• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A method of scanning electronic files for computer viruses comprises identifying at a first node 4 of a computer network 1, electronic files which require to be scanned for computer viruses. The first node 4 initiates a dialogue with a second node 7 of the network 1, the second node comprising a virus scanning application. During the dialogue, the second node 7 identifies to the first node 4 one or more portions of the electronic file required by the virus scanning application. The first node 4 transfers the identified portions to the second node 7 which then carries out a virus scanning operation. The result of this operation is then returned to the first node 4.
    公开号:US20010005889A1
    申请号:US09/741,084
    申请日:2000-12-21
    公开日:2001-06-28
    发明作者:Mikael Albrecht
    申请人:F Secure Oyj;
    IPC主号:H04L63-145
    专利说明:
    [0001] The present invention relates to remote computer virus scanning and in particular to virus scanning in a system where data to be scanned is transferred from an agent to a scanning engine located on a central server. The invention is applicable in particular, although not necessarily, to a system in which the agent and the server exist at different locations. [0001] BACKGROUND TO THE INVENTION
    [0002] Computer viruses are a well recognised problem in the computer and software industry and amongst computer users in general. Whilst early approaches to virus detection relied upon providing an anti-virus software application, capable of detecting previously identified viruses or suspect files, in each individual computer, the recent growth in network computing has led to the introduction of gateway based solutions. This approach involves supplementing, or in some cases replacing, the anti-virus applications running on individual computers connected to a network with anti-virus applications running on the gateway (or gateways) which connects the network to the outside world. Such a gateway based anti-virus application is typically provided at a firewall, although it may also be provided at an Internet server, mail server, etc. An anti-virus application may also be provided at a database server of the network to screen data transfers to and from a central storage location. [0002]
    [0003] One network approach embodied in the F-Secure Anti-Virus Agent and Server™ product (Data Fellows Oyj, Espoo, Finland) offers an improved solution in which “agents” are located at various transit nodes of a network and identify data which is capable of containing a computer virus (by for example examining file name extensions). The intercepted suspect data is then transferred by the agent, over the network, to a central server comprising an anti-virus scanning application which performs a virus scan on the data. The result of the virus scan is returned from the central server to the agent which initiated the scan. The advantage of this approach as compared to conventional gateway scanning is that it is only necessary to provide one or a small number of scanning applications in a network. This reduces the maintenance overheads for the anti-virus application (e.g. by reducing the number of virus updates required) and also reduces the processing overheads at the machines where the agents are located. It follows that the anti-virus application is more likely to be kept up to date, and hence the security of the network is improved. A further advantage of the agent and server solution is that the scanning engine can be designed to run on one or only a small number of platforms, whilst the agent may be designed to run on a larger number of platforms—it is relatively easy to “port” the agent to different platforms as compared to the scanning engine. [0003]
    [0004] A disadvantage of the approach described in the preceding paragraph is that it may require the transfer of relatively large volumes of data over a computer network. This can slow down the virus scanning operation and may also result in network traffic congestion, having a knock-on effect on non-virus scanning related traffic. The transfer of unsecure information over a network may also introduce security risks. [0004] SUMMARY OF THE PRESENT INVENTION
    [0005] The inventor of the present invention has realised that in many cases, although large volumes of data may be transferred between an agent and a central virus scanning server, the scanning application actually only looks at or examines a relatively small proportion of this data. For example, the scanning application may in some cases be able to tell that a document is not infected with a virus merely by looking at the template-bit in the header of a Microsoft Word™ document. [0005]
    [0006] It is an object of the present invention to overcome or at least mitigate the above noted disadvantages. In particular, it is an object of the present invention to reduce the volume of data which must be transferred between an agent and a server for the purpose of virus scanning. [0006]
    [0007] These and other objects are achieved at least in part by transferring from an agent to a virus scanning server substantially only those portions of a file which are actually required by the scanning engine. [0007]
    [0008] According to a first aspect of the present invention there is provided a method of scanning electronic files for computer viruses, the method comprising: [0008]
    [0009] identifying at a first node of a computer network, electronic files which require to be scanned for computer viruses; [0009]
    [0010] initiating a dialogue between said first node and a second node of the network, the second node comprising a virus scanning application, during which dialogue the second node identifies to the first node one or more portions of the electronic file required by the virus scanning application; and [0010]
    [0011] transferring the identified portion(s) from the first node to the second node over the network. [0011]
    [0012] Embodiments of the present invention do not necessarily require the transfer of entire electronic files from the agent to the server. Rather, the embodiments only require those parts which are of direct interest to the scanning application to be transferred. For example, the scanning application may require the transfer of only a header portion of an electronic file or of a block of data pointed to by a jump instruction located in the header. In addition to reducing the volume of network traffic, embodiments of the present invention increase network security by avoiding the need to transfer entire files on a possibly insecure network. [0012]
    [0013] Preferably, the method of the present invention involves identifying electronic files which require virus scanning, at a plurality of first nodes of the computer network. A dialogue is then initiated between the first nodes and the said second node when appropriate. That is to say that a set of first nodes may be served by a single scanning application existing at a second node. [0013]
    [0014] It will be appreciated that the first node(s) and the second node may be located at respective different locations in the computer network. These nodes may be personal computers workstations, etc. [0014]
    [0015] The first node may be, for example, one of a database server, electronic mail server, an Internet server, a proxy server, or a firewall server. [0015]
    [0016] The first and second nodes preferably conduct said dialogue using a network protocol such as CVP or FNP (Data Fellows Oyj, Espoo, Finland), although the protocol may require some modification. The network protocol typically is carried by a transport protocol such as IP, IPX, or Net BEUI. [0016]
    [0017] Preferably, the method comprises analysing the file portions received at the second node for each file to be scanned, to determine whether or not the file contains a virus or cannot be guaranteed to not contain a virus. More preferably, the result of this analysis is sent to the first node over the network. [0017]
    [0018] In the event that a file is identified as containing a virus, the second node may initiate a dialogue with the first node and transfer to the first node data portions to be written into the file to disinfect the file (this process may also require the transfer of additional file portions from the first to the second node for modification at the second node). The first node may then write the data portions into the file, erasing other portions if necessary. Alternatively, the second node may send instructions to the first node to inform the first node how to disinfect the file. [0018]
    [0019] According to a second aspect of the present invention there is provided an anti-virus scanning system for use in scanning electronic files in a computer network, the system comprising: [0019]
    [0020] a first computer having processing means arranged to identify electronic files which should be scanned for computer viruses; and [0020]
    [0021] a second computer having processing means arranged to perform a virus scanning operation, [0021]
    [0022] the first computer further comprising communication means for initiating a dialogue between the first computer and the second computer, during which the second computer identifies to the first computer those portions of the electronic files required by the first computer for performing the virus scanning operation, and for transferring those portions to the second computer. [0022]
    [0023] According to a third aspect of the present invention there is provided a computer memory encoded with executable instructions representing a computer program for causing a first computer connected to a computer network to: [0023]
    [0024] identify electronic files which require to be scanned for computer viruses; [0024]
    [0025] initiate a dialogue between the first computer and a second computer also connected to the computer network; [0025]
    [0026] receive from the second computer an identification of portions of the electronic file which are required for virus scanning of the electronic files at the second computer; and [0026]
    [0027] transfer the identified portion from the first computer to the second computer. [0027]
    [0028] According to a fourth aspect of the present invention there is provided a computer memory encoded with executable instructions representing a computer program for causing a first computer connected to a computer network to: [0028]
    [0029] receive a dialogue initiation request from a second computer also connected to the computer network concerning an electronic file identified by the second computer as requiring a virus scan; [0029]
    [0030] identify to the second computer those portions of the electronic file which are required by the first mentioned computer for performing a virus scanning operation at the first computer; and [0030]
    [0031] receive the identified portions of the electronic file from the first node. [0031]
    [0032] According to a fifth aspect of the present invention there is provided a method of disinfecting an electronic file stored at a first node of a computer network, after the file has been identified as containing a virus by a virus scanning engine located at a second network node, the method comprising: [0032]
    [0033] sending from the second node to the first node, data portions to be written into the infected file and/or instructions for disinfecting the file; and [0033]
    [0034] receiving the data portions and/or instructions at the first node and writing the data portions into the infected file and/or carrying out said instructions. [0034]
    [0035] Preferably, said first and second nodes are respective computer workstations coupled to a common network. The workstation corresponding to the second node may be arranged to communicate with a plurality of workstations corresponding to respective second nodes. [0035] BRIEF DESCRIPTION OF THE DRAWINGS
    [0036] FIG. 1 shows schematically a data network having a central virus scanning server; [0036]
    [0037] FIG. 2 illustrates communication protocols used between the virus scanning server of FIG. 1 and an agent located at a node of the network; [0037]
    [0038] FIG. 3 illustrates data traffic between and agent and a virus scanning server in the network of FIG. 1; and [0038]
    [0039] FIG. 4 is a flow diagram illustrating a virus scanning operation of the network of FIG. 1. [0039] DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT
    [0040] A computer data network (illustrated generally by reference numeral [0040] 1) is shown in FIG. 1 and comprises a number of users or clients 2. These users include an administrator's workstation 2 a, one or more notebook computers 2 b, a number of computer workstations 2 c, and a server 2 d. The network comprises a physical wire network (Local Area Network (LAN)) 3 to which each of the users 2 is connected via respective network cards (generally integrated into the user terminals and therefore not shown separately in FIG. 1). The network may be an Ethernet network, X.25 network, or the like, with TCP/IP protocol being used as the transport protocol (alternative transport protocols include IPX, Net BEUI, etc). Although it is not considered here in detail, the wire network 3 of FIG. 1 may be replaced by a wireless LAN, e.g. using radio signals to transmit data.
    [0041] Also connected to the network (via respective network cards) are a number of so-called “protected systems” [0041] 4. These include a firewall 4 a, a mail server 4 b, a proxy server 4 c, and a database server 4 d. As will be known to the skilled person, the firewall 4 a provides a secure gateway between the network 1 and the “outside world”, in this case the Internet 5. All data traffic coming from the Internet 5 to the network 1 passes through the firewall 4 a where its access authority is checked. The firewall 4 a may also control the access of users 2 to the Internet 5. The mail server 4 b and the proxy server 4 c provide transit nodes for electronic mail and www traffic respectively. Data is routed between the mail server 4 b, the proxy server 4 c, and the Internet 5, via the firewall 4 a. The mail server 4 b may also act as a router for internal network electronic mail. The protected systems 4 also include a database server 4 d which acts as a gateway or transit node between the network and a central data storage facility 6. This facility is a repository for data shared by the network users 2.
    [0042] An additional server [0042] 7 provides virus scanning functionality as will be described below. This virus scanning server 7 is coupled to the network 1 and in use communicates with the protected systems 4 and the administrator's workstation 2 a. The server 7 is able to communicate with the protected systems and workstation 2 a using for example standardised or proprietary protocols carried over the TCP/IP LAN 3.
    [0043] Each of the protected systems [0043] 4 has stored in its memory a so-called “agent” application which is run by the systems in the background to the normal tasks performed by the systems. The function of an agent is to intercept data (in the form of files) which is being transferred through the system 4 on which the agent is running. An intercepted file is scanned on-the-fly by the agent to determine whether or not the file has a form which may contain a virus. Thus, the agent may identify files having a .doc, .exe, etc., filename extension, files corresponding to e-mails, e-mail attachment, or documents containing macros. It will be appreciated that new viruses are being continually created and that this list is not exhaustive.
    [0044] Considering for example the firewall [0044] 4 a, this firewall will intercept files being transferred from the Internet 5 to the network 3 and possibly files travelling in the reverse direction. Similarly, the mail server 4 b and proxy server 4 c will intercept e-mails and www files respectively, whilst the database server 4 d scans files being transferred to and from the data storage facility 6. The network may be arranged such that the unnecessary duplication of tasks is avoided, e.g. the mail server 4 b does not scan files received from the firewall 4 a but only scans internally transferred mail.
    [0045] Files which are not of a suspect type are “passed” by the agent and are routed by the system to an appropriate destination (e.g. a user [0045] 2). However, if an agent identifies a suspect file, then the agent initiates a dialogue with the virus scanning server 7 using a suitable network protocol. Currently, network protocols such as CVP and FNP are used to perform network dialogues and such protocols may be modified in order to implement the present method.
    [0046] FIG. 2 illustrates schematically the server and agent arrangement and in particular the communication protocols which allow the server and agent to communicate. At the agent, the agent application sits on top of the modified FNP network protocol entity. Beneath the FNP entity are TCP/IP and IP entities, whilst the lowermost entity is the physical layer which provides the physical connection to the network. A similar stack exists at the scanning engine, with the agent application being replaced by the scanning engine application. The dashed lines in FIG. 2 illustrate the peer entity communications whilst the solid line coupling the physical entities illustrates the actual data transfer path. [0046]
    [0047] FIG. 3 illustrates the data exchange process which takes place at the application level, between the agent application and the scanning engine application, following the identification at the agent of a file which requires virus scanning. The agent initiates the FNP dialogue by sending an Initiate Negotiation request to the scanning engine. This request may include, for example, an identification of the type of file to be scanned. Using the received information, the scanning engine determines which portions of the identified file it requires in order to perform the virus scan. For example, the scanning engine may determine that it requires only the template bits at the top of a Word™ file. The required portions are identified in a Request File Portions message which is sent to the agent. [0047]
    [0048] The agent returns the requested portions to the scanning engine in a Return File Portions message (or several such messages), whereupon the scanning engine commences the virus scanning operation. This may include, for example, generating “signatures” for the received file portions and comparing these against signatures produced from known viruses. In certain cases, the scanning engine may determine that it requires further file portions from the agent. Upon completion of the scan, the scanning engine returns the result to the agent in a Return Scan Result message. In the event that no virus has been identified in the file, the agent allows the file transfer (or other operation involving the scanned file) to proceed. [0048]
    [0049] In the event that a virus has been identified in the scanned file, one of several courses of action may be taken. Firstly, and as is illustrated beneath the dashed line in FIG. 3, a disinfection procedure may be carried out. This involves the scanning engine generating replacement file portions (on the basis the data previously transferred to the scanning engine from the agent, or using additionally transferred file portions), and returning these to the agent in a Write Instruction. The agent acts upon the Write Instruction by rewriting portions of the file to remove the virus infection. If no disinfection procedure is available, the file transfer procedure is suspended and the network administrator alerted, e.g. by sending a message over the network [0049] 1 from the agent to the network administrator's workstation.
    [0050] FIG. 4 is a flow diagram illustrating the method described above. [0050]
    [0051] It will be appreciated by the person of skill in the art that various modifications may be made to the above described embodiment without departing from the scope of the present invention. For example, whilst the above embodiment placed agents only at the firewall [0051] 4 a, mail server 4 b, proxy server 4 c, and database server 4 d, agents may also be present at one or more of the client computers 2.
    权利要求:
    Claims (14)
    [1" id="US-20010005889-A1-CLM-00001] 1. A method of scanning electronic files for computer viruses, the method comprising:
    identifying at a first node of a computer network, electronic files which require to be scanned for computer viruses;
    initiating a dialogue between said first node and a second node of the network, the second node comprising a virus scanning application, during which dialogue the second node identifies to the first node one or more portions of the electronic file required by the virus scanning application; and
    transferring the identified portion(s) from the first node to the second node over the network.
    [2" id="US-20010005889-A1-CLM-00002] 2. A method according to
    claim 1 and comprising identifying electronic files which require virus scanning, at a plurality of first nodes of the computer network and initiating a dialogue between the first nodes and the said second node when appropriate.
    [3" id="US-20010005889-A1-CLM-00003] 3. A method according to
    claim 1 , wherein the first node and the second node are located at respective different locations in the computer network.
    [4" id="US-20010005889-A1-CLM-00004] 4. A method according to
    claim 1 , wherein the first node is one of a database server, electronic mail server, an Internet server, a proxy server, or a firewall server.
    [5" id="US-20010005889-A1-CLM-00005] 5. A method according to
    claim 1 , wherein the dialogue is carried out using a network protocol carried by IP.
    [6" id="US-20010005889-A1-CLM-00006] 6. A method according to
    claim 1 and comprising analysing the file portions received at the second node to determine whether or not the file contains a virus or cannot be guaranteed to not contain a virus, and returning the result to the first node over the network.
    [7" id="US-20010005889-A1-CLM-00007] 7. A method according to
    claim 6 and comprising transferring from the second node to the first node data portions to be written into the file to disinfect the file.
    [8" id="US-20010005889-A1-CLM-00008] 8. A method according to
    claim 6 and comprising sending instructions from the second node to the first node to inform the first node how to disinfect the file.
    [9" id="US-20010005889-A1-CLM-00009] 9. An anti-virus scanning system for use in scanning electronic files in a computer network, the system comprising:
    a first computer having processing means arranged to identify electronic files which should be scanned for computer viruses; and
    a second computer having processing means arranged to perform a virus scanning operation,
    the first computer further comprising communication means for initiating a dialogue between the first computer and the second computer, during which the second computer identifies to the first computer those portions of the electronic files required by the first computer for performing the virus scanning operation, and for transferring those portions to the second computer.
    [10" id="US-20010005889-A1-CLM-00010] 10. A computer memory encoded with executable instructions representing a computer program for causing a first computer connected to a computer network to:
    identify electronic files which require to be scanned for computer viruses;
    initiate a dialogue between the first computer and a second computer also connected to the computer network;
    receive from the second computer an identification of portions of the electronic file which are required for virus scanning of the electronic files at the second computer; and
    transfer the identified portion from the first computer to the second computer.
    [11" id="US-20010005889-A1-CLM-00011] 11. A computer memory encoded with executable instructions representing a computer program for causing a first computer connected to a computer network to:
    receive a dialogue initiation request from a second computer also connected to the computer network concerning an electronic file identified by the second computer as requiring a virus scan;
    identify to the second computer those portions of the electronic file which are required by the first mentioned computer for performing a virus scanning operation at the first computer; and
    receive the identified portions of the electronic file from the first node.
    [12" id="US-20010005889-A1-CLM-00012] 12. A method of disinfecting an electronic file stored at a first node of a computer network, after the file has been identified as containing a virus by a virus scanning engine located at a second network node, the method comprising:
    sending from the second node to the first node, data portions to be written into the infected file and/or instructions for disinfecting the file; and
    receiving the data portions and/or instructions at the first node and writing the data portions into the infected file and/or carrying out said instructions.
    [13" id="US-20010005889-A1-CLM-00013] 13. A method according to
    claim 12 , wherein said first and second nodes are respective computer workstations coupled to a common network.
    [14" id="US-20010005889-A1-CLM-00014] 14. A method according to
    claim 13 , wherein the workstation corresponding to the second node is arranged to communicate with a plurality of workstations corresponding to respective second nodes.
    类似技术:
    公开号 | 公开日 | 专利标题
    US7020895B2|2006-03-28|Remote computer virus scanning
    US20030191957A1|2003-10-09|Distributed computer virus detection and scanning
    US9729655B2|2017-08-08|Managing transfer of data in a data network
    JP4778950B2|2011-09-21|Virus detection and removal equipment for computer networks
    US20170041293A1|2017-02-09|Methods and apparatus for blocking unwanted software downloads
    US6944775B2|2005-09-13|Scanner API for executing multiple scanning engines
    US7426574B2|2008-09-16|Technique for intercepting data in a peer-to-peer network
    US5889943A|1999-03-30|Apparatus and method for electronic mail virus detection and elimination
    JP3954385B2|2007-08-08|System, device and method for rapid packet filtering and packet processing
    US7865965B2|2011-01-04|Optimization of distributed anti-virus scanning
    CN101164050B|2011-06-08|Distributed traffic scanning through data stream security tagging
    JP2007517305A|2007-06-28|Flexible network security system and network security method permitting reliable processes
    TW200832180A|2008-08-01|Method and apparatus for reduced redundant security screening
    US20020143850A1|2002-10-03|Method and apparatus for progressively processing data
    US20060156400A1|2006-07-13|System and method for preventing unauthorized access to computer devices
    CN1969524B|2012-08-15|Method and system for identifying the content of files in a network
    US7089302B1|2006-08-08|Method and system for maintaining a communications protocol session
    US20150019632A1|2015-01-15|Server-based system, method, and computer program product for scanning data on a client using only a subset of the data
    US7086090B1|2006-08-01|Method and system for protecting pervasive devices and servers from exchanging viruses
    US7917585B2|2011-03-29|Apparatus, methods and articles of manufacture for intercepting, examining and controlling code, data and files and their transfer
    US20070083913A1|2007-04-12|Propagation of malicious code through an information technology network
    US8601094B2|2013-12-03|Method and computer program product utilizing multiple UDP data packets to transfer a quantity of data otherwise in excess of a single UDP packet
    EP1798916B1|2009-06-24|Regulating an extensibility point's access to a wrapped e-mail message
    US20110173675A9|2011-07-14|Propagation of malicious code through an information technology network
    Payne et al.2001|The Releasable Data Products Framework
    同族专利:
    公开号 | 公开日
    US7020895B2|2006-03-28|
    GB2353372A|2001-02-21|
    GB2353372B|2001-08-22|
    EP1111507A3|2001-07-04|
    EP1111507A2|2001-06-27|
    GB9930613D0|2000-02-16|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US5649095A|1992-03-30|1997-07-15|Cozza; Paul D.|Method and apparatus for detecting computer viruses through the use of a scan information cache|
    US6067410A|1996-02-09|2000-05-23|Symantec Corporation|Emulation repair system|
    US6029256A|1997-12-31|2000-02-22|Network Associates, Inc.|Method and system for allowing computer programs easy access to features of a virus scanning engine|
    US6035423A|1997-12-31|2000-03-07|Network Associates, Inc.|Method and system for providing automated updating and upgrading of antivirus applications using a computer network|
    US6269456B1|1997-12-31|2001-07-31|Network Associates, Inc.|Method and system for providing automated updating and upgrading of antivirus applications using a computer network|
    US6347376B1|1999-08-12|2002-02-12|International Business Machines Corp.|Security rule database searching in a network security environment|
    US6516337B1|1999-10-14|2003-02-04|Arcessa, Inc.|Sending to a central indexing site meta data or signatures from objects on a computer network|
    US6535891B1|2000-09-26|2003-03-18|Emc Corporation|Method and apparatus for indentifying accesses to a repository of logical objects stored on a storage system based upon information identifying accesses to physical storage locations|
    US6721847B2|2001-02-20|2004-04-13|Networks Associates Technology, Inc.|Cache hints for computer file access|US20020147780A1|2001-04-09|2002-10-10|Liu James Y.|Method and system for scanning electronic mail to detect and eliminate computer viruses using a group of email-scanning servers and a recipient's email gateway|
    US20030009690A1|2001-06-29|2003-01-09|Grupe Robert R.|Intelligent network scanning system and method|
    US20030023866A1|2001-07-26|2003-01-30|Hinchliffe Alex James|Centrally managed malware scanning|
    US20030088662A1|2001-11-06|2003-05-08|Hitachi, Ltd.|Electronic device and communication method using bridging medium|
    US20030097378A1|2001-11-20|2003-05-22|Khai Pham|Method and system for removing text-based viruses|
    US20030191911A1|2002-04-03|2003-10-09|Powerquest Corporation|Using disassociated images for computer and storage resource management|
    US20030217286A1|2002-04-13|2003-11-20|Itshak Carmona|System and method for detecting malicious code|
    US20040049698A1|2002-09-06|2004-03-11|Ott Allen Eugene|Computer network security system utilizing dynamic mobile sensor agents|
    US20040158741A1|2003-02-07|2004-08-12|Peter Schneider|System and method for remote virus scanning in wireless networks|
    US20040210769A1|2003-04-17|2004-10-21|Cybersoft, Inc.|Apparatus, methods and articles of manufacture for computer virus testing|
    US20040237079A1|2000-03-24|2004-11-25|Networks Associates Technology, Inc.|Virus detection system, method and computer program product for handheld computers|
    US20050132184A1|2003-12-12|2005-06-16|International Business Machines Corporation|Apparatus, methods and computer programs for controlling performance of operations within a data processing system or network|
    US20050132205A1|2003-12-12|2005-06-16|International Business Machines Corporation|Apparatus, methods and computer programs for identifying matching resources within a data processing network|
    US20050138426A1|2003-11-07|2005-06-23|Brian Styslinger|Method, system, and apparatus for managing, monitoring, auditing, cataloging, scoring, and improving vulnerability assessment tests, as well as automating retesting efforts and elements of tests|
    US20050166268A1|2004-01-22|2005-07-28|Symantec Corporation|Proactive prevention of polymorphic SMTP worms|
    US20050177748A1|2004-02-10|2005-08-11|Seiichi Katano|Virus protection for multi-function peripherals|
    US20050177720A1|2004-02-10|2005-08-11|Seiichi Katano|Virus protection for multi-function peripherals|
    US20050228695A1|2003-12-18|2005-10-13|Fuji Photo Film Co., Ltd.|Hospital management apparatus and method, and computer-readable medium|
    US6963978B1|2001-07-26|2005-11-08|Mcafee, Inc.|Distributed system and method for conducting a comprehensive search for malicious code in software|
    US6965928B1|2001-03-09|2005-11-15|Networks Associates Technology, Inc.|System and method for remote maintenance of handheld computers|
    US20060080517A1|2003-11-14|2006-04-13|Brown Christopher L T|Accessing a protected area of a storage device|
    US20060161987A1|2004-11-10|2006-07-20|Guy Levy-Yurista|Detecting and remedying unauthorized computer programs|
    US20070083930A1|2005-10-11|2007-04-12|Jim Dumont|Method, telecommunications node, and computer data signal message for optimizing virus scanning|
    US20070244920A1|2003-12-12|2007-10-18|Sudarshan Palliyil|Hash-Based Access To Resources in a Data Processing Network|
    US20070261118A1|2006-04-28|2007-11-08|Chien-Chih Lu|Portable storage device with stand-alone antivirus capability|
    US20070294765A1|2004-07-13|2007-12-20|Sonicwall, Inc.|Managing infectious forwarded messages|
    US20080104703A1|2004-07-13|2008-05-01|Mailfrontier, Inc.|Time Zero Detection of Infectious Messages|
    US20080163372A1|2006-12-28|2008-07-03|Matrix Xin Wang|Anti-virus system for IMS network|
    US20090019547A1|2003-12-12|2009-01-15|International Business Machines Corporation|Method and computer program product for identifying or managing vulnerabilities within a data processing network|
    WO2009023294A2|2007-03-20|2009-02-19|Microsoft Corporation|Combining assessment models and client targeting to identify network security vulnerabilities|
    US20090077665A1|2005-03-22|2009-03-19|Matsushita Electric Industrial Co., Ltd.|Method and applications for detecting computer viruses|
    US7565517B1|2002-04-03|2009-07-21|Symantec Corporation|Retargeting a captured image to new hardware while in a pre-boot environment|
    US7591018B1|2004-09-14|2009-09-15|Trend Micro Incorporated|Portable antivirus device with solid state memory|
    US20100154062A1|2008-12-16|2010-06-17|Elad Baram|Virus Scanning Executed Within a Storage Device to Reduce Demand on Host Resources|
    US20100251373A1|2005-12-12|2010-09-30|Finjan, Inc.|System and method for inspecting dynamically generated executable code|
    US20100333199A1|2009-06-25|2010-12-30|Accenture Global Services Gmbh|Method and system for scanning a computer system for sensitive content|
    US7895651B2|2005-07-29|2011-02-22|Bit 9, Inc.|Content tracking in a network security system|
    US20110067010A1|2009-09-14|2011-03-17|zynamics GmbH|Method for Characterization of a Computer Program Part|
    US20110202998A1|2010-02-18|2011-08-18|zynamics GmbH|Method and System for Recognizing Malware|
    US8090393B1|2006-06-30|2012-01-03|Symantec Operating Corporation|System and method for collecting and analyzing malicious code sent to mobile devices|
    US8127358B1|2007-05-30|2012-02-28|Trend Micro Incorporated|Thin client for computer security applications|
    US8204945B2|2000-06-19|2012-06-19|Stragent, Llc|Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail|
    US8272058B2|2005-07-29|2012-09-18|Bit 9, Inc.|Centralized timed analysis in a network security system|
    US20120324577A1|2011-06-14|2012-12-20|Honeywell International Inc.|Detecting malicious software on a computing device with a mobile device|
    US8667593B1|2010-05-11|2014-03-04|Re-Sec Technologies Ltd.|Methods and apparatuses for protecting against malicious software|
    US8776229B1|2004-04-01|2014-07-08|Fireeye, Inc.|System and method of detecting malicious traffic while reducing false positives|
    US8793787B2|2004-04-01|2014-07-29|Fireeye, Inc.|Detecting malicious network content using virtual environment components|
    US8813222B1|2009-01-21|2014-08-19|Bitdefender IPR Management Ltd.|Collaborative malware scanning|
    US8832829B2|2009-09-30|2014-09-09|Fireeye, Inc.|Network-based binary file extraction and analysis for malware detection|
    US8850571B2|2008-11-03|2014-09-30|Fireeye, Inc.|Systems and methods for detecting malicious network content|
    US8881282B1|2004-04-01|2014-11-04|Fireeye, Inc.|Systems and methods for malware attack detection and identification|
    US8898788B1|2004-04-01|2014-11-25|Fireeye, Inc.|Systems and methods for malware attack prevention|
    US8903920B1|2005-10-24|2014-12-02|At&T Intellectual Property I, L.P.|Detection and prevention of e-mail malware attacks|
    US20150007324A1|2013-06-27|2015-01-01|Secureage Technology, Inc.|System and method for antivirus protection|
    CN104281806A|2013-07-01|2015-01-14|宁夏新航信息科技有限公司|Automatic computer virus detection system|
    US20150067854A1|2013-09-03|2015-03-05|Electronics And Telecommunications Research Institute|Apparatus and method for multi-checking for mobile malware|
    US8984638B1|2004-04-01|2015-03-17|Fireeye, Inc.|System and method for analyzing suspicious network data|
    US8984636B2|2005-07-29|2015-03-17|Bit9, Inc.|Content extractor and analysis system|
    US8990944B1|2013-02-23|2015-03-24|Fireeye, Inc.|Systems and methods for automatically detecting backdoors|
    US8997219B2|2008-11-03|2015-03-31|Fireeye, Inc.|Systems and methods for detecting malicious PDF network content|
    US9009823B1|2013-02-23|2015-04-14|Fireeye, Inc.|Framework for efficient security coverage of mobile software applications installed on mobile devices|
    US9009459B1|2012-03-12|2015-04-14|Symantec Corporation|Systems and methods for neutralizing file-format-specific exploits included within files contained within electronic communications|
    US9009822B1|2013-02-23|2015-04-14|Fireeye, Inc.|Framework for multi-phase analysis of mobile applications|
    US9027135B1|2004-04-01|2015-05-05|Fireeye, Inc.|Prospective client identification using malware attack detection|
    US9071638B1|2004-04-01|2015-06-30|Fireeye, Inc.|System and method for malware containment|
    US20150205979A1|2012-06-19|2015-07-23|Beijing Qihoo Technology Company Limited|Method and system for repairing file at user terminal|
    US9104867B1|2013-03-13|2015-08-11|Fireeye, Inc.|Malicious content analysis using simulated user interaction without user involvement|
    US9106694B2|2004-04-01|2015-08-11|Fireeye, Inc.|Electronic message analysis for malware detection|
    US9117081B2|2013-12-20|2015-08-25|Bitdefender IPR Management Ltd.|Strongly isolated malware scanning using secure virtual containers|
    US9159035B1|2013-02-23|2015-10-13|Fireeye, Inc.|Framework for computer application analysis of sensitive information tracking|
    US9171160B2|2013-09-30|2015-10-27|Fireeye, Inc.|Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses|
    US9176843B1|2013-02-23|2015-11-03|Fireeye, Inc.|Framework for efficient security coverage of mobile software applications|
    US9189627B1|2013-11-21|2015-11-17|Fireeye, Inc.|System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection|
    US9195829B1|2013-02-23|2015-11-24|Fireeye, Inc.|User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications|
    US9223972B1|2014-03-31|2015-12-29|Fireeye, Inc.|Dynamically remote tuning of a malware content detection system|
    US9230111B1|2013-06-25|2016-01-05|Symantec Corporation|Systems and methods for protecting document files from macro threats|
    US9241010B1|2014-03-20|2016-01-19|Fireeye, Inc.|System and method for network behavior detection|
    US9251343B1|2013-03-15|2016-02-02|Fireeye, Inc.|Detecting bootkits resident on compromised computers|
    US20160036840A1|2014-07-29|2016-02-04|Digital Arts Inc.|Information processing apparatus and program|
    US9262635B2|2014-02-05|2016-02-16|Fireeye, Inc.|Detection efficacy of virtual machine-based analysis with application specific events|
    US9294501B2|2013-09-30|2016-03-22|Fireeye, Inc.|Fuzzy hash of behavioral results|
    US9300686B2|2013-06-28|2016-03-29|Fireeye, Inc.|System and method for detecting malicious links in electronic messages|
    US9306974B1|2013-12-26|2016-04-05|Fireeye, Inc.|System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits|
    US9306960B1|2004-04-01|2016-04-05|Fireeye, Inc.|Systems and methods for unauthorized activity defense|
    US9311479B1|2013-03-14|2016-04-12|Fireeye, Inc.|Correlation and consolidation of analytic data for holistic view of a malware attack|
    US9355247B1|2013-03-13|2016-05-31|Fireeye, Inc.|File extraction from memory dump for malicious content analysis|
    US9363280B1|2014-08-22|2016-06-07|Fireeye, Inc.|System and method of detecting delivery of malware using cross-customer data|
    US9367681B1|2013-02-23|2016-06-14|Fireeye, Inc.|Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application|
    US9398028B1|2014-06-26|2016-07-19|Fireeye, Inc.|System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers|
    GB2535522A|2015-02-20|2016-08-24|F-Secure Corp|Dynamic remote malware scanning|
    US9430646B1|2013-03-14|2016-08-30|Fireeye, Inc.|Distributed systems and methods for automatically detecting unknown bots and botnets|
    US9432389B1|2014-03-31|2016-08-30|Fireeye, Inc.|System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object|
    US9438613B1|2015-03-30|2016-09-06|Fireeye, Inc.|Dynamic content activation for automated analysis of embedded objects|
    US9438623B1|2014-06-06|2016-09-06|Fireeye, Inc.|Computer exploit detection using heap spray pattern matching|
    US9483644B1|2015-03-31|2016-11-01|Fireeye, Inc.|Methods for detecting file altering malware in VM based analysis|
    US9495180B2|2013-05-10|2016-11-15|Fireeye, Inc.|Optimized resource allocation for virtual machines within a malware content detection system|
    US9519782B2|2012-02-24|2016-12-13|Fireeye, Inc.|Detecting malicious network content|
    US9536091B2|2013-06-24|2017-01-03|Fireeye, Inc.|System and method for detecting time-bomb malware|
    US9565202B1|2013-03-13|2017-02-07|Fireeye, Inc.|System and method for detecting exfiltration content|
    US20170046230A1|2009-04-28|2017-02-16|Whp Workflow Solutions, Llc|Data backup and transfer across multiple cloud computing providers|
    US9591015B1|2014-03-28|2017-03-07|Fireeye, Inc.|System and method for offloading packet processing and static analysis operations|
    US9594904B1|2015-04-23|2017-03-14|Fireeye, Inc.|Detecting malware based on reflection|
    US9594912B1|2014-06-06|2017-03-14|Fireeye, Inc.|Return-oriented programming detection|
    US9628498B1|2004-04-01|2017-04-18|Fireeye, Inc.|System and method for bot detection|
    US9628507B2|2013-09-30|2017-04-18|Fireeye, Inc.|Advanced persistent threatdetection center|
    US9626509B1|2013-03-13|2017-04-18|Fireeye, Inc.|Malicious content analysis with multi-version application support within single operating environment|
    US9635039B1|2013-05-13|2017-04-25|Fireeye, Inc.|Classifying sets of malicious indicators for detecting command and control communications associated with malware|
    US9690606B1|2015-03-25|2017-06-27|Fireeye, Inc.|Selective system call monitoring|
    US9690933B1|2014-12-22|2017-06-27|Fireeye, Inc.|Framework for classifying an object as malicious with machine learning for deploying updated predictive models|
    US9690936B1|2013-09-30|2017-06-27|Fireeye, Inc.|Multistage system and method for analyzing obfuscated content for malware|
    US9736179B2|2013-09-30|2017-08-15|Fireeye, Inc.|System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection|
    US9747446B1|2013-12-26|2017-08-29|Fireeye, Inc.|System and method for run-time object classification|
    US9773112B1|2014-09-29|2017-09-26|Fireeye, Inc.|Exploit detection of malware and malware families|
    US9824209B1|2013-02-23|2017-11-21|Fireeye, Inc.|Framework for efficient security coverage of mobile software applications that is usable to harden in the field code|
    US9825976B1|2015-09-30|2017-11-21|Fireeye, Inc.|Detection and classification of exploit kits|
    US9824216B1|2015-12-31|2017-11-21|Fireeye, Inc.|Susceptible environment detection system|
    US9825989B1|2015-09-30|2017-11-21|Fireeye, Inc.|Cyber attack early warning system|
    US9838417B1|2014-12-30|2017-12-05|Fireeye, Inc.|Intelligent context aware user interaction for malware detection|
    US9838416B1|2004-06-14|2017-12-05|Fireeye, Inc.|System and method of detecting malicious content|
    US9888016B1|2013-06-28|2018-02-06|Fireeye, Inc.|System and method for detecting phishing using password prediction|
    US9921978B1|2013-11-08|2018-03-20|Fireeye, Inc.|System and method for enhanced security of storage devices|
    US9973531B1|2014-06-06|2018-05-15|Fireeye, Inc.|Shellcode detection|
    US10027689B1|2014-09-29|2018-07-17|Fireeye, Inc.|Interactive infection visualization for improved exploit detection and signature generation for malware and malware families|
    US10033747B1|2015-09-29|2018-07-24|Fireeye, Inc.|System and method for detecting interpreter-based exploit attacks|
    US10050998B1|2015-12-30|2018-08-14|Fireeye, Inc.|Malicious message analysis system|
    US10075455B2|2014-12-26|2018-09-11|Fireeye, Inc.|Zero-day rotating guest image profile|
    US10084813B2|2014-06-24|2018-09-25|Fireeye, Inc.|Intrusion prevention and remedy system|
    US10089461B1|2013-09-30|2018-10-02|Fireeye, Inc.|Page replacement code injection|
    US10133866B1|2015-12-30|2018-11-20|Fireeye, Inc.|System and method for triggering analysis of an object for malware in response to modification of that object|
    US10133863B2|2013-06-24|2018-11-20|Fireeye, Inc.|Zero-day discovery system|
    US10148693B2|2015-03-25|2018-12-04|Fireeye, Inc.|Exploit detection system|
    US10169585B1|2016-06-22|2019-01-01|Fireeye, Inc.|System and methods for advanced malware detection through placement of transition events|
    US10176321B2|2015-09-22|2019-01-08|Fireeye, Inc.|Leveraging behavior-based rules for malware family classification|
    US10192052B1|2013-09-30|2019-01-29|Fireeye, Inc.|System, apparatus and method for classifying a file as malicious using static scanning|
    US10210329B1|2015-09-30|2019-02-19|Fireeye, Inc.|Method to detect application execution hijacking using memory protection|
    US10242185B1|2014-03-21|2019-03-26|Fireeye, Inc.|Dynamic guest image creation and rollback|
    US10284575B2|2015-11-10|2019-05-07|Fireeye, Inc.|Launcher for setting analysis environment variations for malware detection|
    US10341365B1|2015-12-30|2019-07-02|Fireeye, Inc.|Methods and system for hiding transition events for malware detection|
    US20190268363A1|2017-06-30|2019-08-29|SparkCognition, Inc.|Server-supported malware detection and protection|
    US10417031B2|2015-03-31|2019-09-17|Fireeye, Inc.|Selective virtualization for security threat detection|
    US10419722B2|2009-04-28|2019-09-17|Whp Workflow Solutions, Inc.|Correlated media source management and response control|
    US10447728B1|2015-12-10|2019-10-15|Fireeye, Inc.|Technique for protecting guest processes using a layered virtualization architecture|
    US10454950B1|2015-06-30|2019-10-22|Fireeye, Inc.|Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks|
    US10462173B1|2016-06-30|2019-10-29|Fireeye, Inc.|Malware detection verification and enhancement by coordinating endpoint and malware detection systems|
    US10476906B1|2016-03-25|2019-11-12|Fireeye, Inc.|System and method for managing formation and modification of a cluster within a malware detection system|
    US10474813B1|2015-03-31|2019-11-12|Fireeye, Inc.|Code injection technique for remediation at an endpoint of a network|
    US10491627B1|2016-09-29|2019-11-26|Fireeye, Inc.|Advanced malware detection using similarity analysis|
    US10503904B1|2017-06-29|2019-12-10|Fireeye, Inc.|Ransomware detection and mitigation|
    US10515214B1|2013-09-30|2019-12-24|Fireeye, Inc.|System and method for classifying malware within content created during analysis of a specimen|
    US10523609B1|2016-12-27|2019-12-31|Fireeye, Inc.|Multi-vector malware detection and analysis|
    US10528726B1|2014-12-29|2020-01-07|Fireeye, Inc.|Microvisor-based malware detection appliance architecture|
    US10554507B1|2017-03-30|2020-02-04|Fireeye, Inc.|Multi-level control for enhanced resource and object evaluation management of malware detection system|
    US10552610B1|2016-12-22|2020-02-04|Fireeye, Inc.|Adaptive virtual machine snapshot update framework for malware behavioral analysis|
    US10565378B1|2015-12-30|2020-02-18|Fireeye, Inc.|Exploit of privilege detection framework|
    US10572665B2|2012-12-28|2020-02-25|Fireeye, Inc.|System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events|
    US10581879B1|2016-12-22|2020-03-03|Fireeye, Inc.|Enhanced malware detection for generated objects|
    US10581874B1|2015-12-31|2020-03-03|Fireeye, Inc.|Malware detection system with contextual analysis|
    US10587647B1|2016-11-22|2020-03-10|Fireeye, Inc.|Technique for malware detection capability comparison of network security devices|
    US10592678B1|2016-09-09|2020-03-17|Fireeye, Inc.|Secure communications between peers using a verified virtual trusted platform module|
    US10601848B1|2017-06-29|2020-03-24|Fireeye, Inc.|Cyber-security system and method for weak indicator detection and correlation to generate strong indicators|
    US10601865B1|2015-09-30|2020-03-24|Fireeye, Inc.|Detection of credential spearphishing attacks using email analysis|
    US10601863B1|2016-03-25|2020-03-24|Fireeye, Inc.|System and method for managing sensor enrollment|
    US10642753B1|2015-06-30|2020-05-05|Fireeye, Inc.|System and method for protecting a software component running in virtual machine using a virtualization layer|
    US10671726B1|2014-09-22|2020-06-02|Fireeye Inc.|System and method for malware analysis using thread-level event monitoring|
    US10671721B1|2016-03-25|2020-06-02|Fireeye, Inc.|Timeout management services|
    US10701091B1|2013-03-15|2020-06-30|Fireeye, Inc.|System and method for verifying a cyberthreat|
    US10706149B1|2015-09-30|2020-07-07|Fireeye, Inc.|Detecting delayed activation malware using a primary controller and plural time controllers|
    US10715542B1|2015-08-14|2020-07-14|Fireeye, Inc.|Mobile application risk analysis|
    US10713358B2|2013-03-15|2020-07-14|Fireeye, Inc.|System and method to extract and utilize disassembly features to classify software intent|
    US10728263B1|2015-04-13|2020-07-28|Fireeye, Inc.|Analytic-based security monitoring system and method|
    US10726127B1|2015-06-30|2020-07-28|Fireeye, Inc.|System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer|
    US10740456B1|2014-01-16|2020-08-11|Fireeye, Inc.|Threat-aware architecture|
    US10747872B1|2017-09-27|2020-08-18|Fireeye, Inc.|System and method for preventing malware evasion|
    US10785255B1|2016-03-25|2020-09-22|Fireeye, Inc.|Cluster configuration within a scalable malware detection system|
    US10791138B1|2017-03-30|2020-09-29|Fireeye, Inc.|Subscription-based malware detection|
    US10798112B2|2017-03-30|2020-10-06|Fireeye, Inc.|Attribute-controlled malware detection|
    US10795991B1|2016-11-08|2020-10-06|Fireeye, Inc.|Enterprise search|
    US10805340B1|2014-06-26|2020-10-13|Fireeye, Inc.|Infection vector and malware tracking with an interactive user display|
    US10805346B2|2017-10-01|2020-10-13|Fireeye, Inc.|Phishing attack detection|
    US10817606B1|2015-09-30|2020-10-27|Fireeye, Inc.|Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic|
    US10826931B1|2018-03-29|2020-11-03|Fireeye, Inc.|System and method for predicting and mitigating cybersecurity system misconfigurations|
    US10846117B1|2015-12-10|2020-11-24|Fireeye, Inc.|Technique for establishing secure communication between host and guest processes of a virtualization architecture|
    US10855700B1|2017-06-29|2020-12-01|Fireeye, Inc.|Post-intrusion detection of cyber-attacks during lateral movement within networks|
    US10893068B1|2017-06-30|2021-01-12|Fireeye, Inc.|Ransomware file modification prevention technique|
    US10893059B1|2016-03-31|2021-01-12|Fireeye, Inc.|Verification and enhancement using detection systems located at the network periphery and endpoint devices|
    US10902119B1|2017-03-30|2021-01-26|Fireeye, Inc.|Data extraction system for malware analysis|
    US10904286B1|2017-03-24|2021-01-26|Fireeye, Inc.|Detection of phishing attacks using similarity analysis|
    US10956477B1|2018-03-30|2021-03-23|Fireeye, Inc.|System and method for detecting malicious scripts through natural language processing modeling|
    US10986104B2|2016-11-15|2021-04-20|F-Secure Corporation|Remote malware scanning capable of static and dynamic file analysis|
    US11003773B1|2018-03-30|2021-05-11|Fireeye, Inc.|System and method for automatically generating malware detection rule recommendations|
    US11005860B1|2017-12-28|2021-05-11|Fireeye, Inc.|Method and system for efficient cybersecurity analysis of endpoint events|
    US11075930B1|2018-06-27|2021-07-27|Fireeye, Inc.|System and method for detecting repetitive cybersecurity attacks constituting an email campaign|
    US11108809B2|2017-10-27|2021-08-31|Fireeye, Inc.|System and method for analyzing binary code for malware classification using artificial neural network techniques|
    US11113086B1|2015-06-30|2021-09-07|Fireeye, Inc.|Virtual system and method for securing external network connectivity|
    US11182473B1|2018-09-13|2021-11-23|Fireeye Security Holdings Us Llc|System and method for mitigating cyberattacks against processor operability by a guest process|
    US11200080B1|2015-12-11|2021-12-14|Fireeye Security Holdings Us Llc|Late load technique for deploying a virtualization layer underneath a running operating system|
    US11228491B1|2018-06-28|2022-01-18|Fireeye Security Holdings Us Llc|System and method for distributed cluster configuration monitoring and management|GB2283341A|1993-10-29|1995-05-03|Sophos Plc|Central virus checker for computer network.|
    US5623600A|1995-09-26|1997-04-22|Trend Micro, Incorporated|Virus detection and removal apparatus for computer networks|
    US5832208A|1996-09-05|1998-11-03|Cheyenne Software International Sales Corp.|Anti-virus agent for use with databases and mail servers|
    US5960170A|1997-03-18|1999-09-28|Trend Micro, Inc.|Event triggered iterative virus detection|
    US6347375B1|1998-07-08|2002-02-12|Ontrack Data International, Inc|Apparatus and method for remote virus diagnosis and repair|US7134142B2|2001-04-13|2006-11-07|Nokia Inc.|System and method for providing exploit protection for networks|
    US7917585B2|2001-06-21|2011-03-29|Cybersoft, Inc.|Apparatus, methods and articles of manufacture for intercepting, examining and controlling code, data and files and their transfer|
    US6513122B1|2001-06-29|2003-01-28|Networks Associates Technology, Inc.|Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities|
    EP1365546B1|2002-05-21|2005-12-14|Hitachi Europe Limited|Programmable network node for performing multiple processes|
    US7386889B2|2002-11-18|2008-06-10|Trusted Network Technologies, Inc.|System and method for intrusion prevention in a communications network|
    US7660980B2|2002-11-18|2010-02-09|Liquidware Labs, Inc.|Establishing secure TCP/IP communications using embedded IDs|
    EP1549012A1|2003-12-24|2005-06-29|DataCenterTechnologies N.V.|Method and system for identifying the content of files in a network|
    US8613091B1|2004-03-08|2013-12-17|Redcannon Security, Inc.|Method and apparatus for creating a secure anywhere system|
    EP1742151A4|2004-04-26|2010-11-10|Inc Nat University Iwate Unive|Computer virus unique information extraction device, computer virus unique information extraction method, and computer virus unique information extraction program|
    US20050268342A1|2004-05-14|2005-12-01|Trusted Network Technologies, Inc.|System, apparatuses, methods and computer-readable media for determining security status of computer before establishing network connection second group of embodiments-claim set II|
    US20060095964A1|2004-10-29|2006-05-04|Microsoft Corporation|Document stamping antivirus manifest|
    US7698744B2|2004-12-03|2010-04-13|Whitecell Software Inc.|Secure system for allowing the execution of authorized computer program code|
    JP4770306B2|2005-07-12|2011-09-14|日本電気株式会社|Terminal security check service providing method and system|
    WO2007038517A1|2005-09-26|2007-04-05|Wiresoft, Inc.|Methods, software and apparatus for detecting and neutralizing viruses from computer systems and networks|
    US7836500B2|2005-12-16|2010-11-16|Eacceleration Corporation|Computer virus and malware cleaner|
    GB2432933B|2006-03-14|2008-07-09|Streamshield Networks Ltd|A method and apparatus for providing network security|
    US7930749B2|2006-05-11|2011-04-19|Eacceleration Corp.|Accelerated data scanning|
    US7836505B2|2006-06-05|2010-11-16|Eacceleration Corporation|Accelerated file scanning|
    US20080016572A1|2006-07-12|2008-01-17|Microsoft Corporation|Malicious software detection via memory analysis|
    US8621610B2|2007-08-06|2013-12-31|The Regents Of The University Of Michigan|Network service for the detection, analysis and quarantine of malicious and unwanted files|
    US8732825B2|2008-05-28|2014-05-20|Symantec Corporation|Intelligent hashes for centralized malware detection|
    US9235704B2|2008-10-21|2016-01-12|Lookout, Inc.|System and method for a scanning API|
    US9367680B2|2008-10-21|2016-06-14|Lookout, Inc.|System and method for mobile communication device application advisement|
    US9043919B2|2008-10-21|2015-05-26|Lookout, Inc.|Crawling multiple markets and correlating|
    US9781148B2|2008-10-21|2017-10-03|Lookout, Inc.|Methods and systems for sharing risk responses between collections of mobile communications devices|
    US8087067B2|2008-10-21|2011-12-27|Lookout, Inc.|Secure mobile platform system|
    US8533844B2|2008-10-21|2013-09-10|Lookout, Inc.|System and method for security data collection and analysis|
    US8051480B2|2008-10-21|2011-11-01|Lookout, Inc.|System and method for monitoring and analyzing multiple interfaces and multiple protocols|
    US8347386B2|2008-10-21|2013-01-01|Lookout, Inc.|System and method for server-coupled malware prevention|
    US8984628B2|2008-10-21|2015-03-17|Lookout, Inc.|System and method for adverse mobile application identification|
    US8060936B2|2008-10-21|2011-11-15|Lookout, Inc.|Security status and information display system|
    US8108933B2|2008-10-21|2012-01-31|Lookout, Inc.|System and method for attack and malware prevention|
    US9042876B2|2009-02-17|2015-05-26|Lookout, Inc.|System and method for uploading location information based on device movement|
    US8538815B2|2009-02-17|2013-09-17|Lookout, Inc.|System and method for mobile device replacement|
    US9955352B2|2009-02-17|2018-04-24|Lookout, Inc.|Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such|
    US8467768B2|2009-02-17|2013-06-18|Lookout, Inc.|System and method for remotely securing or recovering a mobile device|
    US8855601B2|2009-02-17|2014-10-07|Lookout, Inc.|System and method for remotely-initiated audio communication|
    US8612995B1|2009-03-31|2013-12-17|Symantec Corporation|Method and apparatus for monitoring code injection into a process executing on a computer|
    US8397301B2|2009-11-18|2013-03-12|Lookout, Inc.|System and method for identifying and assessing vulnerabilities on a mobile communication device|
    US8352522B1|2010-09-01|2013-01-08|Trend Micro Incorporated|Detection of file modifications performed by malicious codes|
    RU2444056C1|2010-11-01|2012-02-27|Закрытое акционерное общество "Лаборатория Касперского"|System and method of speeding up problem solving by accumulating statistical information|
    RU2449348C1|2010-11-01|2012-04-27|Закрытое акционерное общество "Лаборатория Касперского"|System and method for virus-checking data downloaded from network at server side|
    US8738765B2|2011-06-14|2014-05-27|Lookout, Inc.|Mobile device DNS optimization|
    US8943595B2|2011-07-15|2015-01-27|International Business Machines Corporation|Granular virus detection|
    US9003544B2|2011-07-26|2015-04-07|Kaspersky Lab Zao|Efficient securing of data on mobile devices|
    US8788881B2|2011-08-17|2014-07-22|Lookout, Inc.|System and method for mobile device push communications|
    EP3289510B1|2015-05-01|2020-06-17|Lookout Inc.|Determining source of side-loaded software|
    US9589129B2|2012-06-05|2017-03-07|Lookout, Inc.|Determining source of side-loaded software|
    US9407443B2|2012-06-05|2016-08-02|Lookout, Inc.|Component analysis of software applications on computing devices|
    US8655307B1|2012-10-26|2014-02-18|Lookout, Inc.|System and method for developing, updating, and using user device behavioral context models to modify user, device, and application state, settings and behavior for enhanced user security|
    US9208215B2|2012-12-27|2015-12-08|Lookout, Inc.|User classification based on data gathered from a computing device|
    US9374369B2|2012-12-28|2016-06-21|Lookout, Inc.|Multi-factor authentication and comprehensive login system for client-server networks|
    US8855599B2|2012-12-31|2014-10-07|Lookout, Inc.|Method and apparatus for auxiliary communications with mobile communications device|
    US9424409B2|2013-01-10|2016-08-23|Lookout, Inc.|Method and system for protecting privacy and enhancing security on an electronic device|
    US9642008B2|2013-10-25|2017-05-02|Lookout, Inc.|System and method for creating and assigning a policy for a mobile communications device based on personal data|
    US9753796B2|2013-12-06|2017-09-05|Lookout, Inc.|Distributed monitoring, evaluation, and response for multiple devices|
    US10122747B2|2013-12-06|2018-11-06|Lookout, Inc.|Response generation after distributed monitoring and evaluation of multiple devices|
    US10218697B2|2017-06-09|2019-02-26|Lookout, Inc.|Use of device risk evaluation to manage access to services|
    法律状态:
    2000-12-21| AS| Assignment|Owner name: F-SECURE OYJ, FINLAND Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ALBRECHT, MIKAEL;REEL/FRAME:011394/0071 Effective date: 20001115 |
    2006-03-09| STCF| Information on status: patent grant|Free format text: PATENTED CASE |
    2009-08-26| FPAY| Fee payment|Year of fee payment: 4 |
    2009-11-10| SULP| Surcharge for late payment|
    2013-09-01| FPAY| Fee payment|Year of fee payment: 8 |
    2017-09-15| MAFP| Maintenance fee payment|Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553) Year of fee payment: 12 |
    优先权:
    申请号 | 申请日 | 专利标题
    GB9930613.6||1999-12-24||
    GB9930613A|GB2353372B|1999-12-24|1999-12-24|Remote computer virus scanning|
    [返回顶部]