Abstract: Methods and systems provide for detecting exploitation of kernel vulnerabilities which typically corrupt memory. The methods and systems are implemented, for example, via a host, which includes a hypervisor, which controls the operating system (OS) user space and the OS kernel space.
Type:
Grant
Filed:
September 16, 2019
Date of Patent:
October 20, 2020
Assignee:
Check Point Advanced Threat Prevention Ltd
Inventors:
Dani Frank, Yoav Alon, Aviv Gafni, Ben Omelchenko
Abstract: Methods and systems for the detection of receipt of potentially malicious web content by a web clients are disclosed. These methods and systems comprise elements of hardware and software for obtaining a sandbox environment on a server, wherein the sandbox is configured according to the system characteristics of the client device, emulating web requests and responses of the web client in the sandbox; and analyzing the behavior of components in the sandbox during processing of received web content.
Type:
Grant
Filed:
May 10, 2015
Date of Patent:
February 18, 2020
Assignee:
Check Point Advanced Threat Prevention Ltd
Inventors:
Aviv Gafni, Ben Omelchenko, Tamir Zegman
Abstract: Methods and systems provide for detecting exploitation of kernel vulnerabilities which typically corrupt memory. The methods and systems are implemented, for example, via a host, which includes a hypervisor, which controls the operating system (OS) user space and the OS kernel space.
Type:
Grant
Filed:
March 30, 2017
Date of Patent:
November 5, 2019
Assignee:
Check Point Advanced Threat Prevention Ltd.
Inventors:
Dani Frank, Yoav Alon, Aviv Gafni, Ben Omelchenko
Abstract: A method of inspecting content intended for a workstation to detect content that performs malicious exploits, including receiving the content for inspection at an inspection server using a processor and memory, loading a virtual machine at the inspection server with an operating system and processes for activating the content, wherein the operating system and processes are similar to those executed at the intended workstation, activating the content in the virtual machine, tracing activity of the virtual machine to form trace data by using features of the processor, wherein upon occurrence of an exception control is transferred to an analyzer that analyzes the trace data based on a context of the exception; and a notification is provided if suspicious activity is detected.
Type:
Grant
Filed:
August 27, 2015
Date of Patent:
November 28, 2017
Assignee:
Check Point Advanced Threat Prevention Ltd
Abstract: A method of inspecting content intended for a workstation to detect content that performs malicious exploits, including receiving the content for inspection at an inspection server using a processor and memory, loading a virtual machine at the inspection server with an operating system and processes for activating the content, wherein the operating system and processes are similar to those executed at the intended workstation, activating the content in the virtual machine, tracing activity of the virtual machine to form trace data by using features of the processor, wherein upon occurrence of an exception control is transferred to an analyzer that analyzes the trace data based on a context of the exception; and a notification is provided if suspicious activity is detected.
Type:
Grant
Filed:
July 17, 2014
Date of Patent:
May 31, 2016
Assignee:
CHECK POINT ADVANCED THREAT PREVENTION LTD