Patents by Inventor Jonathan L. Edwards
Jonathan L. Edwards has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230136586Abstract: An apparatus includes a memory that stores instructions; and a processing unit that executes the instructions to identify a created process, to receive a notification of a first event for an ancestor process and a notification for a second event for the created process, the notification of the first event indicating a first ActivityID and a first ID, the notification of the second event indicating a second ActivityID and a second ID, the first ID being different from the second ID, to perform a first determination that the created process was created by a component object model (COM) call, at least in part based on the second ID, and to perform a second determination that the ancestor process indirectly created the created process, at least in part based on the first and second ActivityIDs and the first determination.Type: ApplicationFiled: October 29, 2021Publication date: May 4, 2023Inventors: Manish Kumar, Jonathan L. Edwards
-
Publication number: 20220318377Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: trace, for a plurality of actions having different direct parent actors, a common responsible parent actor, wherein the instructions determine that the common responsible parent actor caused or directed the plurality of actions; compile a report of the plurality of actions, wherein the actions are grouped by the common responsible parent actor; send the report to a machine or human analysis agent; responsive to the report, receive from the analysis agent a remedial action; and execute the remedial action.Type: ApplicationFiled: March 31, 2021Publication date: October 6, 2022Applicant: McAfee, LLCInventors: Jonathan L. Edwards, David McCormack, Leandro Ignacio Costantino, Manish Kumar
-
Patent number: 11238154Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; and instructions encoded within the memory to instruct the processor to provide a security agent to: identify a malicious process; construct a genealogical process tree of the malicious process, the genealogical process tree including both vertical direct inheritance and horizontal indirect inheritance relationships; and terminate the malicious process and at least some related processes in the genealogical process tree.Type: GrantFiled: July 5, 2019Date of Patent: February 1, 2022Assignee: McAfee, LLCInventors: Jonathan L. Edwards, Saurabh Gautam, Dhananjay Kumar, Joel R. Spurlock
-
Publication number: 20210004458Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; and instructions encoded within the memory to instruct the processor to provide a security agent to: identify a malicious process; construct a genealogical process tree of the malicious process, the genealogical process tree including both vertical direct inheritance and horizontal indirect inheritance relationships; and terminate the malicious process and at least some related processes in the genealogical process tree.Type: ApplicationFiled: July 5, 2019Publication date: January 7, 2021Inventors: Jonathan L. Edwards, Saurabh Gautam, Dhananjay Kumar, Joel R. Spurlock
-
Patent number: 10691476Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor access to data in a secured area of memory at a hypervisor level, receive a request from a process to the data in the secured area, and deny the request if the process is not a trusted process. In an example, the electronic device is a point of sale device.Type: GrantFiled: June 27, 2015Date of Patent: June 23, 2020Assignee: McAfee, LLCInventors: Aditya Kapoor, Jonathan L. Edwards
-
Patent number: 10579544Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a request from a process to access data is a system, determine if the data is in a virtualized protected area of memory in the system, and allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process. The electronic device can also be configured to determine if new data should be protected, store the new data in the virtualized protected area of memory in the system if the new data should be protected, and store the new data in an unprotected area of memory in the system if the new data should not be protected.Type: GrantFiled: December 12, 2018Date of Patent: March 3, 2020Assignee: McAfee, LLCInventors: Joel R. Spurlock, Zheng Zhang, Aditya Kapoor, Jonathan L. Edwards, Khai N. Pham
-
Publication number: 20190155752Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a request from a process to access data is a system, determine if the data is in a virtualized protected area of memory in the system, and allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process. The electronic device can also be configured to determine if new data should be protected, store the new data in the virtualized protected area of memory in the system if the new data should be protected, and store the new data in an unprotected area of memory in the system if the new data should not be protected.Type: ApplicationFiled: December 12, 2018Publication date: May 23, 2019Applicant: McAfee, LLCInventors: Joel R. Spurlock, Zheng Zhang, Aditya Kapoor, Jonathan L. Edwards, Khai N. Pham
-
Patent number: 10162767Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a request from a process to access data is a system, determine if the data is in a virtualized protected area of memory in the system, and allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process. The electronic device can also be configured to determine if new data should be protected, store the new data in the virtualized protected area of memory in the system if the new data should be protected, and store the new data in an unprotected area of memory in the system if the new data should not be protected.Type: GrantFiled: June 27, 2015Date of Patent: December 25, 2018Assignee: McAfee, LLCInventors: Joel R. Spurlock, Zheng Zhang, Aditya Kapoor, Jonathan L. Edwards, Khai N. Pham
-
Patent number: 10083296Abstract: In an example, there is disclosed a computing apparatus having one or more logic elements providing a security agent operable for: detecting that a first process has launch a second process and placed the second process in a suspended state; detecting that the first process has modified or attempted to modify the second process; classifying the modification as potentially malicious; and taking a remedial action. There is also disclosed one or more computer-readable storage mediums having stored thereon executable instructions for providing the security agent, and a computer-executable method of providing the security agent.Type: GrantFiled: June 27, 2015Date of Patent: September 25, 2018Assignee: McAfee, LLCInventors: Aditya Kapoor, Joel R. Spurlock, Jonathan L. Edwards
-
Patent number: 10032024Abstract: A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event.Type: GrantFiled: March 28, 2016Date of Patent: July 24, 2018Assignee: McAfee, LLCInventors: Gregory W. Dalcher, Jonathan L. Edwards
-
Patent number: 9712545Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine when a peripheral is connected to the electronic device, determine a peripheral identification for the peripheral, and monitor the data going to and from the peripheral. Based on the monitored data, a type for the peripheral can be determine. The peripheral identification can be compared with the determined type for the peripheral and if they do not match, then communication to and from the peripheral can be blocked.Type: GrantFiled: December 23, 2014Date of Patent: July 18, 2017Assignee: McAfee, Inc.Inventors: Jonathan L. Edwards, Cedric Cochin, Aditya Kapoor
-
Patent number: 9565214Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.Type: GrantFiled: February 29, 2016Date of Patent: February 7, 2017Assignee: McAfee, Inc.Inventors: Aditya Kapoor, Jonathan L. Edwards, Craig Schmugar, Vladimir Konobeev, Michael Hughes
-
Publication number: 20160378979Abstract: In an example, there is disclosed a computing apparatus having one or more logic elements providing a security agent operable for: detecting that a first process has launch a second process and placed the second process in a suspended state; detecting that the first process has modified or attempted to modify the second process; classifying the modification as potentially malicious; and taking a remedial action. There is also disclosed one or more computer-readable storage mediums having stored thereon executable instructions for providing the security agent, and a computer-executable method of providing the security agent.Type: ApplicationFiled: June 27, 2015Publication date: December 29, 2016Applicant: McAfee, Inc.Inventors: Aditya Kapoor, Joel R. Spurlock, Jonathan L. Edwards
-
Publication number: 20160381051Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor a process, determine if the process is parsing to look for one or more system functions, and flag the process if the process is parsing to look for one or more system system functions. In an example, the process can be determined to be parsing to look for one or more system functions if the process parses portable executable headers to find and interpret dynamic link library tables. In another example, the process can be determined to be parsing to look for one or more system functions if the process calls GetProcAddress.Type: ApplicationFiled: June 27, 2015Publication date: December 29, 2016Applicant: McAfee, Inc.Inventors: Jonathan L. Edwards, Joel R. Spurlock
-
Publication number: 20160378685Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a request from a process to access data is a system, determine if the data is in a virtualized protected area of memory in the system, and allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process. The electronic device can also be configured to determine if new data should be protected, store the new data in the virtualized protected area of memory in the system if the new data should be protected, and store the new data in an unprotected area of memory in the system if the new data should not be protected.Type: ApplicationFiled: June 27, 2015Publication date: December 29, 2016Applicant: MCAFEE, INC.Inventors: Joel R. Spurlock, Zheng Zhang, Aditya Kapoor, Jonathan L. Edwards, Khai N. Pham
-
Publication number: 20160379003Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor access to data in a secured area of memory at a hypervisor level, receive a request from a process to the data in the secured area, and deny the request if the process is not a trusted process. In an example, the electronic device is a point of sale device.Type: ApplicationFiled: June 27, 2015Publication date: December 29, 2016Applicant: McAfee, Inc.Inventors: Aditya Kapoor, Jonathan L. Edwards
-
Publication number: 20160224792Abstract: A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event.Type: ApplicationFiled: March 28, 2016Publication date: August 4, 2016Applicant: McAfee, Inc.Inventors: Gregory W. Dalcher, Jonathan L. Edwards
-
Publication number: 20160182569Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.Type: ApplicationFiled: February 29, 2016Publication date: June 23, 2016Inventors: Aditya Kapoor, Jonathan L. Edwards, Craig Schmugar, Vladimir Konobeev, Michael Hughes
-
Publication number: 20160180087Abstract: Provided in some embodiments are systems and methods for remediating malware. Embodiments include receiving (from a process) a request to access data, determining that the process is an unknown process, providing the process with access to one or more data tokens in response to determining that the process is an unknown process, determining whether the process is engaging in suspicious activity with the one or more data tokens, and inhibiting execution of the process in response to determining that the process is engaging in suspicious activity with the one or more data tokens.Type: ApplicationFiled: December 23, 2014Publication date: June 23, 2016Inventors: Jonathan L. Edwards, Joel R. Spurlock, Aditya Kapoor, James Bean, Cedric Cochin, Craig D. Schmugar
-
Publication number: 20160182539Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine when a peripheral is connected to the electronic device, determine a peripheral identification for the peripheral, and monitor the data going to and from the peripheral. Based on the monitored data, a type for the peripheral can be determine. The peripheral identification can be compared with the determined type for the peripheral and if they do not match, then communication to and from the peripheral can be blocked.Type: ApplicationFiled: December 23, 2014Publication date: June 23, 2016Applicant: McAfee, Inc.Inventors: Jonathan L. Edwards, Cedric Cochin, Aditya Kapoor