REGISTER now for FREE 
|
FREE patent keyword monitoring and additional FREE benefits. REGISTER now for FREE
|
|
|
Information Security > Monitoring Or Scanning Of Software Or Data Including Attack Prevention > Intrusion Detection > Virus Detection Virus DetectionVirus Detection patent applications listed are from June 2005 to current and include Date, Patent Application Number, Patent Title, Patent Abstract summary and are linked to the corresponding patent application page.11/15/07 - 20070266436 - Accelerated data scanning Files stored on a hard disk drive are scanned for a predefined pattern, such as a virus definition. For each one of a plurality of files, predetermined select portion(s) (e.g., likely sites of infection) are stored in a common file. After storing the predetermined select portions, the portions are tested ... 11/08/07 - 20070261119 - Virus immunization using prioritized routing An apparatus, device, methods, computer program product, and system are described that determine a virus associated with communication data on a communications network, the communications network associated with at least one network policy device, associate an anti-viral agent with at least one identifier, prioritize transmission of the at least one ... 11/08/07 - 20070261118 - Portable storage device with stand-alone antivirus capability In one embodiment, a portable storage device includes a removable device interface and a non-volatile memory having a read-only partition and a regular storage partition. The read-only partition may include a protection program for scanning data in the regular storage partition for viruses. Upon connection of the portable storage device ... 11/08/07 - 20070261117 - Method and system for detecting a compressed pestware executable object A method and system for detecting a compressed pestware executable object is described. In an illustrative embodiment, while a computer is booting up, an attempt by a running process to exit is detected. The running process is prevented from exiting until a pestware detection procedure has been performed. In one ... 10/25/07 - 20070250931 - Computer virus generation detection apparatus and method An apparatus includes a server connected between a first computer network in which a computer virus may generate and a second computer network or a computer system as an object of security protection. In the apparatus, a collection unit collects irregular data representing a possibility of generation of the computer ... 10/25/07 - 20070250929 - Automatic isolation of misbehaving processes on a computer system When a computer system process is acting contrary to the rules established for that process for the resource it is running on, the process is moved to a quarantined section and its continued operation is isolated from other processes. While in isolation, the quarantined process is tested and appropriate action, ... 10/25/07 - 20070250928 - Backward researching time stamped events to find an origin of pestware A system and method for identifying an origin of suspected pestware activity on a computer is described. One embodiment includes establishing a time of interest relating to a suspicion of pestware on the computer, identifying, based upon the time of interest, indicia of pestware and accessing at least a portion ... 10/11/07 - 20070240216 - Hypervisor area for email virus testing Hypervisors are a new technology in the industry that enable multiple Operating Systems to co-exist on a single client. The use of a hypervisor provides a novel approach to email virus protection. The hypervisor is able to fire up an Operating System on demand, for a specific purpose, or have ... 10/11/07 - 20070240215 - Method and system for tracking access to application data and preventing data exploitation by malicious programs Provided are a method and system for tracking access to application data and preventing data exploitation by malicious programs. In one example, the method includes shimming into a running process of the system to create at least one monitoring hook to monitor a program, building an execution path of the ... 09/27/07 - 20070226802 - Exploit-based worm propagation mitigation A system, method and computer program product for exploit-based worm detection and mitigation are disclosed. The system, method, and computer program product are configured to identify a signature representing content prevalent in network traffic, determine if the traffic including the signature exhibits propagation, determine if the traffic including the signature ... 09/27/07 - 20070226800 - Method and system for denying pestware direct drive access A method and system for denying pestware direct drive access on a computer is described. In one illustrative embodiment, a driver intercepts a direct drive access by a process running on the computer, and a user interface reports the direct drive access to a user and permits or denies the ... 09/20/07 - 20070220608 - Software virus protection A method of protecting a wireless device against viruses, comprising maintaining a database of virus signatures on the device, updating the database by downloading virus signatures in a Short Message Service (SMS) Message, and searching for virus signatures in the memory of or files stored on the wireless device by ... 09/20/07 - 20070220607 - Determining whether to quarantine a message Determining whether to quarantine a message is disclosed. A dynamic and flexible threat quarantine queue is provided with a variety of exit criteria and exit actions that permits early release of messages in other than first in, first-out order. ... 09/20/07 - 20070220606 - Anti-worm-measure parameter determining apparatus, number-of-nodes determining apparatus, number-of-nodes limiting system, and computer product An anti-worm-measure parameter determining apparatus determines parameters for controlling timing for an anti-worm-measure means to start blocking of a communication by a worm in a network, for preventing a spread of the worm. An infectivity calculating unit calculates infectivity of the worm based on number of nodes connected to the ... 09/13/07 - 20070214505 - Methods, media and systems for responding to a denial of service attack Methods, media and systems for responding to a Denial of Service (DoS) attack are provided. In some embodiments, a method includes detecting a DoS attack, migrating one or more processes that provide a service to an unaffected system; authenticating users that are authorized to use the service; and routing traffic ... 08/30/07 - 20070204345 - Method of detecting computer security threats A method of detecting computer security threats. A first step involves providing a reference database of selected parameters to be monitored relating to one of human behaviour when operating a computer or software behaviour during operation of a computer. A second step involves monitoring one of human behaviour or software ... 08/30/07 - 20070204344 - Parallel variable length pattern matching using hash table Fast pattern matching is the heart of Network Intrusion Detection. A method that applies hash function to pattern matching for variable length patterns is proposed. Pattern matching always can be completed in O (log M) steps where M is the longest pattern length. ... 08/16/07 - 20070192865 - Dynamic threat event management system and method According to various illustrative embodiments of the present invention, a method for a content-driven threat management system includes creating a threat detection primary object with threat mitigation data using at least one researcher of at least one of software and malicious code, encoding the threat detection primary object with threat ... 08/02/07 - 20070180530 - Unwanted file modification and transactions Aspects of the subject matter described herein relate to antivirus protection and transactions. In aspects, a filter detects that a file is participating in a transaction and then may cause the file to be scanned together with any changes that have made to the file during the transaction. After a ... 08/02/07 - 20070180529 - Bypassing software services to detect malware A method, apparatus, and computer readable medium are provided by aspects of the present invention to determine whether a malware is resident on a host computer. In one embodiment, a method determines whether data that is characteristic of malware is loaded in the system memory of a host computer. More ... 08/02/07 - 20070180528 - System and method for reducing antivirus false positives A method for detecting a malicious program infection includes scanning data to determine whether the data exhibits one or more particular symptoms of being infected with a malicious program and, in response to determining that the scanned data exhibits the symptoms of being infected with a malicious program, comparing the ... 07/26/07 - 20070174916 - Method and apparatus for secure data transfer Methods and apparatus for secure transfer of electronic or optical data. In one exemplary aspect, a method is provided whereby data on a source computer is filtered to exclude all but data that is authorized for transfer, stored in a transport format, marked so that the source of the stored ... 07/26/07 - 20070174915 - Detection of spyware threats within virtual machine A system analyzes content accessed at a network site to determine whether it is malicious. The system employs a tool able to identify spyware that is piggy-backed on executable files (such as software downloads) and is able to detect “drive-by download” attacks that install software on the victim's computer when ... 07/26/07 - 20070174914 - Data coordination method, computer product, and information processing terminal Data coordination is performed between a source application program and a destination application program in an information processing terminal. A virus pattern file and a data string pattern file are prepared in advance. A virus detecting program is used to detect a virus based on the virus pattern file and ... 07/26/07 - 20070174913 - Method and system for acquiring particular data upon start of a particular program A processing unit (100) executing a network connection control program (17) detects an activation instruction for a mailer (13) or a browser (14). Upon detection of the activation instruction, a dial-up program (15) is activated and a network connection is established, so that a definition file amendment acquisition program (18) ... 07/19/07 - 20070169198 - System and method for managing pestware affecting an operating system of a computer Systems and methods for detecting and managing pestware affecting a first operating system of a computer are described. In one variation, the computer is booted up utilizing a second operating system that is a different operating system than the first operating system. After booting the computer with the second operating ... 07/19/07 - 20070169197 - Method and system for detecting dependent pestware objects on a computer A system and method for detecting dependent pestware objects on a computer is described. One illustrative embodiment detects a primary pestware process in an executable memory of the computer, the primary pestware process including an associated check value by which the primary pestware process can be identified; locates, at a ... 07/12/07 - 20070162975 - Efficient collection of data Generally described, a method, software system, and computer-readable medium are provided for efficiently collecting data this useful in developing software systems to identify and protect against malware. In accordance with one embodiment, a method for collecting data to determine whether a malware is propagating in a networking environment is provided. ... 07/05/07 - 20070157316 - Managing rogue ip traffic in a global enterprise Methods, apparatuses, articles of manufacture, and systems for receiving a plurality of data packets, analyzing the packets to determine whether each of the packets should be considered legitimate or illegitimate, and routing the legitimate packets to their destinations at a first one or more routing rates, and re-routing the illegitimate ... 06/28/07 - 20070150957 - Malicious code infection cause-and-effect analysis A malware analysis system for automating cause and effect analysis of malware infections is provided. The malware analysis system monitors and records computer system activities. Upon being informed of a suspected malware infection, the malware analysis system creates a time-bounded snapshot of the monitored activities that were conducted within a ... 06/28/07 - 20070150956 - Real time lockdown A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain ... 06/14/07 - 20070136812 - Computer virus preventive system A virus preventive system detects computer viruses by file pattern verification mechanism. It registers an original file pattern which is permitted to be accessed into the Verification Data Base. Registration of a file occurs before it is executed, which allows confirming if the file has been falsified. The Verification Data ... 06/14/07 - 20070136811 - System and method for inspecting dynamically generated executable code A method for protecting a client computer from dynamically generated malicious content, including receiving at a gateway computer content being sent to a client computer for processing, the content including a call to an original function, and the call including an input, modifying the content at the gateway computer, including ... 06/14/07 - 20070136810 - Virus scanner for journaling file system A method is provided for detecting viruses. According to the method, data is stored in a journal area of memory before changes embodied in the data are written to virtual memory. At least a first portion of the data in the journal area of memory is scanned for viruses. In ... 06/07/07 - 20070130624 - Method and system for a pre-os quarantine enforcement Certain aspects of a method and system for securing an operating system are disclosed. Aspects of one method may include receiving quarantine information of an operating system prior to booting the operating system. A quarantine mechanism may be enforced based on the received quarantine information prior to booting the operating ... 05/31/07 - 20070124816 - Unauthorized content detection for information transfer A method is provided for detecting offending or illegal download activity. An agency, such as a law enforcement agency, generates a list of checksums over a designated area of each of a set of computer files. The agency provides the list of checksums and an identification of the designated area ... 05/03/07 - 20070101431 - Identifying malware that employs stealth techniques A method, software system, and computer-readable medium are provided for determining whether a malware that implements stealth techniques is resident on a computer. In one exemplary embodiment, a method is provided that obtains a first set of data that describes the processes that are reported as being active on the ... 05/03/07 - 20070101430 - Method and apparatus for detecting and responding to email based propagation of malicious software in a trusted network Embodiments of the invention provide a method and an apparatus for detecting and responding to email based propagation of malicious software (malware) in a trusted network. One embodiment provides a detector decoy email account to serve as generic bait for malicious software for a domain within the trusted network. In ... 04/26/07 - 20070094734 - Malware mutation detector A method for classifying polymorphic computer software by extracting features from a suspect file and comparing the extracted features to features of known classes of software. ... 04/26/07 - 20070094733 - System and method for neutralizing pestware residing in executable memory Systems and methods for managing pestware on a protected computer are described. In one implementation, a pestware construct is identified. Functions exported by the pestware process are identified, and neutralization of the pestware process is accomplished by skipping a portion of the executed code for pestware functions exported by the ... 04/26/07 - 20070094732 - System and method for reducing false positive indications of pestware A system and method for reducing false positive indications of pestware on a protected computer is disclosed. In one variation, the method includes tracking activities of a user at the protected computer, monitoring events at the protected computer, identifying events that are potentially indicative of pestware, comparing at least one ... 04/26/07 - 20070094731 - Integrated functionality for detecting and treating undesirable activities Various embodiments provide integrated solutions for detecting and treating undesirable activities. Detection and treatment solutions are integrated with software entities, such as applications, DLLs and the like, and provide status notifications for the user as to the status of the detection and treatment activities. In at least some embodiments, an ... 04/26/07 - 20070094730 - Mechanism to correlate the presence of worms in a network A method and a system for preventing a network attack, the attack being cause by the presence of worms in the network, is provided. The method includes determining the number of packets being transmitted from each source in the network to a plurality of destinations, the packets being transmitted from ... 04/19/07 - 20070089172 - Methods for identifying self-replicating threats using historical data A computer-implemented method of ascertaining an infected node in a network of nodes. The computer-implemented method includes providing a repository for storing network flow data among at least a plurality of the nodes. The repository is operatively coupled to the network to permit the repository to acquire the network flow ... 04/12/07 - 20070083931 - Heuristic detection and termination of fast spreading network worm attacks Methods, apparati, and computer program products for detecting and responding to fast-spreading network worm attacks include a network monitoring module, which observes failed network connection attempts from multiple sources. A logging module logs the failed connection attempts. An analysis module uses the logged data on the failed connection attempts to ... 04/12/07 - 20070083930 - Method, telecommunications node, and computer data signal message for optimizing virus scanning A method, telecommunications node and computer data signal message are provided for optimising the virus scan process in a network with multiple nodes. When a node scans a message for viruses, it also includes in the message a virus scan tag indicating that the message was scanned and is virus-free. ... 04/05/07 - 20070079379 - Identifying threats in electronic messages Early detection of computer viruses and other message-borne threats is provided by applying heuristic tests to message content and examining sender reputation information when no virus signature information is available. As a result, a messaging gateway can suspend delivery of messages early in a virus outbreak, providing sufficient time for ... 04/05/07 - 20070079378 - Worm infection detecting device When a program consisting of a plurality of processes is installed in a device, its processing route in the case where the processes normally advance is built as a database, based on the knowledge of a program designer or the like. When the program is executed, routing information indicating the ... 04/05/07 - 20070079377 - Virus scanning in a computer system The present invention provides a method, data processing system and program product in which scanning for a virus is improved by prioritizing the scan of executable files, such as applications, libraries, services etc., which are more likely to cause a problem to a computer system, ahead of other files. A ... 03/29/07 - 20070074291 - Network scanning method and image scanning device having network scan function using the same A network scanning method and device are provided that allow an image scanning device to scan documents and transmit the scan data to a server. The image scanning device checks a connection between the image scanning device and a server, generates scan data by scanning documents, stores the generated scan ... 03/29/07 - 20070074290 - Operation management system for a diskless computer The system management server 10 makes a request to the virus detection and removal server 30 for virus detection processing on a specified primary volume of the storage system 20. The virus detection and removal server 30 executes virus detection processing on the requested primary volume and the secondary volume ... 03/22/07 - 20070067844 - Method and apparatus for removing harmful software Embodiments of the invention address the problem of removing malicious code from infected computers. ... 03/22/07 - 20070067843 - Method and apparatus for removing harmful software Embodiments of the invention address the problem of removing malicious code from infected computers. ... 03/22/07 - 20070067842 - Systems and methods for collecting files related to malware Systems and methods for collecting files related to malware are described. In one embodiment, a system includes a malware detection module configured to analyze a set of files of a protected computer to determine that a first file of the set of files is related to potential malware. The system ... 03/08/07 - 20070056039 - Memory filters to aid system remediation The present disclosure relates to providing a remediation scheme for a compromised system and, more specifically, to providing a memory filtration scheme using an isolated partition within a system. ... 03/01/07 - 20070050848 - Preventing malware from accessing operating system services Aspects of the present invention are directed at preventing a malware that exploits a vulnerability in an operating system from accessing services provided by the operating system. In one embodiment, a method is provided that determines whether a request directed to an operating system originated from a memory address space ... 02/22/07 - 20070044154 - Mail reception system There is provided a mail reception system in which a mail relay device is communicatably connected to a virus check device. In the system, the mail relay device comprises a data reception unit to receive data from the external device, a data transmission unit to transmit the data received by ... 02/22/07 - 20070044153 - Computer security technique employing patch with detection and/or characterization mechanism for exploit of patched vulnerability A patch or set of patches may be deployed, often to a subset of potentially vulnerable systems, to address a particular vulnerability while providing a facility to monitor and, in some cases, characterize post-patch exploit attempts. Often, such a patch will check for an exploit signature and, if an exploit ... 02/22/07 - 20070044152 - Method and apparatus for diagnosing and mitigating malicious events in a communication network A controller (104) for managing operations of a communication network has a communication element (202) for monitoring data traffic of an IP address in the communication network and for controlling operations of the communication network, a memory for storage (204), and a processor (206) for controlling operations of the communication ... 02/15/07 - 20070039053 - Security server in the cloud Apparatus and methods for providing proxy and security services to one or more users via a publicly accessible network (e.g. the Internet) are disclosed Upon receiving a user request for content residing at a third-party location, a security server(s) retrieves the requested content from the third-party location, and monitors the ... 02/15/07 - 20070039052 - System and method for scanning handles According to an embodiment of the invention a method of detecting malware in a system comprises positioning a filter driver between an operating system for the system and applications or files in the system. The filter driver receives requests for resources from the applications or files and relays the requests ... 02/01/07 - 20070028304 - Centralized timed analysis in a network security system A security system provides a defense from known and unknown viruses, worms, spyware, hackers, and social engineering attacks. The system can implement centralized policies that allow an administrator to approve, block, quarantine, or log file activities. The system stores meta-information for files relating to security and at defined times after ... 02/01/07 - 20070028303 - Content tracking in a network security system A security system provides a defense from known and unknown viruses, worms, spyware, hackers, and unwanted or unknown software. The system can implement centralized policies that allow an administrator to approve, block, quarantine, or log file activities. The system maintains file meta-information in the hosts and in the server. A ... 02/01/07 - 20070028302 - Distributed meta-information query in a network A security system provides a defense from known and unknown viruses, worms, spyware, hackers, and social engineering attacks. The system can implement centralized policies that allow an administrator to approve, block, quarantine, and log file activities. A server associated with a number of hosts can provide a query for host ... 01/25/07 - 20070022480 - System for tracking and analyzing the integrity of an application The invention is a method for tracking and analyzing an application for modifications and changes. The method is used to ensure the integrity of the application remains intact. The application is inventoried upon setup. The application is then subsequently re-inventoried on a regular basis. Each new inventory is examined against ... 01/18/07 - 20070016953 - Methods and apparatus for dealing with malware In one aspect, a method of classifying a computer object as malware includes receiving at a base computer data about a computer object from each of plural remote computers on which the object or similar objects are stored. The data about the computer object received from the plural computers is ... 01/18/07 - 20070016952 - Means for protecting computers from malicious software A computer security system and method using selective permission or denial of requests to create or modify program file to prevent introduction of malware onto a protected computer system. The selective permission or denial of requests is based on comparison of information regarding the requested action and a list of ... 01/18/07 - 20070016951 - Systems and methods for identifying sources of malware Systems and methods for identifying sources of malware are described. In one embodiment, a system includes a malware detection module configured to determine that a protected computer includes malware. The system also includes a history log module configured to access a history log of the protected computer to identify a ... 01/11/07 - 20070011745 - Recording medium recording worm detection parameter setting program, and worm detection parameter setting device A computer-readable recording medium recording a worm detection parameter setting program for setting an appropriate worm detection parameter for target environments. When a log reader loads a communication log created within a prescribed time period, a log classifier classifies the entries of the communication log into categories based on communication ... 01/11/07 - 20070011744 - Methods and systems for providing security from malicious software Systems and methods are disclosed for providing security from malicious software. The disclosed systems and methods may include maintaining a malicious host database, the malicious host database containing a malicious host name corresponding to a malicious host. Furthermore, the disclosed systems and methods may include receiving, from a client, a ... 01/04/07 - 20070006313 - Method and apparatus for combating malicious code A method and apparatus are provided for combating malicious code. In one embodiment, a method for combating malicious code in a network includes implementing a resource-limiting technique to slow a propagation of the malicious code and implementing a leap-ahead technique in parallel with the resource-limiting technique to defend against the ... 01/04/07 - 20070006312 - System and method for using quarantine networks to protect cellular networks from viruses and worms A system and method for providing a quarantine network to address threats emanating from viruses and worms. A quarantine network quarantines an infected terminal's traffic from the normal traffic flow. During the quarantine period, all of the traffic is analyzed by a quarantine network component. Based upon the results of ... 01/04/07 - 20070006311 - System and method for managing pestware A system and method for managing pestware on protected computers are described. One embodiment is configured to generating a log file containing information indicative of pestware activity on a protected computer, send the log file to a host, and in return, receive a customized file from the host that includes ... 01/04/07 - 20070006310 - Systems and methods for identifying malware distribution sites Systems and methods for identifying malware distribution sites are described. In one embodiment, a system includes a malware detection module configured to analyze a file of a protected computer to determine that the file is associated with malware. The system also includes a Web site identification module configured to search ... 01/04/07 - 20070006309 - Methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control Embodiments of the inventions are generally directed to methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control. In an embodiment, a platform includes a switch to control a network connection and an endpoint enforcement engine coupled with the switch. The endpoint enforcement engine may be ... 01/04/07 - 20070006308 - Methods and systems for detecting and preventing the spread of malware on instant messaging (im) networks by using fictitious buddies Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. An IM filter module (IM FM) is configured to intercept a buddy list sent from an IM server to an IM client, add one or more fictitious ... 12/28/06 - 20060294592 - Automated rootkit detector Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data ... 12/28/06 - 20060294591 - Virus enabled application metering in distributed and on-demand computing environments There is provided a method, system and apparatus for viral based application metering. In a method of the invention, an application can be infected with viral logic programmed to transmit application metrics to a central meter over a data communications network. For instance, the infecting step can include infecting an ... 12/28/06 - 20060294590 - Automated immune response for a computer Systems, methodologies, media, and other embodiments associated with making an automated immune response on a computer that may be infected with a malicious software like a virus are described. One exemplary system embodiment includes a behavior logic that facilitates identifying that a computer is exhibiting a behavior that indicates that ... 12/28/06 - 20060294589 - Method/system to speed up antivirus scans using a journal file system A method and system that reduces the length of time required to complete antivirus scans. An enhanced journal file system (JFS) includes an antivirus utility function, which utilizes a low level log of the JFS to store a history of transactions that occur since a previous scan operation. The log ... 12/21/06 - 20060288419 - Protection system and method regarding the same A protection system and methodology that restores a computer to a normal state exactly prior to being infected by virus. According to the invention, protection system is installed in a computer system, having a detecting module. The detecting module detects virus, spyware, Trojan or other security threats. The protection system ... 12/21/06 - 20060288418 - Computer-implemented method with real-time response mechanism for detecting viruses in data transfer on a stream basis A computer-implemented and stream-based virus-detecting method which inspects packets for malicious contents in a network system scans each incoming packet forming input data for virus code. Depending on packet type, when a packet contains virus code, the method either removes the virus code, replaces a segment previously occupied by the ... 12/21/06 - 20060288417 - Method and apparatus for mitigating the effects of malicious software in a communication network A controller (104) manages operations of a communication network (101). The controller has a communication element (202) for monitoring data traffic in the communication network and for controlling operations of the communication network, a memory (204) for storage, and a processor (206) for controlling operations of the communication element, and ... 12/21/06 - 20060288416 - System and method for efficiently scanning a file for malware The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect ... 12/21/06 - 20060288415 - Method of detecting network worms A method of detecting network worms include the following steps: (1) Profiling the TCP connection information collected from the protected network, quantifying the plurality of statuses contained in the TCP connection information; (2) Clustering the connection profiles to discover all the anomaly clusters that are specified by the condition composing ... 12/21/06 - 20060288414 - Method and system for preventing virus infection There is disclosed a system for detecting virus infection in a network and preventing the virus infection. Decoy means (13, 14, 15) accessible through the network (1) are arranged on a storage unit (12). The system comprises a communication information analysis means (16) that detects virus intrusion into the decoy ... 12/14/06 - 20060282895 - Infected electronic system tracking Techniques for generating an access control list to block traffic from a network device infected by malware. ... 12/07/06 - 20060277605 - Displaying a security element to help detect spoofing A security element is displayed that provides information to a user to help ensure that they are not confused or misled into believing that content originates from a trusted source when in fact it does not. The security element shows the user the source of the content and is displayed ... 11/30/06 - 20060272021 - Scanning data in an access restricted file for malware The present invention is directed toward a system, method, and computer-readable medium that scan a file for malware that maintains a restrictive access attribute that limits access to the file. In accordance with one aspect of the present invention, a method for performing a scan for malware is provided when ... 11/23/06 - 20060265750 - Method and apparatus for providing computer security Method and apparatus for providing computer security is provided. Subscriber information is stored in a repository and an exploit probe is sent to a subscriber's computer system. A probe message based on the computer system's response to the exploit probe is generated. ... 11/23/06 - 20060265749 - Method for removing viruses infecting memory, computer-readable storage medium recorded with virus-removing program, and virus-removing apparatus Disclosed is a method for removing computer viruses including the steps of, if a function to be used to search information about areas infectable by viruses has been changed, restoring the function to be in a normal state thereof, and carrying out a procedure for scanning of infection and a ... 11/16/06 - 20060259971 - Method for detecting viruses in macros of a data stream A method for detecting viruses in macros of a data stream includes a data collecting process, a macro process, and a scanning process. provides improved benefits in efficiency and space requirements under real time environments by only scanning the macros of the collected data for viruses and suspicious instructions. ... 11/09/06 - 20060253908 - Stateful stack inspection anti-virus and anti-intrusion firewall system A network traffic scanner and firewall system inspects packets for malicious contents. The system uses a stateful stack inspection method to scan network traffic at multiple levels in varying manners appropriate to the content of the traffic. The system analyzes data streams, data packages, and package contents, as well as ... 10/26/06 - 20060242710 - System and method for a fast, programmable packet processing system The present invention provides a cost effective method to improve the performance of communication appliances by retargeting the graphics processing unit as a coprocessor to accelerate networking operations. A system and method is disclosed for using a coprocessor on a standard personal computer to accelerate packet processing operations common to ... 10/26/06 - 20060242709 - Protecting a computer that provides a web service from malware In accordance with the present invention, a system, method, and computer-readable medium for identifying malware in a request to a Web service is provided. One aspect of the present invention is a computer-implemented method for protecting a computer that provides a Web service from malware made in a Web request. ... 10/26/06 - 20060242708 - Actionable quarantine summary Disclosed herein are systems, methods and the like for the management of filtered messages and filtering settings. Embodiments use the interaction of a user and a notification message to execute commands/requests. In one aspect, a notification message is used to notify a computer user of filtered incoming electronic messages that ... 10/19/06 - 20060236399 - Apparatus and method for restoring master boot record infected with virus An apparatus for and a method of restoring a master boot record infected with a virus. The apparatus comprises a first storage unit storing a master boot record (MBR), and a virus check unit searching the storage position of the MBR within the first storage unit, to determine whether the ... 10/19/06 - 20060236398 - Selective virus scanning system and method A virus scanning system and method. A system is provide that includes: a full scanning system for performing a full scan of each file in a file system; a file inventory system for inventorying each file in the file system and generating a set of inventory records, wherein each inventory ... 10/19/06 - 20060236397 - System and method for scanning obfuscated files for pestware Systems and methods for managing multiple related pestware processes on a protected computer are described. In one implementation, a plurality of files in a file storage device of a protected computer are scanned and obfuscated files are identified from among the plurality of files. To identify whether the obfuscated file ... 10/19/06 - 20060236396 - System and method for scanning memory for pestware offset signatures Systems and methods for managing pestware processes on a protected computer are described. In one implementation, a reference point in the executable memory that is associated with a process running in the executable memory is located. A first and second sets of information from corresponding first and second portions of ... 10/12/06 - 20060230455 - Apparatus and methods for file system with write buffer to protect against malware The inventive concepts relate to avoiding or preventing infection of an information handling system with malware. In one embodiment, an information handling system includes a write filter and a storage device. The storage device couples to the write filter. The write filter is configured to selectively provide information to the ... 10/12/06 - 20060230454 - Fast protection of a computer's base system from malicious software using system-wide skins with os-level sandboxing A method and system that enables anti-virus scanning protection of a computer system by placing all changes/updates/installations on a system-wide skin and performing the scan and clean operation on the skin before allowing the components to be merged with those of the base system. A system-wide skin is provided, which ... 10/12/06 - 20060230453 - Method of polymorphic detection A computer program signature may be determined based on the function flow grammar for a given source code. The function flow grammar may be determined based on reduced control flow graphs generated based on control flow graphs for each function within the source code. A polymorph of a computer program ... 09/21/06 - 20060212942 - Semantically-aware network intrusion signature generator An automatic technique for generating signatures for malicious network traffic performs a cluster analysis of known malicious traffic to create a signature in the form of a state machine. The cluster analysis may operate on semantically tagged data collected by connection or session and normalized to eliminate protocol specific features. ... 09/21/06 - 20060212941 - Mechanism to detect and analyze sql injection threats A vulnerability analysis tool is provided for identifying SQL injection threats. The tool is able to take advantage of the fact that the code for many database applications is located in modules stored within a database. The tool constructs a data flow graph based on all, or a specified subset, ... 09/07/06 - 20060200863 - On-access scan of memory for malware The present invention provides a system, method, and computer-readable medium for identifying malware that is loaded in the memory of a computing device. Software routines implemented by the present invention track the state of pages loaded in memory using page table access bits available from a central processing unit. A ... 08/31/06 - 20060195904 - Data storage device with code scanning capabilty A disk drive according to the invention has a processor for executing a program for identifying harmful computer code (HCC). A communication protocol with the host computer according to the invention provides means for the host to control the HCC detection process, receive information about the HCC detection from the ... 08/24/06 - 20060191011 - Method for curing a virus on a mobile communication network A method for curing a virus of data used in a mobile terminal communicating with a server through a mobile communication network is provided. The method includes forming an antivirus program database on the server and continuously updating the database with antivirus programs; comparing state information of object data requiring ... 08/17/06 - 20060185017 - Execution validation using header containing validation data The present invention adds a procedure to the operating system file subsystem of a processing system that significantly reduces the amount of time necessary to verify the validity of executable files. Each executable is extended with a file signature containing a header containing validation data. This header may be added ... 08/17/06 - 20060185016 - System, computer program product and method of selecting sectors of a hard disk on which to perform a virus scan A system, computer program product and method of selecting sectors of a disk on which to perform a virus scan are provided. Initially, all data in all sectors of a disk is scanned for viruses. After the initial scan each sector into which new or modified data is written is ... 08/17/06 - 20060185015 - Anti-virus fix for intermittently connected client computers A method and system is described for a wireless client computer to be connected via an access point to a network only if the wireless client computer has executed all requisite anti-virus programs. Where necessary, a signal from the access point notifies an anti-viral program server that an anti-virus needs ... 08/03/06 - 20060174345 - Apparatus and method for acceleration of malware security applications through pre-filtering A data classification system identifies and processes malicious data that may be present in a received data stream. The system includes at least two stages, and a data flow module. The data flow module derives, from an input data stream, a first processed data stream that is transmitted to the ... 08/03/06 - 20060174344 - System and method of caching decisions on when to scan for malware In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is ... 07/20/06 - 20060161987 - Detecting and remedying unauthorized computer programs Spyware may be detected by using a detection agent in a communications network to monitor one or more communication streams from one or more clients. An indication of spyware residing on a suspect device may be detected in one or more of the communication streams. As a result, a host ... 07/20/06 - 20060161986 - Method and apparatus for content classification A method and apparatus is described to select a representative signature for use in identifying content in a packet stream. The method may comprise receiving the packet stream and obtaining content from a data payload of the packet. Thereafter, a plurality of signatures is identified from the content and a ... 07/20/06 - 20060161985 - Method and apparatus for performing antivirus tasks in a mobile wireless device Disclosed are techniques for performing an antivirus task in a mobile wireless device running an embedded operating system. In one embodiment, calls intended for an application programming interface (API) function code is redirected to an antivirus function code. The redirection to the antivirus function code may be performed by modifying ... 07/20/06 - 20060161984 - Method and system for virus detection using pattern matching techniques A method and system for providing virus detection. A virus detection system provides for the use of pattern matching techniques on data at a binary level for virus detection. Whenever an incoming data stream is received, the data stream is segmented into time-based data frames. The time-based data frames are ... 07/13/06 - 20060156406 - Secure hardware personalization service Methods and devices for securely providing personalities to reconfigurable hardware. Reconfigurable hardware is provided with one or more domains. At least one domain serves as a gatekeeper domain and another domain serves as a task domain. A service provider provides an authentication and security personality to the gatekeeper domain. The ... 07/13/06 - 20060156405 - Method and system for offloading real-time virus scanning during data transfer to storage peripherals The present invention provides a method, system, and computer program product for checking for viruses by adding a virus scanning capability to a data transfer device. In a method of the present invention a real-time virus checker is stored on a controller. The virus checker scans data as it is ... 06/29/06 - 20060143713 - Rapid virus scan using file signature created during file write A procedure and implementations thereof are disclosed that significantly reduce the amount of time necessary to perform a virus scan. A file signature is created each time a file is modified (i.e., with each “file write” to that file). The file signature is inserted, with a date stamp, into the ... 06/29/06 - 20060143712 - Method and apparatus for the early detection of machines infected by e-mail based computer viruses A method and apparatus for the early detection of machines infected by e-mail based computer viruses advantageously employs a network behavioral analysis rather than a direct technical analysis of attached executable code. Specifically, an SMTP (Simple Mail Transfer Protocol) log associated with a mail gateway system interconnected to a plurality ... 06/22/06 - 20060137013 - Quarantine filesystem A quarantine filesystem driver having a first interface for communicating with an operating system library, a second interface for communicating with a primary filesystem, and a third interface for communicating with a secondary filesystem. Preferably the secondary filesystem is a delta filesystem that records a log of changes to data ... 06/22/06 - 20060137012 - Methods and systems for deceptively trapping electronic worms Methods of trapping electronic worms are provided. Pursuant to these methods, an electronic worm may be “trapped” such that its ability to spread is reduced or eliminated, while at the same time the worm is deceived such that it does not realize it has been trapped. In this manner, the ... 06/15/06 - 20060130145 - System and method for analyzing malicious code protocol and generating harmful traffic The provided method and system is a method and system for analyzing the malicious code protocol and generating harmful traffic. The harmful traffic generating method constructs packet protocol information for generating a first attack packet corresponding to the TCP/IP protocol for generating network traffic, and then sets network vulnerability scanning ... 06/15/06 - 20060130144 - Protecting computing systems from unauthorized programs A method, system, and computer-readable medium are described for assisting in protecting computing systems from unauthorized programs, such as by preventing computer viruses and other types of malware programs from executing during startup of a computing system and/or at other times. In some situations, computing system protection is provided by ... 06/15/06 - 20060130143 - Method and system for utilizing informaiton worms to generate information channels Provided are methods and systems that facilitate automated networked distribution of information. In particular, a plurality of information worms are evaluated, one or more of the information worms are selected based on the evaluation, and the selected information worms are incorporated into one or more information channels suitable for automated ... 06/08/06 - 20060123481 - Method and apparatus for network immunization Network elements that are configured to perform deep packet inspection may be dynamically updated with patterns associated with malicious code, so that malicious code may be detected and blocked at the network level. As new threats are identified by a security service, new patterns may be created for those threats, ... 06/01/06 - 20060117387 - Propagation protection of email within a network Described are methods and apparatus, including computer program products, for propagation protection within a network. A network appliance repeatedly stores received portions of data associated with email in a buffer associated with an email message until an end of message indicator is received for the email message or a predefined ... 04/20/06 - 20060085857 - Network virus activity detecting system, method, and program, and storage medium storing said program In this system, a monitor unit monitors outbound communications through a network interface. A process designation unit designates a process 2X which has generated communications. A process tree obtaining unit obtains and outputs process tree information for designation of an upper process to the process 2X. A discrimination unit refers ... 04/13/06 - 20060080737 - System and method for reducing virus scan time A system and method that marks whenever a sector on a hard drive is altered. A protected archive bit is maintained for each sector on the hard drive in a secured fashion. Authenticated requests are able to reset the protected archive bit. When a file is changed, the hard drive ... 04/06/06 - 20060075502 - System, method and computer program product for accelerating malware/spyware scanning A system, method and computer program product are provided for scanning files. A plurality of file names in a registry of a computer is identified. By this identification, files associated with the file names are scanned. Another system, method and computer program product are further provided. In particular, a change ... 04/06/06 - 20060075501 - System and method for heuristic analysis to identify pestware Systems for preventing pestware activity are described. One embodiment a heuristic engine configured to identify repeat pestware activity and configured to block the repeat pestware activity; an operating system pestware shield in communication with the heuristic engine, the operating system pestware shield configured to detect pestware activity and report the ... 04/06/06 - 20060075500 - System and method for locating malware A system and method for managing malware is described. One embodiment is designed to receive an initial URL associated with a Web site; download content from that Web site; identify any obfuscation techniques used to hide malware or pointers to malware; interpret those obfuscation techniques; identify a new URL as ... 04/06/06 - 20060075499 - Virus scanner system and method with integrated spyware detection capabilities A system, method and computer program product are provided for scanning for spyware utilizing a virus scanner. In use, at least one computer is scanned for viruses utilizing a virus scanner. Still yet, the computer is further scanned for spyware utilizing the virus scanner. Such computer is scanned for the ... 03/30/06 - 20060070130 - System and method of identifying the source of an attack on a computer network The present invention provides a system and method of tracing the spread of computer malware in a communication network. One aspect of the present invention is a method that traces the spread of computer malware in a communication network. When suspicious data characteristic of malware is identified in a computing ... 03/23/06 - 20060064755 - Methods and apparatus for interface adapter integrated virus protection A virus detection mechanism is described in which virus detection is provided by a network integrated protection (NIP) adapter. The NIP adapter checks incoming media data prior to it being activated by a computing device. The NIP adapter operates independently of a host processor to receive information packets from a ... 02/23/06 - 20060041941 - Messaging virus protection program and the like The present invention relates to a messaging virus protection program and the like for dealing with messaging viruses transmitted along with the movement of electronic information. This messaging virus protection program causes a computer to execute the steps of judging whether or not processing is to be performed in a ... 02/16/06 - 20060037080 - System and method for detecting malicious executable code A system and method for detecting malicious executable software code. Benign and malicious executables are gathered; and each are encoded as a training example using n-grams of byte codes as features. After selecting the most relevant n-grams for prediction, a plurality of inductive methods, including naive Bayes, decision trees, support ... 02/16/06 - 20060037079 - System, method and program for scanning for viruses System, method and program product for scanning files for a virus. A multiplicity of files which have been accessed since a previous virus scan are identified. Based on the identifications of the multiplicity of files which have been accessed since a previous virus scan, the multiplicity of files are scanned ... 02/09/06 - 20060031937 - Pre-emptive anti-virus protection of computing systems A system is provided that strongly inhibits infection and spread of computer viruses. Valid executable software files and supporting files, even files provided by mass-released commercial software, are associated with a numeric key that is unique to each individual computer running the software. For a file to be processed by ... 02/02/06 - 20060026687 - Protecting embedded devices with integrated permission control A system for optimizing the security of embedded, mobile devices such as personal data assistants and Smartphones by controlling the permission level between the upper, user-mode layer and the lower, protected kernel layer. In a preferred embodiment, this is achieved by interposing an integrated driver between upper layers (applications, functions ... 02/02/06 - 20060026686 - System and method for restricting access to an enterprise network One aspect of the invention is a method for restricting access to an enterprise network that includes determining whether a computer that may be connected to an enterprise network on a temporary basis has one or more malicious code items where the computer accompanies a visitor to a facility associated ... 01/26/06 - 20060021043 - Method of connection of equipment in a network and network system using same A method for connecting equipment in a network system, enabling prevention of the spread of viruses throughout the network resulting from connection to the network of a server, client, PC, or other equipment infected with a virus, in which the network configuration is separated into an operation network and a ... 01/26/06 - 20060021042 - Device for internet-worm treatment and system patch using movable storage unit, and method thereof A device for an Internet-worm treatment and a system patch using a movable storage unit is provided. The device includes: the movable storage unit for storing an integral program and integrity verification information; a program initializing unit for confirming an integrity of the Internet-worm treatment and system patch program by ... 01/26/06 - 20060021041 - Storage conversion for anti-virus speed-up A computer system includes a security subsystem which is able to trustfully track which files or storage areas of a storage device have been altered since a last virus scan. The trusted information can then be used to accelerate scans for undesirable code or data such as viruses and invalid ... 01/19/06 - 20060015942 - Systems and methods for classification of messaging entities Methods and systems for operation upon one or more data processors for assigning a reputation to a messaging entity. A method can include receiving data that identifies one or more characteristics related to a messaging entity's communication. A reputation score is determined based upon the received identification data. The determined ... 01/12/06 - 20060010495 - Method for protecting a computer from suspicious objects In an inspection facility (e.g. at a gateway server, at a proxy server, at a firewall to a network, at an entrance to a local area network or even at the user's computer) connected to an anti-virus center for updates, a method for protecting a computer from suspicious objects (e.g. ... 01/05/06 - 20060005244 - Virus detection in a network A method, apparatus, system, and signal-bearing medium that in an embodiment count the number of times that a file or registry entry is added, changed, or deleted at clients in a network. If the count exceeds a threshold, then a warning is sent to the clients. The warning may prompt ... 12/22/05 - 20050283838 - Malicious-process-determining method, data processing apparatus and recording medium A malicious-process-determining method, a data processing apparatus, and a recording medium according to the present invention each consists of reading the data stored in a buffer memory by one byte, and for a plurality of instruction sequences each having a different read address, sequentially analyzing what kind of instruction code ... 12/22/05 - 20050283837 - Method and apparatus for managing computer virus outbreaks Early detection of computer viruses is provided by collecting information about suspicious messages and generating virus outbreak information. In one embodiment, a method comprises receiving the virus outbreak information that has been determined by receiving message information for messages that have characteristics associated with computer viruses, wherein the messages were ... 12/22/05 - 20050283836 - Method and system to detect externally-referenced malicious data for access and/or publication via a computer system A method and system to verify active content in a server system include receiving a communication (e.g., an e-mail message or an e-commerce listing) that includes active content to be made accessible by the server system. A reference (e.g., a URL) within the active content is identified, the reference pointing ... 12/22/05 - 20050283835 - Method and system to verify data received, at a server system, for access and/or publication via the server system A method and system to verify active content included within a markup language document store multiple instances of publication information (e.g., an e-commerce listing or e-mail message) in a database associated with a server system. The stored publication information includes active content (e.g., web pages that include an executable script ... 12/22/05 - 20050283834 - Probabilistic mechanism to determine level of security for a software package A mechanism for determining a probabilistic security score for a software package is provided. The mechanism calculates a raw numerical score that is probabilistically linked to how many security vulnerabilities are present in the source code. The score may then be used to assign a security rating that can be ... 12/15/05 - 20050278785 - System for selective disablement and locking out of computer system objects A method for disabling a process in a computer, particularly including processes such as viruses, spyware, adware, and malware generally. A file object (file or folder) is identified in the computer that is required by the process. An access control entry (ACE) is then stored in an access control list ... 12/08/05 - 20050273858 - Stackable file systems and methods thereof An operating system kernel, including a protocol stack, includes a network layer for receiving a message from a data network, a stackable file system layer coupled to the network layer for inspecting the message, wherein the stackable file system layer is coupled to a storage device, the stackable file system ... 12/01/05 - 20050268338 - Computer immune system and method for detecting unwanted code in a computer system An automated analysis system detects malicious code within a computer system by generating and subsequently analyzing a behavior pattern for each computer program introduced to the computer system. Generation of the behavior pattern is accomplished by a virtual machine invoked within the computer system. An initial analysis may be performed ... 11/24/05 - 20050262567 - Systems and methods for computer security A method for detecting malware, includes analyzing multiple forms of malware belonging to a same family, recognizing one or more points of departure in at least one of the multiple forms of malware from at least another one of the multiple forms of malware, and ascertaining a range of possible ... 11/24/05 - 20050262566 - Systems and methods for computer security A method for maintaining computer security comprises receiving an incoming email destined for an email server, determining whether the received incoming email is infected with malicious code and blocking the incoming email determined to be infected with malicious code from reaching the email server. ... 11/10/05 - 20050251862 - Security arrangement, method and apparatus for repelling computer viruses and isolating data A security system, method and apparatus for repelling computer viruses and isolating data. The security system includes sub-systems 1-3, which sub-system 1 includes an addition to anti-virus software those programs of sub-system 3 that may cause the activation of a virus. Sub-system 2 functions as a intermediate stage between sub-systems ... 09/08/05 - 20050198692 - System and method of protecting a computing system from harmful active content in documents Described are a system and method for protecting a computing device from potentially harmful code in a document. One or more definitions of potentially harmful active content are provided in an editable text file. The document is compared with each definition of potentially harmful active content in the editable text ... 07/28/05 - 20050166268 - Proactive prevention of polymorphic smtp worms A method includes establishing a SMTP proxy, defining an application that forms a connection with the SMTP proxy as a SMTP client application, emulating the SMTP client application including generating at least one SMTP client application dirty page, intercepting an executable application sent from the SMTP client application with the ... ### FreshPatents.com Support |