Patents Assigned to Symantec
  • Patent number: 9160765
    Abstract: A method for protecting endpoints from network attacks is provided. The method includes blocking a first data unit, in response to matching a portion of the first data unit to a specified exploit pattern, the matching occurring at a layer of a communication model below an application layer. The method includes collecting attributes of the first data unit at the application layer and blocking at least one further data, in response to the at least one further data unit matching at the application layer a subset of the collected attributes of the first data unit.
    Type: Grant
    Filed: July 26, 2013
    Date of Patent: October 13, 2015
    Assignee: Symantec Corporation
    Inventors: Shreyans Mehta, Atif Mahadik
  • Patent number: 9161249
    Abstract: A computer-implemented method for performing Internet site security analyzes may include (1) identifying a plurality of clients, each client within the plurality of clients connecting to the Internet from a different Internet Protocol address, (2) identifying a plurality of Internet sites targeted for a security assessment, and then, for each Internet site within the plurality of Internet sites, (3) selecting at least one client from the plurality of clients to use as a proxy for communicating with the Internet site, (4) communicating with the Internet site, using the client as a proxy, to gather information for a security analysis of the Internet site, and (5) performing the security analysis of the Internet site based at least in part on the gathered information. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 7, 2011
    Date of Patent: October 13, 2015
    Assignee: Symantec Corporation
    Inventors: Corrado Leita, Marc Dacier
  • Patent number: 9158915
    Abstract: A computer-implemented method for analyzing zero-day attacks may include 1) identifying, within a database of known security vulnerabilities, disclosure timing information that indicates when a security vulnerability was publicly disclosed, 2) correlating a file with the security vulnerability by searching a database of file activity for at least one file that is associated with an attack that exploits the security vulnerability, 3) identifying, within the database of file activity, activity timing information indicating timing of one or more activities that involve the file and that occurred on endpoint computing devices before the security vulnerability was publicly disclosed, and 4) comparing the disclosure timing information with the activity timing information to investigate a potential zero-day attack that exploits the security vulnerability. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 24, 2013
    Date of Patent: October 13, 2015
    Assignee: Symantec Corporation
    Inventors: Leylya Yumer, Tudor Dumitras
  • Patent number: 9158631
    Abstract: A computer-implemented method for providing backup interfaces may include (1) identifying a backup policy configured to back up a source system according to a backup configuration, (2) identifying a request to display the backup policy within a graphical user interface, and in response to the request, (3) portraying the backup policy within the graphical user interface as a flow diagram, the flow diagram including (i) a first box representing the source system, the first box displaying an identifier of the source system, (ii) a second box representing a backup stage of the backup policy, the second box displaying an identifier of the backup stage, and (iii) a directed edge connecting the first box and the second box, the directed edge indicating a sequence beginning with the first box and progressing to the second box. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 28, 2013
    Date of Patent: October 13, 2015
    Assignee: Symantec Corporation
    Inventors: Kirk Hartmann Freiheit, Gregory R. Dowers, II, Robert Santiago, Jessica Rich
  • Patent number: 9152703
    Abstract: A computer-implemented method for clustering data samples may include (1) identifying a plurality of samples, (2) identifying a plurality of candidate features, (3) identifying a plurality of candidate distance functions, (4) selecting a distance function by (i) selecting a set of features based on determining that a result of clustering a training set of samples using the set of features and the distance function fits an expected clustering of the training set of samples more closely than results from using an alternative set of features and (ii) determining that the result of clustering the training set using the set of features and the distance function fits the expected clustering of the training set of samples more closely than a best result of any other distance function, and (5) clustering the plurality of samples using the set of features and the distance function. Various other methods and systems are also disclosed.
    Type: Grant
    Filed: February 28, 2013
    Date of Patent: October 6, 2015
    Assignee: Symantec Corporation
    Inventor: Sourabh Satish
  • Patent number: 9152817
    Abstract: A method for performing a data protection operation. The method may include receiving a virtual node that identifies a plurality of physical nodes. The virtual node may be associated with a clustered database. The method may include receiving a request to perform a data protection operation on the clustered database. The method may also include using information from the virtual node to identify a first physical node in the plurality of physical nodes and attempting to perform the data protection operation on the clustered database through the first physical node. A computer-readable medium is also disclosed.
    Type: Grant
    Filed: October 31, 2007
    Date of Patent: October 6, 2015
    Assignee: Symantec Corporation
    Inventors: Sunil Shah, Ynn-Pyng A. Tsaur, Sudhir Subbarao
  • Patent number: 9152638
    Abstract: A file backup method, which can be implemented on a virtual machine system or applied to backup files of a virtual machine, is herein described. The virtual machine system may include a virtual machine server and be associated with a backup server. Changes to a storage media are tracked through change block tracking. A location where file system records reside on the storage media is identified. Changed file system records are identified among the tracked changes to the storage media. Copies are made of the files that the changed file system records are pointing to.
    Type: Grant
    Filed: January 10, 2013
    Date of Patent: October 6, 2015
    Assignee: Symantec Corporation
    Inventor: Timothy Naftel
  • Patent number: 9154466
    Abstract: A computer-implemented method for introducing variation in sub-system output signals to prevent device fingerprinting may include (1) intercepting, on a computing device, an output signal sent from a sub-system device on a computing device to a software component on the computing device, (2) identifying a margin of error for the output signal, (3), creating a modified output signal by introducing variation into the output signal in such a way that (a) the variation does not exceed the margin of error for the output signal and (b) the modified output signal cannot be used to identify the computing device, and (4) sending the modified output signal to the software component. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: October 6, 2015
    Assignee: Symantec Corporation
    Inventors: William E. Sobel, Bruce McCorkendale
  • Patent number: 9153120
    Abstract: A computer-implemented method for locating lost devices may include (1) receiving a report of a lost device that specifies a hardware address that uniquely identifies the lost device, (2) collecting information from a helper device that has been connected to a local area network that indicates that a device with the hardware address of the lost device was observed as being connected to the local area network, (3) receiving location data from the helper device that specifies a location of the helper device, and (4) providing the location of the helper device as a location of the lost device in response to the report. Various other methods and systems are also disclosed.
    Type: Grant
    Filed: June 26, 2013
    Date of Patent: October 6, 2015
    Assignee: Symantec Corporation
    Inventors: Hong Yong Xiao, Eric Zhao
  • Patent number: 9152790
    Abstract: A computer-implemented method for detecting fraudulent software applications that generate misleading notifications is disclosed. In one example, such a method may comprise: 1) detecting a notification generated by an application installed on the computing device, 2) accessing criteria for determining, based at least in part on characteristics of the notification, whether the application is trustworthy, 3) determining, by applying the criteria, that the application is untrustworthy, and then 4) performing a security operation on the application. Corresponding systems and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 21, 2009
    Date of Patent: October 6, 2015
    Assignee: Symantec Corporation
    Inventors: Adam Glick, Nicholas Graf, Spencer Smith
  • Patent number: 9154377
    Abstract: A computer-implemented method to manage a device is described. Communications with an endpoint device are established. A management profile for the endpoint device is received. Information about the endpoint device is acquired based at least in part on the management profile. At least a portion of the acquired information is provided to an upper layer server.
    Type: Grant
    Filed: February 26, 2013
    Date of Patent: October 6, 2015
    Assignee: Symantec Corporation
    Inventors: Maksim Sokolov, Cody Menard
  • Patent number: 9154520
    Abstract: A computer-implemented method for notifying users of endpoint devices about blocked downloads may include (1) detecting, at a networking device, at least one attempt by an endpoint device to download a file from an external network, (2) determining that the networking device has already blocked at least one previous attempt to download the file from the external network based at least in part on at least one potential policy violation associated with the file, (3) directing the networking device to block the attempt by the endpoint device to download the file from the external network, and then (4) providing the endpoint device with at least one notification indicating that the attempt by the endpoint device to download the file has been blocked based at least in part on the potential policy violation associated with the file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 27, 2012
    Date of Patent: October 6, 2015
    Assignee: Symantec Corporation
    Inventor: Shaun Cooley
  • Publication number: 20150281257
    Abstract: A method to identify machines infected by malware is provided. The method includes determining whether a universal resource locator in a network request is present in a first cache and determining whether a fully qualified domain name from the uniform resource locator is present in a second cache. The method includes evaluating a parent hostname as to suspiciousness. The method includes indicating the computing device has a likelihood of infection, responsive to one of: the universal resource locator being present in the first cache with a first indication of suspiciousness, the fully qualified domain name being present in the second cache with a second indication of suspiciousness, or the evaluating the parent hostname having a third indication of suspiciousness, wherein at least one method operation is performed by the processor. A system and computer readable media are provided.
    Type: Application
    Filed: March 26, 2014
    Publication date: October 1, 2015
    Applicant: Symantec Corporation
    Inventors: Michael HART, Darrell KIENZLE, Peter ASHLEY
  • Publication number: 20150278518
    Abstract: A computer-implemented method for identifying a source of a suspect event is described. In one embodiment, system events may be registered in a database. A suspicious event associated with a first process may be detected and the first process may be identified as being one of a plurality of potential puppet processes. The registered system events in the database may be queried to identify a second process, where the second process is detected as launching the first process.
    Type: Application
    Filed: March 31, 2014
    Publication date: October 1, 2015
    Applicant: Symantec Corporation
    Inventor: Shane Pereira
  • Patent number: 9148392
    Abstract: A computer-implemented method for aggregating event information may include 1) identifying a plurality of social networking data feeds, 2) identifying a time and a location of an event involving at least one person associated with at least one social networking data feed within the plurality of social networking data feeds, 3) mining the plurality of social networking data feeds for event data about the event, and 4) creating an event document from the event data to describe the event. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: February 15, 2012
    Date of Patent: September 29, 2015
    Assignee: Symantec Corporation
    Inventors: John P. Kelly, Bruce McCorkendale
  • Patent number: 9146950
    Abstract: A computer-implemented method for determining file identities may include identifying a file stream that is subject to an assessment, generating a hash based at least in part on a portion of the file stream between a start and an offset of the file stream, querying the database to determine whether the hash matches at least one file in the database, receiving a response that indicates that the file stream matches a plurality of files in the database and that requests an additional hash of the file stream that is based at least in part on an additional portion of the file stream ending between the offset and a subsequent offset of the file stream, generating the additional hash of the file stream, querying the database with the additional hash, and receiving an additional response including a characterization of the file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 14, 2012
    Date of Patent: September 29, 2015
    Assignee: Symantec Corporation
    Inventor: Shaun Cooley
  • Patent number: 9146868
    Abstract: A computer-implemented method for eliminating inconsistencies between backing stores and caches may include (1) detecting at least one inconsistency between a backing store and a cache, (2) identifying a synchronization marker that bifurcates write operations queued in the cache into (i) a subset of one or more write operations known to have been successfully performed on the backing store and (ii) an additional subset of one or more additional write operations not yet known to have been successfully performed on the backing store, (3) identifying the additional subset of additional write operations based at least in part on the synchronization marker, (4) performing the additional subset of additional write operations on the backing store, and then (5) updating the synchronization marker based at least in part on performing the additional subset of additional write operations on the backing store. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: January 17, 2013
    Date of Patent: September 29, 2015
    Assignee: Symantec Corporation
    Inventors: Mithlesh Thukral, Mukesh Bafna
  • Patent number: 9148479
    Abstract: A computer-implemented method for determining the healthiness of nodes within computer clusters may include (1) identifying a computer cluster that includes a plurality of nodes configured to provide substantially continuous availability of at least one application, (2) identifying at least one operating system kernel installed on at least one of the nodes, (3) configuring the operating system kernel to (a) asynchronously monitor performance of the node and (b) determine, based at least in part on the node's performance, whether the node is sufficiently healthy to execute the application, (4) receiving a notification from the operating system kernel that indicates that the node is not sufficiently healthy to execute the application, and then (5) performing at least one action configured to enable the computer cluster to provide substantially continuous availability of the application despite the unhealthy node. Various other systems, methods, and computer-readable media are also disclosed.
    Type: Grant
    Filed: February 1, 2012
    Date of Patent: September 29, 2015
    Assignee: Symantec Corporation
    Inventors: Anand Bhalerao, Amit Gaurav, Amit Haridas Rangari, Vishal Thakur
  • Patent number: 9148441
    Abstract: A computer-implemented method for adjusting suspiciousness scores in event-correlation graphs may include (1) detecting a suspicious event involving a first actor and a second actor within a computing system, (2) constructing an event-correlation graph that includes (i) a representation of the first actor, (ii) a representation of the suspicious event, and (iii) a representation of the second actor, and (3) adjusting a suspiciousness score associated with at least one representation in the event-correlation graph based at least in part on a suspiciousness score associated with at least one other representation in the event-correlation graph such that the adjusted suspiciousness score associated with the at least one representation is influenced by the suspicious event. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: September 29, 2015
    Assignee: Symantec Corporation
    Inventors: Acar Tamersoy, Kevin Roundy, Sandeep Bhatkar, Elias Khalil
  • Patent number: 9146748
    Abstract: The disclosed computer-implemented method for injecting drivers into computing systems during restore operations may include (1) identifying a restore operation directed to restoring a system volume on a computing system, (2) locating, at least in part by examining a hardware configuration of the computing system being restored, at least one driver utilized by the hardware configuration, (3) representing the system volume as an image to a deployment image servicing and management application, and (4) causing the deployment image servicing and management application to inject the driver into the computing system as part of the restore operation. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 23, 2014
    Date of Patent: September 29, 2015
    Assignee: Symantec Corporation
    Inventor: Manish Kumar