Patents Assigned to Symantec
-
Publication number: 20110106862Abstract: A method for quickly identifying data residing on a volume in a multivolume file system. The method includes generating a file location map, the file location map containing a list of the locations of files that occupy space on each of a plurality of volumes of the file system. The file system comprises least a first volume and a second volume. The file location map is updated in accordance with changes in a file change log for the file system. Data residing on the first volume of the file system is identified by scanning the file location map.Type: ApplicationFiled: October 30, 2009Publication date: May 5, 2011Applicant: SYMANTEC CORPORATIONInventors: Murthy V. Mamidi, Kadir Ozdemir, Charles Silvers, Paul Massiglia
-
Patent number: 7937761Abstract: Detecting a network security threat is disclosed. Network traffic is classified with a security risk related classification, the classification being determined at least in part by applying a threat detection heuristic to at least a portion of the network traffic. Classification data that indicates the security risk related classification into which the network traffic has been classified is added to the network traffic. The network traffic is subjected to a level of network security threat detection processing that corresponds to the security risk related classification into which the network traffic has been classified as determined based at least in part on the classification data.Type: GrantFiled: December 17, 2004Date of Patent: May 3, 2011Assignee: Symantec CorporationInventor: Jeremy Bennett
-
Patent number: 7937758Abstract: An origin of a file of interest on a computer system is determined by monitoring file origin events on the computer system. A file of interest resulting from one of the file origin events may then be selected for tracing. A precursor file from which the file of interest emanates as a result of one of the file origin events is then identified. By iteratively performing the identifying operation upon successive precursor files substituted in the identifying operation for the file of interest, an origin file with no further precursor file may thus be identified. It is thus possible to trace back a given process or file of interest to a file container and/or location that initially introduced it into the computer system and any intermediate files or forms the process or file of interest may have assumed.Type: GrantFiled: January 23, 2007Date of Patent: May 3, 2011Assignee: Symantec CorporationInventors: Pierre-Michel Kronenberg, Derek Zahn
-
Patent number: 7937617Abstract: Systems and procedures may be used to coordinate the fail-back of multiple hosts in environments where the hosts share one or more data-storage resources. In one implementation, a procedure for coordinating fail-backs includes monitoring a failed data path to detect a restoration of the data path, polling remaining nodes in response to the restoration, and allowing the first node to resume communications if access has been restored to the remaining nodes.Type: GrantFiled: October 28, 2005Date of Patent: May 3, 2011Assignee: Symantec Operating CorporationInventors: Venkata Sreenivasa Rao Nagineni, Siddhartha Nandi, Abhay K. Singh
-
Patent number: 7937764Abstract: The executions of computer viruses are analyzed to develop register signatures for the viruses. The register signatures specify the sets of outputs the viruses produce when executed with a given set of inputs. A virus detection system (VDS) (400) holds a database (430) of the register signatures. The VDS (400) selects (710) a file that might contain a computer virus and identifies potential entry points in the file. The VDS (400) uses a virtual machine (422) having an initial state to emulate (714) a relatively small number of instructions at each entry point. While emulating each potential entry point, the VDS builds (716) a register table that tracks the state of a subset of the virtual registers (428). Once the VDS (400) reaches an emulation breakpoint, it analyzes the register table in view of the register signatures to determine whether the file contains a virus.Type: GrantFiled: May 1, 2008Date of Patent: May 3, 2011Assignee: Symantec CorporationInventor: Peter Szor
-
Patent number: 7937545Abstract: Method and apparatus for file-level restore from raw partition backups. A backup mechanism may be provided that is configured to perform raw partition backups to a media server and to support file-level restores from the raw partition backups through, for example, Fibre Channel (FC) or iSCSI Logical Unit (LUN) export of the raw partition backup images to client systems. Once a LUN is exported and mounted on the client system, direct file manipulation using standard file system commands may be performed. Embodiments achieve both fast backup and individual file retrieval without the necessity of understanding native file system formats and without requiring a file system mapping of the source (client) partition. Thus, embodiments may be used in heterogeneous environments.Type: GrantFiled: March 29, 2006Date of Patent: May 3, 2011Assignee: Symantec Operating CorporationInventors: Weibao Wu, Graham Bromley, James P. Ohr
-
Patent number: 7934259Abstract: A stealth threat detection manager detects stealth threats. The stealth threat detection manager monitors system activities that are vulnerable to being used by stealth threats. Dynamic link libraries are often used by stealth threats, so in some embodiments the stealth threat detection manager monitors for the loading thereof. The stealth threat detection manager detects when a system activity being monitored occurs, and after the occurrence of the activity, determines whether a specific component associated with the activity (e.g., the dynamic link library being loaded) is accessible on the computer. If the component is accessible, the stealth threat detection manager concludes that the component is non-stealthed. On the other hand, if the component is not accessible, the stealth threat detection manager concludes that the component is a stealth threat, and takes appropriate action in response.Type: GrantFiled: November 29, 2005Date of Patent: April 26, 2011Assignee: Symantec CorporationInventor: Mark Kennedy
-
Patent number: 7934257Abstract: A method of monitoring events in a network associated with a node. An agent collects event information associated with the monitored activities, based on a set of collection rules. A determination is made whether a portion of the collected event information complies or potentially complies with one of a set of patterns. An agent selects event information from the collection based on the determination, and makes the selected event information available to a manager associated with the node and other nodes in the network. The agent manager receives event information from a plurality of agents. A triggering event is identified, as a function of the set of patterns, based on the event information. The agent manager sends at least one request to a selected set of the agents for additional event information when a triggering event is identified.Type: GrantFiled: January 7, 2005Date of Patent: April 26, 2011Assignee: Symantec CorporationInventors: Darrell Kienzle, Paul Swinton
-
Patent number: 7934229Abstract: A security module interfaces with a set of infection repair modules. Each repair module can perform a specific repair of an infection. Some of the repair modules utilize context information about the computer, such as the availability of a non-infected backup file. Further, the repairs performed by some repair modules are fine-grained while repairs of other repair modules are coarse-grained. The security module identifies malicious software infecting a computer and generates an infection object for each infection. The security module selectively routes the infection objects to the repair modules. In response, the repair modules provide repair objects representing repairs that the repair modules can perform on the infection. The repair objects have scores describing their thoroughness and complexity. The security module ranks the repair objects based on their scores and selects certain repairs for repairing the malicious software infections.Type: GrantFiled: December 29, 2005Date of Patent: April 26, 2011Assignee: Symantec CorporationInventor: Gregory D. Vogel
-
Patent number: 7930489Abstract: Techniques for optimizing configuration partitioning are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for configuration partitioning comprising a module for providing one or more policy managers, a module for providing one or more applications, the one or more applications assigned to one or more application groups, a module for associating related application groups with one or more blocks, and a module for assigning each of the one or more blocks to one of the one or more policy managers, wherein if one or more of the one or more blocks cannot be assigned to a policy manager, breaking the one or more blocks into the one or more application groups and assigning the one or more application groups to one of the one or more policy managers.Type: GrantFiled: March 28, 2008Date of Patent: April 19, 2011Assignee: Symantec CorporationInventors: Sachin Vaidya, Tushar Bandopadhyay
-
Patent number: 7930684Abstract: A system, method, and computer-accessible medium for logging and replaying asynchronous events are disclosed. One or more asynchronous events occurring during execution of a first instance of a computer program are logged. In logging the asynchronous events, a respective location in the execution of the first instance at which each of the one or more asynchronous events occurs is determined. A respective synchronous event preceding each asynchronous event is also determined. The asynchronous events are replayed during execution of a second instance of the computer program. In replaying each asynchronous event, the second instance is instrumented at the respective location during the execution of the second instance after detecting the preceding synchronous event.Type: GrantFiled: October 12, 2005Date of Patent: April 19, 2011Assignee: Symantec Operating CorporationInventors: Guenter E. Roeck, Serge Pashenkov, Serge Shats
-
Patent number: 7930751Abstract: A method for detecting malicious code on an information handling system includes executing malicious code detection code (MCDC) on the information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation running on the information handling system during the execution of the MCDC. The detection routines associate weights to respective executable code under investigation in response to detections of a valid program or malicious code as a function of respective detection routines. Lastly, executable code under investigation is determined a valid program or malicious code as a function of the weights associated by the detection routines. Computer-readable media and an information handling system are also disclosed.Type: GrantFiled: February 27, 2009Date of Patent: April 19, 2011Assignee: Symantec CorporationInventors: Mark Obrecht, Michael Tony Alagna, Andy Payne
-
Patent number: 7930750Abstract: In one embodiment, a trickle and repair application receives data from a sending computer system and trickles the data to a target computer system over an in-band communication channel. The received data is evaluated for the presence of malicious code. When malicious code is detected in the data, trickling of the data is terminated. If the infected data is repairable, the data is repaired and an out-of-band target data notification is generated and sent to the target computer system. In one embodiment, receipt of the out-of-band target data notification causes the target computer system to flush the current buffer and any local files containing the trickled data. The target computer system returns an out-of-band target acknowledgement to the trickle and repair application and the repaired data is sent to the target computer system.Type: GrantFiled: April 20, 2007Date of Patent: April 19, 2011Assignee: Symantec CorporationInventors: William Joseph Gauvin, Edward James Taranto, Steve Y. Zhou
-
Patent number: 7930481Abstract: An application may issue write operations intended for a SAN via a server cache. Monitoring of the SAN (e.g., the autonomous persistent cache of the storage arrays of the SAN), allows caching performance to be controlled by a write caching policy. The server cache memory may be increased, decreased or eliminated according to the write caching policy. In one embodiment, a storage volume manager may adjust the latency of write operations in the server cache. In some embodiments, the write caching policy may adapt and learn characteristics of the storage environment, which may include calibrated values for messaging timestamps.Type: GrantFiled: December 18, 2006Date of Patent: April 19, 2011Assignee: Symantec Operating CorporationInventors: Jim Nagler, Ramesh Balan
-
Patent number: 7930583Abstract: Systems, methods, apparatus and software can implement a SAN monitoring scheme for determining changes in SAN topology, such as device failure and state changes. These changes are recorded in a SAN topology data structure. Information in the SAN topology data structure is used, for example, to identify a suspect path or set of paths, and to make decisions about communications pathways used by a multipath device driver.Type: GrantFiled: September 14, 2006Date of Patent: April 19, 2011Assignee: Symantec Operating CorporationInventors: Hari Krishna Vemuri, Venkata Sreenivasa Rao Nagineni, Siddhartha Nandi
-
Patent number: 7930739Abstract: Evaluating a data transmission is disclosed. In various embodiments evaluating the data transmission may include transforming a parameter associated with the data transmission into an augmented parameter wherein the augmented parameter represents a plurality of binned parameters. The augmented parameter is matched to a scaled parameterized rule set wherein the scaled parameterized rule set references the augmented parameter. The scaled parameterized rule set is applied to the data transmission.Type: GrantFiled: May 24, 2005Date of Patent: April 19, 2011Assignee: Symantec CorporationInventor: Carey Nachenberg
-
Patent number: 7925888Abstract: A virus detection system (VDS) (400) operates under the control of P-code to detect the presence of a virus in a file (100) having multiple entry points. P-code is an intermediate instruction format that uses primitives to perform certain functions related to the file (100). The VDS (400) executes the P-code, which provides Turing-equivalent capability to the VDS. The VDS (400) has a P-code data file (410) for holding the P-code, a virus definition file (VDF) (412) for holding signatures of known viruses, and an engine (414) for controlling the VDS. The engine (414) contains a P-code interpreter (418) for interpreting the P-code, a scanning module (424) for scanning regions of the file (100) for the virus signatures in the VDF (412), and an emulating module (426) for emulating entry points of the file. When executed, the P-code examines the file (100), posts (514) regions that may be infected by a virus for scanning, and posts (518) entry points that may be infected by a virus for emulating.Type: GrantFiled: November 22, 2004Date of Patent: April 12, 2011Assignee: Symantec CorporationInventor: Carey S. Nachenberg
-
Patent number: 7926111Abstract: A method/system for determining a group of related entities of interest in one or more processing systems. The method comprises identifying a starting entity from one or more entities in the one or more processing systems, then obtaining, based on an entity type of the starting entity, a first set of rules for determining at least one other related entity, and then determining, using the first set of rules, the at least one related entity.Type: GrantFiled: February 16, 2007Date of Patent: April 12, 2011Assignee: Symantec CorporationInventors: Ian Oliver, Ryan Pereira
-
Patent number: 7925856Abstract: A method and apparatus for maintaining an amount of reserve space using virtual placeholders. In one embodiment, a method of using placeholders for log files to maintain an amount of reserve storage space comprises determining a first required log file, wherein the first required log file is to be used to recover a database volume, generating at least one placeholder for representing at least one required log file in a log volume and storing the first required log file and the at least one placeholder in a portion of the log volume, wherein the at least one placeholder is used to control a size of the portion of the log volume.Type: GrantFiled: December 28, 2007Date of Patent: April 12, 2011Assignee: Symantec CorporationInventor: Christopher Greene
-
Patent number: 7926106Abstract: Upon detection of a rootkit, a host computer system is rebooted. The boot process is interrupted. Access to a media, e.g., a volume or disk, containing the rootkit is gained and the media is directly accessed. The rootkit is disabled, e.g., renamed or deleted, and the host computer system is rebooted a second time. If the rootkit has not been previously removed, e.g., only renamed, the rootkit is removed, e.g., using a conventional antivirus application. Thus, upon detection of a rootkit, the rootkit is removed without a clean boot.Type: GrantFiled: April 6, 2006Date of Patent: April 12, 2011Assignee: Symantec CorporationInventors: Mark Kennedy, Michael Spertus, Peter Linhardt, Richard Gough, Adam Glick, Patrick Gardner, Spencer Smith, Tim Naftel