Patents by Inventor Craig Schmugar
Craig Schmugar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11580219Abstract: A technique for detecting malware involves loading known malware information, finding a string in the known malware information, saving the string in a first database, identifying a first contiguous string block from the known malware information, assigning a confidence indicator to the first contiguous string block, attempting to find the first contiguous string block in a second database containing one or more contiguous string blocks extracted from known malware, and responsive to a determination the first contiguous string block meets a predetermined threshold of similarity with a second contiguous string block contained in the second database, labelling the first contiguous string block.Type: GrantFiled: January 25, 2018Date of Patent: February 14, 2023Assignee: McAfee, LLCInventors: Craig Schmugar, Zheng Zhang, John Teddy, Michael Hughes
-
Patent number: 11528291Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for defending against exploitation of vulnerable software. An example apparatus comprises an inventory controller to identify a vulnerable application corresponding to one or more files including a security defect, an origination identifying generator to identify an origination source of incoming data, the origination source tagged as suspicious, a workload analyzing controller to query, in response to the suspicious origination source, an inventory datastore to determine if the incoming data is to be accessed by the vulnerable application, and a policy application executor to, in response to determining the incoming data is to be accessed by the vulnerable application, apply a policy action to the vulnerable application to protect the vulnerable application from exposing the security defect to malicious data in the incoming data.Type: GrantFiled: November 25, 2019Date of Patent: December 13, 2022Assignee: McAfee, LLCInventors: Jyothi Mehandale, Craig Schmugar
-
Publication number: 20220318383Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed. An example apparatus includes at least one memory, instructions; and processor circuitry to execute the instructions to train a neural network with a plurality of raw byte data samples, perform feature extraction on ones of the plurality of raw byte data samples, determine whether ones of the plurality of raw byte data samples are clean or malicious using the extracted features, and determine a family of malware to which an identified malicious sample belongs.Type: ApplicationFiled: April 5, 2022Publication date: October 6, 2022Inventors: Yonghong Huang, Steven Grobman, Jonathan King, Craig Schmugar, Abhishek Karnik, Celeste Fralick, Vitaly Zaytsev
-
Publication number: 20220131896Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; a userspace application store including a plurality of userspace applications, wherein at least some of the userspace applications are programmed to communicate via the network interface; and instructions encoded within the memory to: enumerate social connections of a user via the userspace applications; assign the social connections to virtual groups according, at least in part, to correlated connection services; assign data transfer policies to the virtual groups; detect an attempted data transfer to a social connection; and enforce the data transfer policy for a virtual group of the social connection of the attempted data transfer.Type: ApplicationFiled: October 26, 2020Publication date: April 28, 2022Applicant: McAfee, LLCInventors: Craig Schmugar, David Allen Marcus, Erwin R. Corpuz, Matthew J. Hodyno, Jonathan Lee Prather
-
Patent number: 11244047Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface to communicatively couple to a backup client; a storage to receive backup data from the client, including a plurality of versions and an associated reputation for each version, the associated reputation to indicate a probability that the version is valid; and instructions encoded within the memory to instruct the processor to: receive from the backup client a request to store a new version of the backup data; determine that the client has exceeded a backup threshold; identify a backup version having a lowest reputation for validity; and expunge the backup version having the lowest reputation for validity.Type: GrantFiled: September 23, 2019Date of Patent: February 8, 2022Assignee: McAfee, LLCInventors: Igor Muttik, Simon Hunt, Cedric Cochin, Craig Schmugar, Robert Leong, Christiaan Beek, Yury Bulygin
-
Patent number: 11232199Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to defend against dynamic-link library (DLL) side-loading attacks. An example apparatus includes a fingerprint generator to determine a first DLL fingerprint of a first DLL stored at a first OS path referenced by an operating system (OS) event generated by a computing device, and, in response to determining that a second DLL having the same name as the first DLL is stored at a second OS path superseding the first OS path, determine a second DLL fingerprint of the second DLL, a fingerprint comparator to determine whether at least one of the first or the second DLL fingerprint satisfies a deviation threshold based on a comparison of the first and the second DLL fingerprint to a reference DLL fingerprint, and a security action enforcer to execute a security action to protect a computing device from an attack.Type: GrantFiled: December 27, 2019Date of Patent: January 25, 2022Assignee: MCAFEE, LLCInventors: Craig Schmugar, Jyothi Mehandale
-
Patent number: 11176249Abstract: There is disclosed in one example a computing apparatus, including: a network interface; a hardware platform, including at least a processor and a memory; and instructions encoded in the memory to instruct the processor to: identify an executable object to be run on the apparatus, the executable object to provision a plurality of local files or objects with unknown local reputations; query via the network interface a remote service with an identification of the executable object; responsive to the query, receive from the remote service a reputation batch for the local files or object; and selectively permit installation of the executable object and/or the plurality of local files or objects based at least in part on individual reputations within the reputation batch.Type: GrantFiled: March 28, 2019Date of Patent: November 16, 2021Assignee: McAfee, LLCInventors: Craig Schmugar, Jyothi Mehandale
-
Publication number: 20210200867Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to defend against dynamic-link library (DLL) side-loading attacks. An example apparatus includes a fingerprint generator to determine a first DLL fingerprint of a first DLL stored at a first OS path referenced by an operating system (OS) event generated by a computing device, and, in response to determining that a second DLL having the same name as the first DLL is stored at a second OS path superseding the first OS path, determine a second DLL fingerprint of the second DLL, a fingerprint comparator to determine whether at least one of the first or the second DLL fingerprint satisfies a deviation threshold based on a comparison of the first and the second DLL fingerprint to a reference DLL fingerprint, and a security action enforcer to execute a security action to protect a computing device from an attack.Type: ApplicationFiled: December 27, 2019Publication date: July 1, 2021Inventors: Craig Schmugar, Jyothi Mehandale
-
Publication number: 20210160272Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for defending against exploitation of vulnerable software. An example apparatus comprises an inventory controller to identify a vulnerable application corresponding to one or more files including a security defect, an origination identifying generator to identify an origination source of incoming data, the origination source tagged as suspicious, a workload analyzing controller to query, in response to the suspicious origination source, an inventory datastore to determine if the incoming data is to be accessed by the vulnerable application, and a policy application executor to, in response to determining the incoming data is to be accessed by the vulnerable application, apply a policy action to the vulnerable application to protect the vulnerable application from exposing the security defect to malicious data in the incoming data.Type: ApplicationFiled: November 25, 2019Publication date: May 27, 2021Inventors: Jyothi Mehandale, Craig Schmugar
-
Publication number: 20200311259Abstract: There is disclosed in one example a computing apparatus, including: a network interface; a hardware platform, including at least a processor and a memory; and instructions encoded in the memory to instruct the processor to: identify an executable object to be run on the apparatus, the executable object to provision a plurality of local files or objects with unknown local reputations; query via the network interface a remote service with an identification of the executable object; responsive to the query, receive from the remote service a reputation batch for the local files or object; and selectively permit installation of the executable object and/or the plurality of local files or objects based at least in part on individual reputations within the reputation batch.Type: ApplicationFiled: March 28, 2019Publication date: October 1, 2020Applicant: McAfee, LLCInventors: Craig Schmugar, Jyothi Mehandale
-
Publication number: 20200314126Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a contextual reputation store; and instructions encoded within the memory to provision a security agent configured to: create a user persona in the contextual reputation store based at least in part on the user's interaction with the computing apparatus; compute a persona-weighted reputation for an action and store the persona-weighted reputation action to the contextual reputation store; intercept a user action on the computing apparatus; determine a current user persona; determine from the contextual reputation store a persona-weighted reputation for the user action; and take a security action based at least in part on the persona-weighted reputation for the user action.Type: ApplicationFiled: March 27, 2019Publication date: October 1, 2020Applicant: McAfee, LLCInventors: Craig Schmugar, Robert Leong
-
Patent number: 10726129Abstract: A technique for detecting malware looks at startup hooks that may be created by malware to assist in ensuring that the malware is started upon a reboot of a programmable device. After enumerating startup hooks in the system, startup hooks associated with untrusted executables are deleted. If the startup hook is restored, that is an indication that the untrusted executable may be malware. An indication may then be passed to an anti-malware software to analyze the executable further.Type: GrantFiled: April 18, 2019Date of Patent: July 28, 2020Assignee: McAfee, LLCInventors: Craig Schmugar, John Teddy, Cedric Cochin
-
Publication number: 20200034532Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface to communicatively couple to a backup client; a storage to receive backup data from the client, including a plurality of versions and an associated reputation for each version, the associated reputation to indicate a probability that the version is valid; and instructions encoded within the memory to instruct the processor to: receive from the backup client a request to store a new version of the backup data; determine that the client has exceeded a backup threshold; identify a backup version having a lowest reputation for validity; and expunge the backup version having the lowest reputation for validity.Type: ApplicationFiled: September 23, 2019Publication date: January 30, 2020Applicant: McAfee, LLCInventors: Igor Muttik, Simon Hunt, Cedric Cochin, Craig Schmugar, Robert Leong, Christiaan Beek, Yury Bulygin
-
Publication number: 20190243975Abstract: A technique for detecting malware looks at startup hooks that may be created by malware to assist in ensuring that the malware is started upon a reboot of a programmable device. After enumerating startup hooks in the system, startup hooks associated with untrusted executables are deleted. If the startup hook is restored, that is an indication that the untrusted executable may be malware. An indication may then be passed to an anti-malware software to analyze the executable further.Type: ApplicationFiled: April 18, 2019Publication date: August 8, 2019Inventors: Craig Schmugar, John Teddy, Cedric Cochin
-
Publication number: 20190228151Abstract: A technique for detecting malware involved loading known malware information, finding a string in the known malware information, saving the string in a first database, identifying a first contiguous string block from the known malware information, assigning a confidence indicator to the first contiguous string block, attempting to find the first contiguous string block in a second database containing one or more contiguous string blocks extracted from known malware, and labelling the first contiguous string block, responsive to a determination the first contiguous string block meets a predetermined threshold of similarity with a second contiguous string block contained in the second database.Type: ApplicationFiled: January 25, 2018Publication date: July 25, 2019Inventors: Craig Schmugar, Zheng Zhang, John Teddy, Michael Hughes
-
Patent number: 10303876Abstract: A technique for detecting malware looks at startup hooks that may be created by malware to assist in ensuring that the malware is started upon a reboot of a programmable device. After enumerating startup hooks in the system, startup hooks associated with untrusted executables are deleted. If the startup hook is restored, that is an indication that the untrusted executable may be malware. An indication may then be passed to an anti-malware software to analyze the executable further.Type: GrantFiled: December 27, 2016Date of Patent: May 28, 2019Assignee: McAfee, LLCInventors: Craig Schmugar, John Teddy, Cedric Cochin
-
Publication number: 20180181753Abstract: A technique for detecting malware looks at startup hooks that may be created by malware to assist in ensuring that the malware is started upon a reboot of a programmable device. After enumerating startup hooks in the system, startup hooks associated with untrusted executables are deleted. If the startup hook is restored, that is an indication that the untrusted executable may be malware. An indication may then be passed to an anti-malware software to analyze the executable further.Type: ApplicationFiled: December 27, 2016Publication date: June 28, 2018Inventors: Craig Schmugar, John Teddy, Cedric Cochin
-
Publication number: 20180181761Abstract: Assessing ransomware impact includes receiving an indication of a first plurality of files stored on a user device and a classification for each of the first plurality of files, determining a second plurality of files stored in a remote storage, wherein the second plurality of files corresponds to an indication of files stored on the user device at a first prior time, wherein each of the second plurality of files are associated with a second classification, determining a third plurality of files comprising files included in the first plurality of files and not included in the second plurality of files, and calculating a risk assessment based on classifications for each of the third plurality of files.Type: ApplicationFiled: December 28, 2016Publication date: June 28, 2018Inventors: Bidan Sinha, Arun Chundiriyil Pullat, Arpit Pradhan, German Lancioni, Priyadarshini Rao Rajan, Cedric Cochin, Craig Schmugar
-
Patent number: 9565214Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.Type: GrantFiled: February 29, 2016Date of Patent: February 7, 2017Assignee: McAfee, Inc.Inventors: Aditya Kapoor, Jonathan L. Edwards, Craig Schmugar, Vladimir Konobeev, Michael Hughes
-
Publication number: 20160182569Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.Type: ApplicationFiled: February 29, 2016Publication date: June 23, 2016Inventors: Aditya Kapoor, Jonathan L. Edwards, Craig Schmugar, Vladimir Konobeev, Michael Hughes