Patents Assigned to Symantec
  • Enforcing the execution exception to prevent packers from evading the scanning of dynamically created code
    Patent number: 8510828
    Abstract: To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or writable, but not both. Before changing from writable but not executable to executable but not writable, the page is scanned for malicious code. To prevent packers from evading this scanning, the software may enforce the execution exception to prevent packers from changing whether a page is executable and thereby evading the scanning of dynamically created code. The software may also include exception handlers to allow a program to write to a page that contains the code being executed, but also limit such an operation (e.g., to a single step) to avoid evasion of the antivirus software.
    Type: Grant
    Filed: December 31, 2007
    Date of Patent: August 13, 2013
    Assignee: Symantec Corporation
    Inventors: Fanglu Guo, Tzi-cker Chiueh
  • Lineage-based reputation system
    Patent number: 8510836
    Abstract: A computer generates a reputation score for a file based at least in part on the lineage of the file. A security module on a client monitors file creations on the client and identifies a parent file creating a child file. The security module provides a lineage report describing the lineage relationship to a security server. The security server uses lineage reports from the client to generate one or more lineage scores for the files identified by the reports. The security server aggregates the lineage scores for files reported by multiple clients. The aggregated lineage scores are used by the security server to generate reputation scores for files. The reputation score for a file indicates a likelihood that the file is malicious. The security server reports the reputation scores to the clients, and the clients use the reputation scores to determine whether files detected at the clients are malicious.
    Type: Grant
    Filed: July 6, 2010
    Date of Patent: August 13, 2013
    Assignee: Symantec Corporation
    Inventor: Carey S. Nachenberg
  • INTELLIGENT FAILOVER OR SHUTDOWN OF AN APPLICATION USING INPUT/OUTPUT SHIPPING IN RESPONSE TO LOSS OF CONNECTIVITY TO DATA STORAGE IN A CLUSTER
    Publication number: 20130205006
    Abstract: When a loss of connectivity between a first node in a cluster of nodes and a data store is detected, an input/output (I/O) request associated with an application that was executing on the first node is shipped to a second node in the cluster that is in communication with the data store. The application can be gracefully shut down on the first node, and the second node can execute the application and satisfy the I/O request.
    Type: Application
    Filed: February 7, 2012
    Publication date: August 8, 2013
    Applicant: SYMANTEC CORPORATION
    Inventors: Mangesh Panche, Nitin Wankhede, Niranjan Pendharkar, Asmita Jagtap, Shailesh Marathe, Sumit Sharma
  • Systems and methods for rating a current instance of data based on preceding and succeeding instances of data
    Patent number: 8504671
    Abstract: A computer-implemented method for rating a current instance of data is described. An activity occurring on a computing system is monitored. The activity includes the current instance of data. A rating is assigned to the current instance of data. A determination is made as to whether the activity includes at least one additional instance of data. When the activity includes at least one additional instance of data, the rating assigned to the current instance of data is updated. The updated rating is based on the content of the at least one additional instance of data.
    Type: Grant
    Filed: September 2, 2010
    Date of Patent: August 6, 2013
    Assignee: Symantec Corporation
    Inventors: Adam Schepis, Keith Newstadt
  • Deriving encryption key selection from a data management retention period
    Patent number: 8503680
    Abstract: The traditional data retention attribute is used to intelligently select appropriate data encryption keys. Key life cycles are calibrated with data retention periods, such that encryption keys and the corresponding data are both available at the same time. A data management system passes a data retention period to a key management system as part of a request for a key. The key management system uses the received data retention period as a factor in selecting a key, such that the key life cycle is calibrated to the data retention period. The data management system then utilizes the key in encryption operations concerning corresponding data.
    Type: Grant
    Filed: August 26, 2008
    Date of Patent: August 6, 2013
    Assignee: Symantec Corporation
    Inventors: Thomas G. Clifford, Wendy Ann Shavor
  • Automatically adjusting polling intervals based on remote administrative activity
    Patent number: 8504680
    Abstract: It is detected when an administrator begins or finishes performing remote administrative activity. In response, the polling interval is modified. When the level of remote administrative activity increases, the polling interval is decreased, thereby directing the managed clients to poll the server more frequently. When the level of remote administrative activity decreases, the polling interval is increased, thereby directing the managed clients to poll the server less frequently. By dynamically adjusting the polling interval based on remote administrative activity, a balance is struck between scalability and usability.
    Type: Grant
    Filed: December 23, 2008
    Date of Patent: August 6, 2013
    Assignee: Symantec Corporation
    Inventors: Brian Hernacki, William E. Sobel
  • User account level anti-malware exclusions
    Patent number: 8505100
    Abstract: Exclusions to anti-malware scanning are managed at a user account level. On a computer on which an anti-malware product provides anti-malware scanning, at least one user account to exclude from the anti-malware scanning is specified. Specifying a user account to exclude can comprise adding the name of the user account to the exceptions policy of the anti-malware product. Specified user accounts are excluded from the anti-malware scanning. Excluding a user account from anti-malware scanning comprises excluding all applications that are run by the specified account. Non-specified user accounts and applications run by the non-specified user accounts, are allowed to be scanned. User accounts to exclude from the anti-malware scanning can comprise virtual user accounts. When a virtual user account is excluded from the anti-malware scanning, the system service associated with the virtual user account is excluded.
    Type: Grant
    Filed: September 29, 2011
    Date of Patent: August 6, 2013
    Assignee: Symantec Corporation
    Inventors: William E. Sobel, James E. Brennan
  • Systems and methods for blocking an outgoing request associated with an outgoing telephone number
    Patent number: 8503636
    Abstract: A computer-implemented method to block an outgoing request associated with an outgoing telephone number is described. A device is monitored for an outgoing request associated with an outgoing telephone number. The outgoing request is intercepted. The outgoing telephone number associated with the outgoing request is extracted. Upon determining that the extracted outgoing telephone number matches a telephone number stored in a database, the outgoing request is blocked.
    Type: Grant
    Filed: April 29, 2011
    Date of Patent: August 6, 2013
    Assignee: Symantec Corporation
    Inventor: Bruce McCorkendale
  • Method and apparatus for backing up to tape drives with minimum write speed
    Patent number: 8504785
    Abstract: Techniques for controlling data backup operations are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for data backup. The method may include receiving a minimum write speed for a plurality of tape drives. The method may further include controlling data writes for the plurality of tape drives such that data may be attempted to be written to each tape drive at or above the minimum write speed for each tape drive.
    Type: Grant
    Filed: March 10, 2009
    Date of Patent: August 6, 2013
    Assignee: Symantec Corporation
    Inventors: Thomas G. Clifford, Donald C. Peterson
  • Method and apparatus for providing in-memory checkpoint services within a distributed transaction
    Patent number: 8504873
    Abstract: A method and apparatus for performing in-memory checkpoint services as a callable resource within a distributed transaction. As such, in-memory checkpoint processes can be utilized by an application as the application would use any resource available to the computer network via a distributed transaction.
    Type: Grant
    Filed: January 9, 2012
    Date of Patent: August 6, 2013
    Assignee: Symantec Operating Corporation
    Inventor: Pavan Vijaykumar Deolasee
  • Systems and methods for providing protection against a solicitation for information during a telephone call
    Patent number: 8503645
    Abstract: A computer-implemented method to provide protection against a solicitation for information during a telephone call is described. A telephone call connection between a target device and a source device is monitored. A determination is made when sensitive information is provided via the target device. Characteristics of the source device are compared with characteristics stored in a first database. A warning message is generated based on the results of the comparison.
    Type: Grant
    Filed: April 8, 2011
    Date of Patent: August 6, 2013
    Assignee: Symantec Corporation
    Inventor: Ian Oliver
  • Systems and methods for using alternate power sources to manage the power draw on a power grid
    Patent number: 8504215
    Abstract: A computer-implemented method for using alternate power sources to manage the power draw on a power grid may comprise: 1) identifying a need to reduce power draw on the power grid, 2) identifying an electrical device that draws power from the power grid, 3) determining that the electrical device is capable of drawing power from an alternate power source, and 4) transmitting a command that, when executed, causes the electrical device to draw power from the alternate power source. A corresponding device-side method for reducing power draw on a power grid may comprise: 1) drawing power from a power grid, 2) receiving a command to draw power from an alternate power source, and then 3) drawing power from the alternate power source. Corresponding systems and methods are also disclosed.
    Type: Grant
    Filed: November 4, 2008
    Date of Patent: August 6, 2013
    Assignee: Symantec Corporation
    Inventors: Bruce McCorkendale, Shaun Cooley
  • METHOD AND SYSTEM FOR CLUSTER WIDE ADAPTIVE I/O SCHEDULING BY A MULTIPATHING DRIVER
    Publication number: 20130198562
    Abstract: A method and system for load balancing. The method includes determining that connectivity between a first host and a primary array controller of a storage system has failed. The first host is configured to send input/output messages (I/Os) to a storage system through a storage network fabric. An available host is discovered at a multi-pathing driver of the first host. The available host is capable of delivering I/Os to the primary array controller.
    Type: Application
    Filed: January 31, 2012
    Publication date: August 1, 2013
    Applicant: Symantec Corporation
    Inventors: Frederick Bosco Anthonisamy, Suhas Ashok Dantkale
  • SUBSEQUENT OPERATION INPUT REDUCTION SYSTEMS AND METHODS FOR VIRTUAL MACHINES
    Publication number: 20130198742
    Abstract: Storage systems and methods are presented. A method can include: accessing virtual machine image information; performing an examination process on the virtual machine image information to determine characteristics of the virtual machine image information including temporary attributes of the virtual machine image information; performing an exclusion block identification process based upon results of the examination process to identify exclusion blocks, wherein exclusion blocks are identified for exclusion from a subsequent operation; and forwarding an indication of the exclusion blocks to the subsequent operation. In one embodiment the method is performed within a File Server.
    Type: Application
    Filed: February 1, 2012
    Publication date: August 1, 2013
    Applicant: SYMANTEC CORPORATION
    Inventors: Sumit Kumar, Mukund Agrawal
  • METHOD AND SYSTEM FOR MULTI-LAYER DIFFERENTIAL LOAD BALANCING IN TIGHTLY COUPLED CLUSTERS
    Publication number: 20130198424
    Abstract: A method and system for load balancing. The method includes discovering each of a plurality of hosts in a cluster, wherein the plurality of hosts is configured for accessing a LUN of a storage system through a storage network fabric. Global input/output (I/O) load characteristics are collected for each of the plurality of hosts at the device and/or volume level. A selected host is determined for processing an I/O originating at the local host, wherein the host is selected based on a current set of the global I/O load characteristics.
    Type: Application
    Filed: January 31, 2012
    Publication date: August 1, 2013
    Applicant: SYMANTEC CORPORATION
    Inventors: Amarinder Singh Randhawa, Madhav Buddhi, Chaltanya Yalamanchili, Prasanta Dash
  • Method and apparatus for providing single instance restoration of data files
    Patent number: 8498962
    Abstract: A method and apparatus for providing single instance restoration of data files is provided. In one embodiment, a method for using a signature database to provide a single instance data restoration solution includes processing a restore request for a data file, wherein the data file is associated with a signature and examining a signature database using the signature to identify at least one locally available data file having at least one signature that matches the signature associated with the data file.
    Type: Grant
    Filed: November 7, 2011
    Date of Patent: July 30, 2013
    Assignee: Symantec Corporation
    Inventor: Amol Manohar Vaikar
  • Uninstall and system performance based software application reputation
    Patent number: 8499063
    Abstract: Installation events associated with a software application are received from a plurality of clients. A rate at which the software application was uninstalled on the plurality of clients is determined based on the installation events. A reputation score is generated based on the rate at which the software application was uninstalled on the plurality of clients. A reputation score is generated for the software application responsive to the installation event and the performance data. The reputation score storied in association with the software application.
    Type: Grant
    Filed: March 31, 2008
    Date of Patent: July 30, 2013
    Assignee: Symantec Corporation
    Inventors: Sourabh Satish, William E. Sobel
  • System and method for reading mirrored data
    Patent number: 8499129
    Abstract: Disclosed is a method and apparatus for reading mirrored data. In one embodiment, a node receives a read request for data, identical copies of which are maintained on a primary storage device and any number of corresponding minors. A read generator coupled to the node generates a number of read operations for smaller portions of the data. Preferably, the read generator then transmits the read operations in parallel to at least two storage devices on which identical copies of the data are maintained (e.g., a primary storage device and a corresponding mirror, two mirrors of a primary storage device, etc.). The read operations may then be processed in parallel by the storage devices to which the read operations were transmitted.
    Type: Grant
    Filed: June 9, 2008
    Date of Patent: July 30, 2013
    Assignee: Symantec Operating Corporation
    Inventors: Angshuman Bezbaruah, Vivek V. Gupta, Ashwani Mujoo
  • Preventing malware from abusing application data
    Patent number: 8499354
    Abstract: An attempted exploit of a vulnerability of an application executed by a computer is detected. The exploit attempts to call an application programming interface (API) and abuse application data through a malicious parameter of the call. The API of the application is hooked and monitored for a call made to the hooked API. A parameter of the call is analyzed to determine whether the parameter has a malicious characteristic indicating an attempt to use data within an address space of the application to execute malicious software. A remediation action is taken responsive to determining that the parameter has a malicious characteristic.
    Type: Grant
    Filed: March 15, 2011
    Date of Patent: July 30, 2013
    Assignee: Symantec Corporation
    Inventors: Sourabh Satish, William E. Sobel
  • Selectively trusting signed files
    Patent number: 8499150
    Abstract: A security module on a client detects a signed file at the client and reports signing information identifying a certificate used to sign the file and a file identifier identifying the file to a security server. The security server uses the signing information to determine whether the certificate is compromised. If the certificate is compromised, the security server compares a discovery date of the file with a compromise date of the certificate. The security server generates trust data assigning a trust level to the file responsive to the comparison. The trust data assign a low trust level to the file if the comparison indicates that the file discovery date is after the compromise date and assign a high trust level to the file if the comparison indicates that the file discovery date is not after the compromise date. The security server provides the trust data to the client.
    Type: Grant
    Filed: November 11, 2010
    Date of Patent: July 30, 2013
    Assignee: Symantec Corporation
    Inventor: Carey S. Nachenberg