Discovering Malicious Input Files and Performing Automatic and Distributed Remediation

Discovering Malicious Input Files and Performing Automatic and Distributed Remediation

The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: THOMAS ANIL FRANCIS, KAPOOR VISHAL, SEINFELD MARC E, JOHNSON JOSEPH J, FAULHABER JOSEPH L, KELLER JONATHAN MARK, KUMAR AJITH, MARINESCU ADRIAN M, JARRETT MICHAEL SEAN
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator THOMAS ANIL FRANCIS
KAPOOR VISHAL
SEINFELD MARC E
JOHNSON JOSEPH J
FAULHABER JOSEPH L
KELLER JONATHAN MARK
KUMAR AJITH
MARINESCU ADRIAN M
JARRETT MICHAEL SEAN
description The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2012297488A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2012297488A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2012297488A13</originalsourceid><addsrcrecordid>eNrjZAhzySxOzi9LLcrMS1fwTczJTM7MLy1W8MwrKC1RcMvMSS1WSMxLUQhILUrLL8oFKXIsLcnPTSzJTAZLALWXFGUmlZakpigEpeampmQCpfLzeBhY0xJzilN5oTQ3g7Kba4izh25qQX58anFBYnJqXmpJfGiwkYGhkZGluYmFhaOhMXGqAAmkOqc</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Discovering Malicious Input Files and Performing Automatic and Distributed Remediation</title><source>esp@cenet</source><creator>THOMAS ANIL FRANCIS ; KAPOOR VISHAL ; SEINFELD MARC E ; JOHNSON JOSEPH J ; FAULHABER JOSEPH L ; KELLER JONATHAN MARK ; KUMAR AJITH ; MARINESCU ADRIAN M ; JARRETT MICHAEL SEAN</creator><creatorcontrib>THOMAS ANIL FRANCIS ; KAPOOR VISHAL ; SEINFELD MARC E ; JOHNSON JOSEPH J ; FAULHABER JOSEPH L ; KELLER JONATHAN MARK ; KUMAR AJITH ; MARINESCU ADRIAN M ; JARRETT MICHAEL SEAN</creatorcontrib><description>The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2012</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20121122&amp;DB=EPODOC&amp;CC=US&amp;NR=2012297488A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76290</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20121122&amp;DB=EPODOC&amp;CC=US&amp;NR=2012297488A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>THOMAS ANIL FRANCIS</creatorcontrib><creatorcontrib>KAPOOR VISHAL</creatorcontrib><creatorcontrib>SEINFELD MARC E</creatorcontrib><creatorcontrib>JOHNSON JOSEPH J</creatorcontrib><creatorcontrib>FAULHABER JOSEPH L</creatorcontrib><creatorcontrib>KELLER JONATHAN MARK</creatorcontrib><creatorcontrib>KUMAR AJITH</creatorcontrib><creatorcontrib>MARINESCU ADRIAN M</creatorcontrib><creatorcontrib>JARRETT MICHAEL SEAN</creatorcontrib><title>Discovering Malicious Input Files and Performing Automatic and Distributed Remediation</title><description>The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2012</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZAhzySxOzi9LLcrMS1fwTczJTM7MLy1W8MwrKC1RcMvMSS1WSMxLUQhILUrLL8oFKXIsLcnPTSzJTAZLALWXFGUmlZakpigEpeampmQCpfLzeBhY0xJzilN5oTQ3g7Kba4izh25qQX58anFBYnJqXmpJfGiwkYGhkZGluYmFhaOhMXGqAAmkOqc</recordid><startdate>20121122</startdate><enddate>20121122</enddate><creator>THOMAS ANIL FRANCIS</creator><creator>KAPOOR VISHAL</creator><creator>SEINFELD MARC E</creator><creator>JOHNSON JOSEPH J</creator><creator>FAULHABER JOSEPH L</creator><creator>KELLER JONATHAN MARK</creator><creator>KUMAR AJITH</creator><creator>MARINESCU ADRIAN M</creator><creator>JARRETT MICHAEL SEAN</creator><scope>EVB</scope></search><sort><creationdate>20121122</creationdate><title>Discovering Malicious Input Files and Performing Automatic and Distributed Remediation</title><author>THOMAS ANIL FRANCIS ; KAPOOR VISHAL ; SEINFELD MARC E ; JOHNSON JOSEPH J ; FAULHABER JOSEPH L ; KELLER JONATHAN MARK ; KUMAR AJITH ; MARINESCU ADRIAN M ; JARRETT MICHAEL SEAN</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2012297488A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2012</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>THOMAS ANIL FRANCIS</creatorcontrib><creatorcontrib>KAPOOR VISHAL</creatorcontrib><creatorcontrib>SEINFELD MARC E</creatorcontrib><creatorcontrib>JOHNSON JOSEPH J</creatorcontrib><creatorcontrib>FAULHABER JOSEPH L</creatorcontrib><creatorcontrib>KELLER JONATHAN MARK</creatorcontrib><creatorcontrib>KUMAR AJITH</creatorcontrib><creatorcontrib>MARINESCU ADRIAN M</creatorcontrib><creatorcontrib>JARRETT MICHAEL SEAN</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>THOMAS ANIL FRANCIS</au><au>KAPOOR VISHAL</au><au>SEINFELD MARC E</au><au>JOHNSON JOSEPH J</au><au>FAULHABER JOSEPH L</au><au>KELLER JONATHAN MARK</au><au>KUMAR AJITH</au><au>MARINESCU ADRIAN M</au><au>JARRETT MICHAEL SEAN</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Discovering Malicious Input Files and Performing Automatic and Distributed Remediation</title><date>2012-11-22</date><risdate>2012</risdate><abstract>The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US2012297488A1
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Discovering Malicious Input Files and Performing Automatic and Distributed Remediation
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-28T13%3A52%3A35IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=THOMAS%20ANIL%20FRANCIS&rft.date=2012-11-22&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2012297488A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true