Patents Assigned to Symantec Corporation
  • Patent number: 10262353
    Abstract: A method for estimating mobile device performance is provided. The method includes accessing device information, application information and usage information from a plurality of mobile devices and receiving a user selection that indicates a type of mobile device and one or more applications. The method includes determining an impact the one or more applications cause to the selected type of mobile device, in terms of resources of the selected type of mobile device, based on the user selection and based on the device information, application information and usage information from the plurality of mobile devices. The method includes communicating information about the impact, in terms of the resources of the selected type of mobile device. A computer readable media and a system are also provided.
    Type: Grant
    Filed: February 13, 2015
    Date of Patent: April 16, 2019
    Assignee: SYMANTEC CORPORATION
    Inventor: Praveen Joginapally
  • Patent number: 10262135
    Abstract: The disclosed computer-implemented method for detecting and addressing suspicious file restore activities may include (i) detecting a restore activity during which files are restored to a client device from a previously stored backup of the files, (ii) determining that a total number of the files restored during the restore activity exceeds a threshold number, and (iii) performing, based on the total number of the files exceeding the threshold number, a security action to protect the client device from a malicious threat associated with the restore activity. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: April 16, 2019
    Assignee: Symantec Corporation
    Inventors: Lei Gu, Ilya Sokolov, Haik Mesropian
  • Patent number: 10264020
    Abstract: A computer-implemented method for scalable network monitoring in virtual data centers may include (1) identifying a plurality of network monitoring agents executing on a plurality of virtual machine host systems within a virtual data center, (2) intercepting, at a receiving virtual machine host system, a traffic flow within a virtual network within the virtual data center, (3) determining a processor load on each of the plurality of virtual machine host systems, (4) selecting, based on the processor load on the receiving virtual machine host system exceeding an established threshold, an alternate virtual machine host system that executes a second network monitoring agent for inspecting the traffic flow, and (5) limiting the processor load on the receiving virtual machine host system by designating the second network monitoring agent executing on the alternate virtual machine host system to inspect the traffic flow. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: February 5, 2015
    Date of Patent: April 16, 2019
    Assignee: Symantec Corporation
    Inventors: Susanta K. Nanda, Yuqiong Sun
  • Patent number: 10262131
    Abstract: The disclosed computer-implemented method for obtaining information about security threats on endpoint devices may include (1) detecting, by a security program on a computing device, an attempt to access at least one suspicious file, (2) before permitting the computing device to access the suspicious file, identifying, by the security program, at least one third-party resource not associated with the security program that contains information potentially indicative of the trustworthiness of the suspicious file, (3) obtaining, by the security program from the third-party resource, the information potentially indicative of the trustworthiness of the suspicious file, and then (4) determining, by the security program based at least in part on the information potentially indicative of the trustworthiness of the suspicious file, whether the suspicious file represents a security threat to the computing device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 6, 2016
    Date of Patent: April 16, 2019
    Assignee: Symantec Corporation
    Inventors: Priti More, Kovid Agarwal, Sujit Magar
  • Patent number: 10262137
    Abstract: A method for providing security recommendations is described. In one embodiment, the method may include identifying a set of monitored customers. In some cases, each monitored customer may include one or more computing devices. The method may include identifying a first computing device of a monitored customer for evaluation, selecting a potential security product to install on the first computing device, and quantifying the ability of the monitored customer to detect or prevent malware incidents based at least in part on the selected potential security product.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: April 16, 2019
    Assignee: Symantec Corporation
    Inventors: Michael Hart, Kevin Alejandro Roundy, Shang-Tse Chen, Christopher Gates
  • Patent number: 10255435
    Abstract: The disclosed computer-implemented method for establishing a reputation for related program files may include (1) identifying a set of related program files, where each program file includes one or more common metadata field values and the values of the metadata fields are set by a program development tool, (2) identifying one or more of the set of related program files as malicious, (3) determining that a proportion of malicious files in the set of related program files is above a threshold, and (4) in response to determining that the proportion of malicious files is above the threshold, associating a negative reputation with the metadata field values. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: February 18, 2016
    Date of Patent: April 9, 2019
    Assignee: Symantec Corporation
    Inventors: Vishal Kamble, Himanshu Dubey, Tausif Kazi
  • Patent number: 10257202
    Abstract: The disclosed computer-implemented method for logging users out of online accounts may include (i) receiving, from a first computing device of a user, a request from the user to log into an online account hosted by an online platform, (ii) establishing, between the online platform and a second computing device of the user, a network session that both (a) verifies the identity of the user to the online platform and (b) at least partially disrupts the functionality of the second computing device, (iii) logging the user into the online account via the first computing device, (iv) detecting a request from the user to log out of the online account, and then (v) in response to the request to log out of the online account, (a) restoring full functionality of the second computing device by terminating the network session and (b) logging the user out of the online account.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: April 9, 2019
    Assignee: Symantec Corporation
    Inventors: Kevin Jiang, Ilya Sokolov, Rickey Ray
  • Patent number: 10257229
    Abstract: The disclosed computer-implemented method for verifying users based on user motion may include (1) instructing a user of a mobile device to physically move in a prescribed manner, (2) receiving information, collected by one or more sensors associated with the mobile device, describing physical movement performed by the user after the user receives the instruction, (3) determining, upon receiving the information, that the user's physical movement matches the prescribed movement, and (4) verifying the user in response to determining that the user's physical movement matches the prescribed movement. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 17, 2016
    Date of Patent: April 9, 2019
    Assignee: Symantec Corporation
    Inventors: Chengi Kuo, Petrus J. Viljoen
  • Patent number: 10248787
    Abstract: The disclosed computer-implemented method for determining reputations of files may include (i) identifying, on an endpoint device, a loadpoint data entry created by a file installed on the endpoint device that directs an operating system of the endpoint device to execute the file during boot up operations of the endpoint device, (ii) determining a reputation of the loadpoint data entry, (iii) detecting, on an additional endpoint device, an attempt to install a suspicious file with a loadpoint data entry at least partially similar to the loadpoint data entry of the file installed on the endpoint device, (iv) determining a reputation of the suspicious file based on the reputation of the loadpoint data entry of the file installed on the endpoint device, and (v) protecting the additional endpoint device from security threats by performing a security action on the suspicious file based on the reputation of the suspicious file.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: April 2, 2019
    Assignee: Symantec Corporation
    Inventor: Sujit Magar
  • Patent number: 10250588
    Abstract: The disclosed computer-implemented method for determining reputations of digital certificate signers may include (i) identifying a group of endpoint devices that have accessed files to which a digital certificate signer has attached digital certificates that assert the files are legitimate, (ii) determining, for each endpoint device, whether a security state of the endpoint device is compromised or uncompromised based on a security analysis of computing events detected on the endpoint device, (iii) classifying the digital certificate signer as potentially malicious by determining that the files were accessed more frequently by endpoint devices with compromised security states than by endpoint devices with uncompromised security states, and (iv) protecting a security state of an additional endpoint device by preventing the additional endpoint device from accessing a file with a digital certificate signed by the digital certificate signer.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: April 2, 2019
    Assignee: Symantec Corporation
    Inventors: Shayak Tarafdar, Sunil Kumar, Pratik Vagyani
  • Patent number: 10250617
    Abstract: A computer-implemented method for detecting malware using machine learning may include (1) identifying data to be analyzed for malware, (2) classifying, using a classifier created by a combination of at least one deep learning neural network and at least one supervised data mining method, the data to be analyzed for malware, (3) determining, based on a predefined threshold, that the classification of the data indicates potential malware on the computing device, and (4) performing a security action based on the determination of potential malware on the computing device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 22, 2015
    Date of Patent: April 2, 2019
    Assignee: Symantec Corporation
    Inventors: Andrew Gardner, Walter Bogorad, Jun Mao
  • Patent number: 10248769
    Abstract: The disclosed computer-implemented method for authenticating users on touchscreen devices may include (i) detecting that the computing device is at an authentication step that requires valid authentication input from a user in order to authenticate the user to a service on the computing device, (ii) detecting that the computing device is physically oriented such that a touchscreen of the computing device is facing away from the user of the computing device, (iii) receiving input from the user via the touchscreen, (iv) determining that the input from the user comprises a mirrored version of the valid authentication input that is flipped along a vertical axis relative to the touchscreen, and (v) authenticating the user to the service in response to determining that the input comprises the mirrored version of the valid authentication input. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: April 2, 2019
    Assignee: Symantec Corporation
    Inventors: Kevin Jiang, Ilya Sokolov
  • Patent number: 10248797
    Abstract: Systems and methods for Zero-day Data Loss Protection (DLP) having enhanced file upload processing are provided. One method may include capturing and sending file upload context (e.g. folder name, metadata, an active URL, etc.) associated with the scheduled file or folder upload to a DLP filesystem driver. For example, the method may include detecting whether a single/multi-file upload, a folder upload, or a drag-and-drop operation exists, through interception of the shell dialog API, the browse folder API, or the drop process interface, respectively. Further, the method may include generating a file upload cache including the file upload context, prior classification entries, and a timestamp indicating when the scheduled file or folder upload was last modified; such that, the DLP filesystem driver may intercept and process the file open call based upon the file upload cache. Accordingly, the file may be processed in accordance with a prior file classification, file/domain filter, or DLP policy.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: April 2, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Ameet Shinde, Eftiquar Shaikh, Rupesh Khetawat, Jogesh Sharma, Amit Dhotre
  • Patent number: 10243963
    Abstract: The disclosed computer-implemented method for generating device-specific security policies for applications may include (1) installing, onto a computing device, an application requested by the computing device, (2) while the application is running on the computing device, monitoring interactions between the application and a computing environment in which the computing device operates to identify (A) computing resources within the computing environment required by the application and (B) potential security concerns related to the application within the computing environment, and then (3) generating, based on the monitored interactions, a set of device-specific security policies to enforce for the application while the application runs on the computing device that allow the application to access the required computing resources while mitigating the potential security concerns. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: March 26, 2019
    Assignee: Symantec Corporation
    Inventors: Azzedine Benameur, Nathan Evans, Yun Shen
  • Patent number: 10243977
    Abstract: Automatically detecting a malicious file using name mangling strings. In one embodiment, a method may include (a) identifying a file, (b) identifying name mangling strings in the file, (c) concatenating the name mangling strings together, (d) hashing the concatenated name mangling strings to generate a signature for the file, (e) clustering the file with other files with matching signatures into a cluster, (f) determining that any of the files in the cluster is malicious, (g) adding the signature to a list of signatures of files known to be malicious, (f) identifying a network device file stored on a network device, (g) repeating (b)-(d) on the network device file, (h) determining that the signature for the network device file matches any signature in the list of signatures of files known to be malicious, and (i) performing a security action on the malicious file on the network device.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: March 26, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Srinivasan Govindarajan, Yuvaraj M, Swapan Kumar Ghosh
  • Patent number: 10242318
    Abstract: According to one embodiment, a method for predicting the trustworthiness of a particular website comprising receiving information about a plurality of websites and constructing a hierarchy of groups from the received information, the hierarchy of groups comprising one or more tiers and each tier comprising one or more groups. The method further comprising receiving information about a particular website and predicting the trustworthiness of the particular website based on the hierarchy.
    Type: Grant
    Filed: September 1, 2016
    Date of Patent: March 26, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Jonathan J. Dinerstein, Daniel Hardman, Christian E. Larsen
  • Patent number: 10242187
    Abstract: The disclosed computer-implemented method for providing integrated security management may include (1) identifying a computing environment protected by security systems and monitored by a security management system that receives event signatures from the security systems, where a first security system uses a first event signature naming scheme that differs from a second event signature naming scheme used by a second security system, (2) observing a first event signature that originates from the first security system and uses the first event signature naming scheme, (3) determine that the first event signature is equivalent to a second event signature that uses the second event signature naming scheme, and (4) performing, in connection with observing the first event signature, a security action associated with the second event signature and directed to the computing environment. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 14, 2016
    Date of Patent: March 26, 2019
    Assignee: Symantec Corporation
    Inventors: Kevin Roundy, Matteo Dell'Amico, Chris Gates, Michael Hart, Stanislav Miskovic
  • Patent number: 10241696
    Abstract: The present disclosure relates to protecting computer systems from installation of rogue shared libraries when executable files are launched. An example method generally includes detecting that a downloaded file has been written to an insecure location on the computing device. A computing device determines that the downloaded file includes at least a first executable component and, upon determining that the downloaded file includes executable components, generates a copy of the executable component in a protected repository on the computing device. The computing device overwrites the contents of the executable component with at least instructions to launch the copy of the downloaded file from the protected repository.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: March 26, 2019
    Assignee: Symantec Corporation
    Inventor: Daniel J. Kowalyshyn
  • Patent number: 10242201
    Abstract: A computer-implemented method for predicting security incidents triggered by security software may include (i) collecting, by a computing device, telemetry data from a set of security products deployed by a set of client machines, (ii) identifying, by the computing device, a selected security product within the set of security products that is missing telemetry data for a target client machine, (iii) building a classifier, by the computing device using the telemetry data, that predicts information about security incidents triggered by the selected security product, (iv) determining, by the computing device and based on the classifier, that the selected security product triggers a new security incident on the target client machine, and (v) performing a security action, by the computing device, to secure the target client machine against the new security incident. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 13, 2016
    Date of Patent: March 26, 2019
    Assignee: Symantec Corporation
    Inventors: Shang-Tse Chen, Chris Gates, Yufei Han, Michael Hart, Kevin Roundy
  • Patent number: 10237304
    Abstract: Systems and methods of administering computer activities based upon user emotional intelligence are provided. One method may include receiving a user request for a computer activity and sensing emotional context data associated with the user, such as voice stress analysis of use a communication, eye motion, pupil dilation, mood and stress changes, sporadic user movement, and video contexts indicating micro-expressions (i.e. anxiety, anger, amusement, and the like). The method may further include retrieving a policy associated with the requested computer activity and applying the sensed emotional context data to the policy. In response to policy permission, the system may enable full or restricted access to the requested computer activity based upon the sensed emotional context. In the alternative, in response to policy violation, the system may deny access to the computer activity. The system may solicit feedback such that parental or third party controls may be established using emotional intelligence.
    Type: Grant
    Filed: August 3, 2016
    Date of Patent: March 19, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Ilya Sokolov, Keith Newstadt