Abstract: Embodiments of the present disclosure are directed to a self-check application to determine whether an indirect branch execution is permissible for an executable application. The self-check application uses one or more parameters received from an execution profiling module to determine whether the indirect branch execution is permitted by one or more self-check policies.
Abstract: Providing peer-to-peer network security includes collecting, by a local trusted network device, local trust data related to behavior of the local trusted network device, receiving, by one or more remote trusted network devices, additional trust data for the local trusted network device, calculating a combined trust score for the local trusted network device based on the local trust data and additional trust data, and modifying activity of the local trusted network device based on the combined trust score.
Type:
Grant
Filed:
June 26, 2015
Date of Patent:
July 17, 2018
Assignee:
McAfee, LLC
Inventors:
Omer Ben-Shalom, Alex Nayshtut, Oleg Pogorelik, Igor Muttik
Abstract: In an example, a system and method for real-time mobile security posture updates is provided. A mobile device management (MDM) agent may run on the mobile device, and may register with the operating system one or more mobile security posture change events that may affect the mobile security posture. These may include, for example, installation of an MDM agent, uninstallation of a program, connecting to a secured or unsecured network, or similar. When any such event occurs, the OS lodges the event with the MDM agent, which then communicates with an MDM server engine to potentially receive new security instructions. Lodging the event may include providing a joint user-and-device authentication to the MDM server, such as via SAML.
Abstract: Technologies for verification include storage with private keys, wherein each private key is associated with a group affiliation. The storage also includes characteristic information about an apparatus. The technologies also include a wireless interface configured to receive a request from a reader for verification of membership of the apparatus within a group affiliation. The technologies further include a controller with programmable logic for configuring the controller to determine whether to verify membership of the apparatus within a given group affiliation. The controller is also configured to verify membership of the apparatus within the given group affiliation by signing data with a private key associated with the given group affiliation. The signed data is sent to the reader. Membership within the given group affiliation conveys a subset of the characteristic information.
Type:
Grant
Filed:
December 23, 2015
Date of Patent:
July 10, 2018
Assignee:
McAfee, LLC
Inventors:
Ned Smith, Sven Schrecker, Willard Wiseman, David Clark, Jennifer Gilburg De Magnin, Howard Herbert
Abstract: A method and computer executable program code are disclosed for performing one or more maintenance tasks on a remotely located computer connected to a server computer via a data network.
Abstract: In one embodiment, a system including one or more hardware processors is: to receive a user request to access a website; sign a nonce with at least some of the plurality of group private keys, the at least some of the plurality of group private keys corresponding to personalization attributes of the website; and send the signed nonce to a web server to enable personalized interaction with the web server. Other embodiments are described and claimed.
Type:
Grant
Filed:
December 7, 2015
Date of Patent:
June 26, 2018
Assignee:
McAfee, LLC
Inventors:
Ned M. Smith, Sven Schrecker, Howard C. Herbert
Abstract: There is disclosed in one example a computing apparatus, including: an interface to a backup source in a current state; a backup storage having stored thereon a first backup version of a previous state of the source; and a backup engine to: compute a delta between the current state and the previous state; save via the backup storage a second backup version sufficient to reconstruct the current state; and assign the second backup version a reputation relative to one or more previous backup versions.
Type:
Application
Filed:
December 19, 2016
Publication date:
June 21, 2018
Applicant:
McAfee, LLC
Inventors:
Igor G. Muttik, Simon Hunt, Cedric Cochin, Craig D. Schmugar, Robert Leong, Christiaan Beek, Yury Bulygin
Abstract: A method, system, and computer program product for protecting a computer system provides bootstrap operating system detection and recovery and provides the capability to detect malware, such as rootkits, before the operating system has been loaded and provides the capability to patch malfunctions that block the ability of the computer system to access the Internet. A method for protecting a computer system includes reading stored status information indicating whether network connectivity was available the last time an operating system of the computer system was operational, when the stored status information indicates that network connectivity was not available, obtaining a software patch, and executing and applying the software patch.
Abstract: A system and method for securing data in mobile devices (104) includes a computing mode (102) and a plurality of mobile devices (104). A node security program (202) executed in the computing node (102) interfaces with a device security program (204) executed at a mobile device (104). The computing node (102) is responsible for managing the security based on a node security profile (208) interpreted by a node security program (202) executed in the computing node (102). A device discovery method and arrangement (106) also detects and locates various information (120) about the mobile devices (104) based on a scan profile (206).
Abstract: Providing detection of computing application malfunctions by performing at least the following: collecting a plurality of computing events that correspond to a computing application and a plurality of addresses associated with the plurality of computing events, generating an event trace that comprises the plurality of computing events and the plurality of addresses, constructing at least one sample fingerprint that represents a current behavior of the computing application using at least the event trace, comparing the at least one sample fingerprint with a behavior model that represents an expected operation of the computing application; and determining whether the computing application is malfunctioning based upon the comparison of the at least one sample fingerprint and the behavioral model.
Type:
Grant
Filed:
December 22, 2015
Date of Patent:
June 12, 2018
Assignee:
McAfee, LLC
Inventors:
Vadim Sukhomlinov, Kshitij A. Doshi, Alex Nayshtut, Igor Muttik
Abstract: In an example, a computing device includes a trusted execution environment (TEE), including an enclave. The enclave may include both a binary translation engine (BTE) and an input verification engine (IVE). In one embodiment, the IVE receives a trusted binary as an input, and analyzes the trusted binary to identify functions, classes, and variables that perform input/output operations. To ensure the security of these interfaces, those operations may be performed within the enclave. The IVE tags the trusted binary and provides the binary to the BTE. The BTE then translates the trusted binary into a second format, including designating the tagged portion for execution within the enclave. The BTE may also sign the new binary in the second format and export it out of the enclave.
Type:
Grant
Filed:
December 27, 2014
Date of Patent:
June 12, 2018
Assignee:
McAfee, LLC
Inventors:
Ned M. Smith, Dmitri Rubakha, Samir Shah, Jason Martin, Micah J. Sheller, Somnath Chakrabarti, Bin Xing
Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only. The code pages can be remapped as execute only in an alternate extended page table view.
Type:
Application
Filed:
January 31, 2018
Publication date:
June 7, 2018
Applicant:
McAfee, LLC
Inventors:
Ravi Sahita, Lu Deng, Vedvyas Shanbhogue, Lixin Lu, Alexander Shepsen, Igor Tatourian
Abstract: An apparatus, method, computer readable storage medium are provided in one or more examples and comprise accessing an application, identifying an access token of the application, determining if the access token is a system token, and responsive to the access token failing to be a system token, enabling a runtime module.
Type:
Grant
Filed:
November 13, 2015
Date of Patent:
June 5, 2018
Assignee:
McAfee, LLC
Inventors:
Bing Sun, Chong Xu, Jeff Hetzler, Zheng Bu
Abstract: Systems, apparatus, computer-readable media, and methods to provide filtering and/or search based at least in part on semantic representations of words in a document subject to the filtering and/or search are disclosed. Furthermore key words for conducting the filtering and/or search, such as taboo words and/or search terms, may be semantically compared to the semantic representation of the words in the document. A common semantic vector space, such as a base language semantic vector space, may be used to compare the key word semantic vectors and the semantic vectors of the words of the document, regardless of the native language in which the document is written or the language in which the key words are provided.
Type:
Grant
Filed:
September 18, 2015
Date of Patent:
May 29, 2018
Assignee:
McAfee, LLC
Inventors:
Edward Dixon, Marcin Dziduch, Craig Olinsky
Abstract: Particular embodiments described herein provide for an electronic device that can be configured to execute an application in a system with an operating system, perform event tracing for the application, analyze each instruction pointer from the event tracing, and determine if an instruction pointer points to an orphan page of memory. The orphan page can be a region of code that is not associated with the application, a region of code that is unidentified, or unusual code that is not associated with the application. In addition, the event tracing can be an embedded application that is part of the operating system.
Abstract: A technique for hardening the entry of user credentials in web sites is described. A headless web browser authenticates the user to a target web site with credentials previously stored in a secure database, and generates a session cookie. The headless browser provides the session cookie to the user's web browser, allowing the user to continue the session established by the headless browser.
Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a function call for a function, determine a current stack pointer value for the function call, and determine if the current stack pointer value is within a pre-defined range. The electronic device can include a stack pivoting logging module to log a plurality of function calls. The electronic device can also include a stack pivoting detection module to analyze the log of the plurality of function calls to determine, for each of the plurality of function calls, if the current stack pointer value is within a pre-defined range.
Abstract: A graymail detection and filtering system predicts whether a user will consider an email to be graymail using a classifier model based on features extracted from the email. The email is labelled as graymail or non-graymail based on the prediction. User actions are tracked on the email to determine whether the user actually considered the email to be graymail or non-graymail and the classifier model is trained using machine learning techniques to improve the prediction, without requiring explicit user feedback on whether the user considered the email to be graymail or non-graymail.
Type:
Grant
Filed:
August 9, 2016
Date of Patent:
April 24, 2018
Assignee:
McAfee, LLC
Inventors:
Paras Nigam, Mohammed Mohsin Dalla, Dilip Kumar Gudimetla