Abstract: A digitally signed unknown application from a software publisher having a reputation is assigned the reputation of the software publisher. In this manner, software publishers who have an established reputation of publishing applications are allowed to rely on their existing reputation when releasing a new application. By quickly assigning reputations to new applications, users executing the new applications for the first time are provided timely recommendations on the quality, e.g., trustworthiness, of the applications they wish to run.
Abstract: A disclosed computer-implemented method for assessing levels of personal risk may include (1) collecting, from a computing system, initial information that describes a user at an initial period of time, (2) determining, based on the initial information, an expected state of the user, (3) receiving, from the computing system, additional information that describes the user at a subsequent period of time after the initial period of time, (4) calculating a risk score by comparing the additional information with the expected state to determine a degree of divergence from the expected state, and (5) performing a safety action based on the risk score. The expected state and/or the additional information may each specify a medical state and/or a location. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A computer-implemented method for identifying a source of a suspect event is described. In one embodiment, system events may be registered in a database. A suspicious event associated with a first process may be detected and the first process may be identified as being one of a plurality of potential puppet processes. The registered system events in the database may be queried to identify a second process, where the second process is detected as launching the first process.
Abstract: The disclosed computer-implemented method for determining whether transmission of sensitive data is expected may include (1) identifying a computer program that is to be analyzed to determine whether the computer program unexpectedly transmits sensitive data, (2) simulating user input to the computer program while the computer program is executing, (3) identifying a context of the simulated user input, (4) identifying transmission of sensitive data that occurs after the user input is simulated, (5) determining, based on the context of the simulated user input, whether the transmission of sensitive data would be an expected result of the user input, and (6) performing a security action with respect to the computer program based on whether the transmission of sensitive data is expected. Various other methods, systems, and computer-readable media are also disclosed.
Type:
Grant
Filed:
May 21, 2014
Date of Patent:
June 28, 2016
Assignee:
Symantec Corporation
Inventors:
Xiaole Zhu, Matthew Yeo, Abubakar A. Wawda
Abstract: Techniques for data backup and restoration are disclosed. In one embodiment, the techniques may be realized as a method including generating a first backup representing a database at a first time; after the first backup, generating a plurality of journal entries, each journal entry representing a change to the database made after the first time; and restoring the database from the first backup and the plurality of journal entries, the restored database including the changes represented by the entries.
Abstract: A graphical user interface can be provided for creating a digital certificate profile for a digital certificate. In one embodiment, the graphical user interface presents a plurality of certificate profile attributes selectable by the user. A security metric using at least two attributes of the plurality of certificate profile attributes is calculated. The security metric indicates the vulnerability of the digital certificate having the digital certificate profile. A usability metric using at least two other attributes of the plurality of certificate profile attributes is calculated. The usability metric indicates the vulnerability of the digital certificate having the digital certificate profile. A graphical representation of the security metric and the usability metric is provided in the graphical user interface.
Abstract: A plurality of user made decisions concerning unknown data objects are received from a plurality of users. Each specific user made decision concerns a specific unknown data object made by a specific user, wherein the specific decision could not be made automatically with a sufficient level of confidence without user input. Accuracy of the received user made decisions is automatically determined, as empirical data determinative of the accuracy of the decisions becomes available over time. User weights are automatically dynamically calculated, based on the determined accuracy of decisions made by associated users. Multiple user made decisions received from multiple users concerning a specific unknown data object are aggregated, taking into account the user weights. A definitive decision concerning the specific unknown data object is automatically made without prompting any user for confirmation, based on the aggregating of the user made decisions concerning the specific unknown data object.
Abstract: The present disclosure enables remote device management. A programmatic interface is associated with each application plug-in. A web server included with the on-device agent provides access to the programmatic interfaces according to open standards such as HTML or XML. The present disclosure enables access to remote devices through existing infrastructure without the need for proprietary systems. An IT administrator or other administrator may remotely access and update software and hardware, track device data plan usage statistics, provide live support, and track current and historical device locations. Further, through the use of the present disclosure developers may provide customizable applications employing plug-ins on the remote device targeted for their own system.
Type:
Grant
Filed:
February 3, 2011
Date of Patent:
June 14, 2016
Assignee:
Symantec Corporation
Inventors:
Mark Gentile, Jim Sullivan, Mark Hanson, Mark Wade
Abstract: A file on a computer system is evaluated against trust criteria to determine whether the file is compatible with the trust criteria. Responsive to the file being incompatible with the trust criteria, the file is assigned to a package. Files assigned to the package are tracked to determine whether the files collectively perform malicious behavior. The package is convicted as malware responsive to the files in the package collectively performing malicious behavior.
Abstract: Techniques are disclosed for authenticating users accessing computing applications, e.g., applications hosted in a cloud environment accessed using a variety of computing systems. As disclosed, an authentication process is performed using a certificate and private key installed on a mobile device and a nonce generated on the server. To authenticate a user, a server generates a nonce, encrypts the nonce with a public key associated with the user, and encodes the encrypted nonce in a barcode graphic (e.g., a QR code). The resulting barcode graphic is displayed to the user, and a mobile device scans the barcode graphic to recover the encrypted nonce. The encrypted nonce is decrypted using a private key stored on the mobile device. The clear text nonce is then displayed on the screen of the mobile device and used as a one-time password (OTP) for authentication.
Abstract: The disclosed computer-implemented method for performing security analyzes on network traffic in cloud-based environments may include (1) collecting network traffic exchanged between a source device and a destination device for a security analysis by (A) receiving, from the destination device, a response to a request sent by the source device, (B) identifying, in a header of the response, information that facilitates access to at least a portion of the request, and (C) obtaining, based at least in part on the information identified in the header of the response, the portion of the request sent by the source device, and then (2) performing the security analysis on the network traffic by analyzing the portion of the request sent by the source device and at least a portion of the response. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: Systems and methods for process flow tracking are presented. In one embodiment, a flow method comprises collecting records associated with flow for post analysis; performing a flow connection process associated with the flow, wherein the flow connection process examines information in a hash table and connects flow segments based upon connect ID; and performing a presentation process in which the flow is visualized, searched and traversed. In one exemplary implementation, a flow connection process utilizes a hash table that draws a correlation between the connect ID and a connect-start record or a connect-end record.
Abstract: A computer-implemented method for detecting suspicious web pages. The method may include 1) identifying a plurality of malicious web pages; 2) establishing a classification model for identifying suspicious web pages, the classification model being based at least in part on the plurality of malicious web pages; 3) identifying an additional web page; 4) classifying the additional web page as suspicious using the classification model; 5) analyzing the additional web page to determine whether the additional web page is malicious; 6) determining that the additional web page is malicious based on the analysis; and 7) updating the classification model based at least in part on the determination. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A method and apparatus for detecting malware transmission through a web portal is provided. In one embodiment, a method for detecting malicious software transmission through the web portal comprises accessing a security scan history that comprises information regarding a plurality of executables that are scanned upon executable creation and comparing current executable creation activity with the security scan history to identify at least one executable that is not scanned.
Type:
Grant
Filed:
March 20, 2009
Date of Patent:
May 24, 2016
Assignee:
Symantec Corporation
Inventors:
Adam Lyle Glick, Spencer Dale Smith, Nicholas Robert Graf
Abstract: A system and method are disclosed for deploying applications to end point devices. The applications are obtained from a marketplace that checks the applications and packages them for endpoint use according to certain policies. Packaging an application includes compiling or assembling and linking the application, possibly with a framework and possibly with a binding token, which can be a device binding token and/or a user binding token. The application is loaded onto an endpoint device and if the application is bound to the device and the user is allowed to use the application, the application is enabled to be used on the endpoint device. A gateway between the endpoint device and an authentication server helps to authenticate the user. The gateway also manages data transfers between the endpoint device and a data server according to a selected protocol.
Type:
Grant
Filed:
August 1, 2014
Date of Patent:
May 24, 2016
Assignee:
Symantec Corporation
Inventors:
Thomas Jeffrey Enderwick, Christopher Edward Perret
Abstract: A computer-implemented method for preventing data loss via temporary-file generating applications may include (1) identifying an application that is configured to update a file by generating a temporary file that includes updated content of the file and replacing the file with the temporary file, (2) detecting an attempt by the application to update the file by detecting an attempt by the application to generate the temporary file and/or an attempt by the application to replace the file with the temporary file, and (3) performing, in response to detecting the attempt by the application to update the file, a data-loss-prevention action on the file instead of the temporary file. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: The present disclosure enables remote device management. A programmatic interface is associated with each application plug-in. A web server included with the on-device agent provides access to the programmatic interfaces according to open standards such as HTML or XML. The present disclosure enables access to remote devices through existing infrastructure without the need for proprietary systems. An IT administrator or other administrator may remotely access and update software and hardware, track device data plan usage statistics, provide live support, and track current and historical device locations. Further, through the use of the present disclosure developers may provide customizable applications employing plug-ins on the remote device targeted for their own system. This disclosure also enables management of remote devices and the data thereon via a data loss prevention component.
Abstract: A computer-implemented method for searching shared encrypted files on third-party storage systems may include (1) receiving, at a server-side computing system, a request from a user to search at least one encrypted file to which a group of users that includes the user shares access, (2) identifying, in response to the request, at least one encrypted search index compiled for and shared by the group of users that enables the encrypted file to be searched, (3) decrypting the encrypted search index with a key with which each user within the group of users has access, and (4) using the decrypted search index to respond to the request from the user. Various other methods, systems, and computer-readable media are also disclosed.
Type:
Grant
Filed:
March 6, 2014
Date of Patent:
May 17, 2016
Assignee:
Symantec Corporation
Inventors:
Scott Schneider, Walter Bogorad, Haibin Zhang, Sharada Sundaram