium. The instructions are readable by the processor. The application is configured to manage a trusted image of software of a client in a secured storage and, upon a signal indicating malware on the client, restore the trusted image to the client independent of an operating system and user processes of the client.

公开(公告)号：US09723006B2

公开(公告)日：2017-08-01

申请号：US14752902

申请日：2015-06-27

Applicant: McAfee, Inc.

Inventor： Zheng Zhang ,  John D. Teddy ,  Craig D. Schmugar ,  Erdem Aktas ,  Clint R. Merrill ,  Kunal Mehta

IPC: G06F7/04 ,  H04L29/06

CPC classification number: H04L63/10 ,  H04L63/1416 ,  H04L63/1441

Abstract: There is disclosed in an example a computing apparatus, including: a process deprivilging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request directed to a first resource; determining that the first resource is not owned by the process; and at least partially blocking access to the first resource. There is further disclosed a method of providing the process deprivileging engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the process deprivileging engine.

公开(公告)号：US20160283259A1

公开(公告)日：2016-09-29

申请号：US14672167

申请日：2015-03-28

Applicant: McAfee, Inc.

Inventor： Kunal Mehta

IPC: G06F9/455 ,  G06F9/54

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45587

Abstract: In an example, a virtual data center includes a plurality of agentless virtual machines (VMs) protected by a security virtual appliance (SVA). Because the VMs are agentless, they cannot internally manage, update, or enforce VM-specific security policies. However, each VM includes an API that provides an interface for monitoring events such as turn on, turn off, heartbeats, and file events, as well as an interface for ordering an on-demand scan. The SVA builds a policy table, with entries for each VM or class of VMs, and using the API, monitors appropriate events, such as file events, to enforce VM-specific policies. Because the policy table is lightweight, it can be efficiently ported between multiple hypervisors, thus ensuring that a VMs policy remains intact, even if that VM is ported to a different hypervisor.

Abstract translation: 在一个示例中，虚拟数据中心包括由安全虚拟设备（SVA）保护的多个无代理虚拟机（VM）。 因为VM是无代理的，所以它们无法在内部进行管理，更新或实施特定于VM的安全策略。 然而，每个虚拟机都包含一个API，该API提供了一个界面，用于监视事件，如打开，关闭，心跳和文件事件，以及用于排序按需扫描的界面。 SVA构建一个策略表，其中包含每个VM或VM类的条目，并使用API​​来监视适当的事件（如文件事件）来强制执行特定于VM的策略。 因为策略表是轻量级的，所以可以在多个虚拟机管理程序之间高效地进行移植，从而确保VM策略保持不变，即使该VM被移植到不同的管理程序。

公开(公告)号：US20170177884A1

公开(公告)日：2017-06-22

申请号：US14976397

申请日：2015-12-21

Applicant: McAfee, Inc.

Inventor： Kunal Mehta ,  Carl D. Woodward ,  Steven Grobman ,  Ryan Durand ,  Simon Hunt

IPC: G06F21/62 ,  G06Q50/00 ,  H04L29/08 ,  G06Q10/06

CPC classification number: G06Q50/01 ,  A61B5/117 ,  A61B5/165 ,  A61B5/4845 ,  A61B5/6898 ,  G06F21/316 ,  G06F21/53 ,  G06F21/552 ,  G06F2221/2133 ,  G06Q10/06395 ,  H04L63/0861 ,  H04L67/10 ,  H04W12/06

Abstract: In an example, there is disclosed a computing apparatus, comprising: a psychological state data interface to receive psychological state data; one or more logic elements, including at least one hardware element, comprising a verification engine to: receive a requested user action; receive a psychological state input via the psychological state data interface; analyze the psychological state input; and bar the requested user action at least partly responsive to the analyzing.

公开(公告)号：US20160371484A1

公开(公告)日：2016-12-22

申请号：US14780536

申请日：2015-01-22

Applicant: McAfee, Inc.

Inventor： Kunal Mehta ,  Balbir Singh ,  Rajbir Bhattacharjee

IPC: G06F21/54

CPC classification number: G06F21/54 ,  G06F21/52 ,  G06F2221/033

Abstract: Particular embodiments described herein provide for an electronic device that includes a binder kernel driver. The binder kernel driver can be configured to receive an application program interface (API) call, extract metadata from the API call, determine that the API call should be hooked based on the extracted metadata, and hook the API call.

Abstract translation: 本文描述的特定实施例提供了一种包括粘合剂内核驱动器的电子设备。 活动内核驱动程序可以配置为接收应用程序接口（API）调用，从API调用中提取元数据，确定API调用应基于提取的元数据挂钩，并挂接API调用。