Patents Assigned to McAfee, LLC
-
Patent number: 11385951Abstract: There is disclosed in one example a network device, including: a hardware platform including at least a processor and a memory; a communication interface; and stored instructions on the memory to instruct the processor to provide a health monitoring engine (HME) configured to: communicatively couple to a network via the network interface; construct a reference template during a training period; observe watchdog behavior on the network during an observation period; identify an abnormality in the watchdog behavior including a substantial variance from the reference template; and trigger a resilience response to the substantial variance.Type: GrantFiled: January 29, 2019Date of Patent: July 12, 2022Assignee: McAfee, LLCInventors: Ned M. Smith, Thiago Jose Macieira, Zheng Zhang, Tobias M. Kohlenberg, Igor G. Muttik
-
Patent number: 11386205Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify a file, determine a polyglotness score for the file, where the polyglotness score is an indicator of whether or not the file is a polyglot file, and analyze the file for the presence of malware if the polyglotness score satisfies threshold.Type: GrantFiled: January 14, 2019Date of Patent: July 12, 2022Assignee: McAfee, LLCInventors: German Lancioni, Carl D. Woodward
-
Patent number: 11385879Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for dynamic extension of restricted software applications after an operating system mode switch. An example non-transitory computer readable storage medium comprising instructions that, when executed, cause a computing device to detect a switch from a restricted operating system to an unrestricted operating system, and in response to detecting the switch, invoke a dormant executable to install an unrestricted application in the unrestricted operating system.Type: GrantFiled: June 27, 2020Date of Patent: July 12, 2022Assignee: MCAFEE, LLCInventors: Shuborno Biswas, Siddaraya B. Revashetti, Junmin Qiu, Chris Roy, Bhavnesh Sharma, Li Xiao
-
Patent number: 11381597Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a uniform resource locator (URL) reputation store; a network interface; and instructions encoded within the memory to instruct the processor to: receive via the network interface a request for a reputation for a URL; query the URL reputation store and determine that the URL does not have a known reliable reputation; add the URL to a URL analysis queue; perform a rough analysis of the URL, and determine from the rough analysis that the URL potentially is for a phishing website; and move the URL ahead in the analysis queue.Type: GrantFiled: July 19, 2019Date of Patent: July 5, 2022Assignee: McAfee, LLCInventors: German Lancioni, Cedric Cochin
-
Patent number: 11381396Abstract: In one embodiment, an apparatus comprises a processor to execute instructions and having at least a first logic to execute in a trusted execution environment, a secure storage to store a platform group credential, and a first logical device comprising at least one hardware logic. The platform group credential may be dynamically provisioned into the apparatus and corresponding to an enhanced privacy identifier associated with the apparatus. The first logical device may have a first platform group private key dynamically provisioned into the first logical device and corresponding to an enhanced privacy identifier associated with the first logical device, to bind the first logical device to the apparatus. Other embodiments are described and claimed.Type: GrantFiled: February 20, 2020Date of Patent: July 5, 2022Assignee: MCAFEE, LLCInventors: Ned M. Smith, Sven Schrecker
-
Patent number: 11379583Abstract: Particular embodiments described herein provide for an electronic device that can be configured to analyze data related to a digital certificate and assign a reputation to the digital certificate, where the reputation includes an indication if the data is proper. The analysis of the data can include determining if code signing for the digital certificate matches binary code for the digital certificate, if the digital certificate has been grafted to the data by modifying a portable executable file header, or the digital certificate is the same as another trusted digital certificate associated with different data.Type: GrantFiled: March 30, 2020Date of Patent: July 5, 2022Assignee: McAfee, LLCInventors: Joel R. Spurlock, Ramnath Venugopalan
-
Patent number: 11375371Abstract: Methods, systems, and media for protected near-field communications are provided. In some embodiments, the method comprises: receiving, from an NFC tag device, a request for an NFC reader device identifier (ID); transmitting the NFC reader device ID to the NFC tag device; receiving an NFC tag device ID; determining whether the NFC tag device ID matches an NFC tag device ID stored in memory of the NFC reader device; in response to determining that the NFC tag device ID matches the NFC tag device ID, transmitting a password to the NFC tag device; receiving, from the NFC tag device, a shared secret; determining whether the received shared secret matches a shared secret stored in the memory of the NFC reader device; and in response to determining that the received shared secret matches the shared secret, causing an action to be performed by a device associated with the NFC reader device.Type: GrantFiled: January 16, 2020Date of Patent: June 28, 2022Assignee: McAfee, LLCInventor: Eoin Carroll
-
Publication number: 20220198011Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: receive a client event report, the client event report including an operating system event trace for an attempt to exploit a patched vulnerability, and first feature data for a malware object that made the attempt; receive second feature data for an unknown object; compare the first feature data to the second feature data; and if the second feature data match the first feature data above a threshold, convict the unknown object as malware.Type: ApplicationFiled: December 22, 2020Publication date: June 23, 2022Applicant: McAfee, LLCInventors: Amit Kumar, Prashanth Palasamudram Ramagopal, German Lancioni
-
Publication number: 20220200941Abstract: There is disclosed an example of one or more tangible, non-transitory computer-readable storage media, including instructions to: enumerate domain names newly registered in a time window; build a dictionary from the newly registered domain names; cluster the domain names, including performing a spell check with the dictionary to identify similar domain names; for a selected cluster, identify one or more domain names with an assigned reputation; and if a portion of assigned reputations exceeds a threshold of bad reputations, assign cluster-based bad reputations to domains in the cluster with unknown reputations.Type: ApplicationFiled: December 22, 2020Publication date: June 23, 2022Applicant: McAfee, LLCInventors: German Lancioni, John Wagener
-
Patent number: 11368435Abstract: A technique for determining the safety of the content of beacon transmissions. A user device extracts beacon identification information from a beacon transmission. The user device queries the beacon registry to obtain the targeted content. The user device provides the targeted content and beacon identification information to a validation service. The validation service evaluates the targeted content and the beacon identification information for safety. The validation service determines a score based on that evaluation and sends the score to the user device. The user device alerts the user or performs background actions such as suppression of transmission of beacon contextual data to other apps on user device based on the score.Type: GrantFiled: January 29, 2016Date of Patent: June 21, 2022Assignee: McAfee, LLCInventors: Siddaraya Revashetti, Priyadarshini Rao Rajan, Sulakshana Zambre, Saira Sunil, Susmita Nayak
-
Patent number: 11363058Abstract: A first storage device or first storage disk including first executable instructions that, when executed, cause a processor to at least: in response to determining a variable associated with a memory page that (1) has been loaded into local memory from a second storage device and (2) has been accessed from the local memory, has a first state, identify the memory page as a modified memory page, the memory page including second executable instructions. The first instructions also cause the processor to, in response to determining the second executable instructions of the modified memory page have been changed since a previous analysis of the modified memory page, perform anti-malware analysis of at least a portion of the modified memory page.Type: GrantFiled: March 23, 2020Date of Patent: June 14, 2022Assignee: MCAFEE, LLCInventors: Venkata Ramanan Sambandam, Carl D. Woodward, Dmitri Rubakha, Steven L. Grobman
-
Patent number: 11361072Abstract: A computing apparatus, including: a processor and a memory; a web browser; and a web exploit mitigation engine, including instructions within the memory to instruct the processor to: insert a script into an incoming webpage, the script including instructions to hook application programming interface (API) function calls of a scripting language, the API function calls for a plurality of functions commonly used by browser exploits; observe information passed by a running script to the plurality of API functions; correlate the called API functions to a malware model; detect a web page making the API function calls as containing a browser exploit according to the correlating; and act on the detecting.Type: GrantFiled: September 30, 2019Date of Patent: June 14, 2022Assignee: McAfee, LLCInventor: Debasish Mandal
-
Patent number: 11362999Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor and a memory; and executable instructions encoded in the memory to provide a client-only virtual private network (VPN) including a VPN client and a VPN server on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services via the VPN server.Type: GrantFiled: March 29, 2019Date of Patent: June 14, 2022Assignee: McAfee, LLCInventor: Lior Rudnik
-
Patent number: 11354417Abstract: A disclosed example apparatus includes memory; and at least one processor to execute first instructions, the first instructions obtained from first encrypted firmware, the at least one processor to: encrypt handoff data with an original equipment manufacturer key to generate encrypted handoff data; decrypt second encrypted firmware based on the original equipment manufacturer key to generate second instructions; and provide access to the encrypted handoff data to the second instructions, the second instructions to perform initialization of a computer based on the handoff data obtained from the encrypted handoff data.Type: GrantFiled: January 4, 2021Date of Patent: June 7, 2022Assignee: McAfee, LLCInventors: Jiewen Yao, Rangasai V. Chaganty, Xiang Ma, Ravi Poovalur Rangarajan, Rajesh Poornachandran, Nivedita Aggarwal, Giri P. Mudusuru, Vincent J. Zimmer, Satya P. Yarlagadda, Amy Chan, Sudeep Das
-
Patent number: 11356413Abstract: The present disclosure combines Software Defined Networks (SDN) concepts with Security concepts. The coordination between SDN and Security provides a myriad of advantageous use cases. One exemplary use case involves providing a fast path at network speeds using SDN by routing network traffic to bypass a security appliance once the security appliance determines that the security appliance no longer needs to inspect the network traffic. Another exemplary use case involves remote provisioning of security zones.Type: GrantFiled: February 21, 2020Date of Patent: June 7, 2022Assignee: McAfee, LLCInventors: Geoffrey Howard Cooper, John Richard Guzik
-
Patent number: 11349814Abstract: Disclosed examples include at least one processor; and memory including instructions that, when executed by the at least one processor, cause the at least one processor to install a configuration profile; activate an internal virtual private network service; and cause the internal virtual private network service to activate a local proxy.Type: GrantFiled: April 29, 2020Date of Patent: May 31, 2022Assignee: McAfee, LLCInventor: Mathieu Rene
-
Patent number: 11347853Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.Type: GrantFiled: September 16, 2019Date of Patent: May 31, 2022Assignee: MCAFEE, LLCInventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Dima Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
-
Patent number: 11347840Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for dynamic re-distribution of detection content and algorithms for exploit detection. An example apparatus includes at least one processor, and memory including instructions that, when executed, cause the at least one processor to deploy respective ones of a plurality of standard detection algorithms and content (SDACs) to respective ones of a first endpoint and a second endpoint, deploy a first set of enhanced detection algorithms and content (EDACs) to the first endpoint, deploy a second set of the EDACs to the second endpoint, the second set of EDACs different from the first set of EDACs, and in response to obtaining a notification indicative of an exploit attack from the first endpoint, distribute the first set of EDACs to the second endpoint to facilitate detection of the exploit attack at the second endpoint.Type: GrantFiled: July 30, 2019Date of Patent: May 31, 2022Assignee: MCAFEE, LLCInventors: Alex Nayshtut, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew A. Furtak
-
Patent number: 11347848Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.Type: GrantFiled: September 16, 2019Date of Patent: May 31, 2022Assignee: McAfee, LLCInventors: Dattatraya Kulkarni, Srikanth Nalluri, Kamlesh Halder, Venkatasubrahmanyam Krishnapur, Sailaja K. Shankar, Kaushal Kumar Dhruw
-
Patent number: 11336613Abstract: Mechanisms for controlling traffic to an Internet of Things (IoT) device are provided, the mechanisms comprising: identifying a first IoT device having an Internet Protocol (IP) address and a Media Access Control (MAC) address; sending a first Address Resolution Protocol (ARP) broadcast on a local area network (LAN) indicating that the IP address of the first IoT device is to be associated with a MAC address of a router on the LAN; receiving first traffic on the LAN; extracting the IP Address of the first IoT device from the first traffic; determining that the first traffic is allowed; and forwarding the first traffic to the first IoT device by inserting the MAC address of the first IoT device in the first traffic and re-broadcasting the first traffic.Type: GrantFiled: November 13, 2020Date of Patent: May 17, 2022Assignee: McAfee, LLCInventor: Sameer D. Karkhanis