公开(公告)号：US20190188385A1

公开(公告)日：2019-06-20

申请号：US15843934

申请日：2017-12-15

Applicant: Microsoft Technology Licensing

Inventor： Karthik SELVARAJ ,  Ramprasad Gowrishankar ,  Gowtham Reddy Animireddygari ,  Catalin Daniel Sandu

IPC: G06F21/56 ,  G06F11/14

CPC classification number: G06F21/568 ,  G06F11/1469 ,  G06F21/554 ,  G06F2201/835 ,  G06F2201/84 ,  H04L63/14

Abstract: Methods and devices for recovering data may include receiving an identification of at least one file on the computer device impacted by a cyber threat. The methods and devices may include receiving a last known good time stamp for the at least one file that identifies a point in time prior to the cyber threat. The methods and devices may also include transmitting, to a remote backup provider associated with the at least one file, a restore request to restore the at least one file with restored content based at least on the last known good time stamp. The methods and devices may include receiving, from the remote backup provider, a restored file with the restored content.

公开(公告)号：US20190188380A1

公开(公告)日：2019-06-20

申请号：US15844453

申请日：2017-12-15

Applicant: Microsoft Technology Licensing, LLC

Inventor： Gowtham R. ANIMIREDDYGARI ,  Karthik SELVARAJ ,  Adrian M. MARINESCU ,  Catalin D. SANDU

IPC: G06F21/56 ,  G06F11/14

CPC classification number: G06F21/564 ,  G06F11/1451 ,  G06F11/1464 ,  G06F11/1469 ,  G06F21/568 ,  G06F2201/80 ,  G06F2201/805 ,  G06F2201/82 ,  G06F2221/034

Abstract: A system for operating system remediation intercepts input/output (I/O) requests to write to one or more files and stores, as file restore data, (i) a restore copy of the one or more files to the system cache prior to performing write operations of the I/O requests and (ii) identification information for one or more processes or entities making the corresponding I/O requests in the system cache. The system reverts to the restore copy of the one or more files using the file restore data and based at least on a later determination that one or more processes making the corresponding I/O requests was malware. A current version of the one or more files is thereby replaced with the restore copy of the one or more files with improved automatic remediation support and a greater likelihood that data can be restored from the cache in the case of malware attacks.

公开(公告)号：US20190228154A1

公开(公告)日：2019-07-25

申请号：US15879593

申请日：2018-01-25

Applicant: Microsoft Technology Licensing, LLC

Inventor： Rakshit AGRAWAL ,  Jack Wilson STOKES, III ,  Karthik SELVARAJ ,  Adrian M. MARINESCU

IPC: G06F21/56 ,  G06N3/08 ,  G06N3/04

Abstract: Implementations described herein disclose a malware sequence detection system for detecting presence of malware in a plurality of events. An implementation of the malware sequence detection includes receiving a sequence of a plurality of events, and detecting presence of a sequence of malware commands within the sequence of a plurality of events by dividing the sequence of plurality of events into a plurality of subsequences, performing sequential subsequence learning on one or more of the plurality of subsequences, and generating a probability of one or more of the plurality of subsequences being a malware based on the output of the sequential subsequence.

公开(公告)号：US20210385129A1

公开(公告)日：2021-12-09

申请号：US16893901

申请日：2020-06-05

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Matthew Ronald SHADBOLT ,  Michael Joseph HEALY ,  Shweta JHA ,  Gokhan OZHAN ,  Adrian Mihail MARINESCU ,  Alemeshet Yismaw ALEMU ,  Karthik SELVARAJ ,  Milind Amrutrao PAWAR ,  Vladimir SOROKA ,  Hayk HOVSEPYAN ,  Chaohong OU ,  Patanjal Digant VYAS ,  David TOROSYAN

IPC: H04L12/24 ,  H04L29/06 ,  H04L9/08

Abstract: A system and method for providing stringent tamper resistant protection against changes to key system security features. The tamper protection is configured such that any changes to the policy can only occur from a configuration manager console, thereby preventing local device admin users or other malicious actors from altering the setting. Thus, tamper protection locks the selected service and prevents security settings from being changed through third-party apps and methods. When a system administrator enables the feature for an enterprise's workstations, only administrators will be able to change the service settings across a company's computers. The tamper protection policy is digitally signed in the backend before being deployed to endpoints, and the endpoint verifies the validity and intent of the policy, establishing that it is a signed package that only security operations personnel with the necessary administrator rights can control.