Patents by Inventor Andrey A. Kulaga

Andrey A. Kulaga has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11328061
    Abstract: Disclosed herein are systems and method for inspecting archived slices for malware. In one exemplary aspect, the method comprises mounting, to a disk, a first slice of a plurality of slices in a backup archive, wherein the first slice is an image of user data at a first time. The method further comprises detecting a modified block of the mounted, identifying at least one file in the mounted first slice that corresponds to the detected modified block, and scanning the at least one file for viruses and malicious software. In response to detecting that the at least one file is infected, the method comprises generating a cured slice that comprises the user data of the mounted first slice without the at least one file.
    Type: Grant
    Filed: February 24, 2020
    Date of Patent: May 10, 2022
    Assignee: Acronis International GmbH
    Inventors: Vladimir Strogov, Anatoly Stupak, Andrey Kulaga, Alexey Sergeev, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11327848
    Abstract: Disclosed herein are systems and methods for data remediation without data loss. In one exemplary aspect, the method comprises performing, at a first time, a first backup of a plurality of files on a file system of a computer system; tracking changes to any of the plurality of files on the file system after the first time; performing, at a second time, a second backup of the plurality of files on the file system; detecting, based on a scan of the second backup, an infection of the computer system caused by a malicious application; identifying, by the processor, a most recent backup of the file system that does not comprise the infection; in response to determining that the first backup is the most recent backup: restoring the first backup to the file system, and restoring a subset of files on the file system for which authorized changes.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: May 10, 2022
    Assignee: Acronis International GmbH
    Inventors: Oleg Ishanov, Vladimir Strogov, Igor Kornachev, Andrey Kulaga, Nikolay Grebennikov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20210406109
    Abstract: Aspects of the disclosure relate to the field of detecting a behavioral anomaly in an application. In one exemplary aspect, a method may comprise retrieving and identifying at least one key metric from historical usage information for an application on a computing device. The method may comprise generating a regression model configured to predict usage behavior associated with the application and generating a statistical model configured to identify outliers in the data associated with the at least one key metric. The method may comprise receiving usage information in real-time for the application. The method may comprise predicting, using the regression model, a usage pattern for the application indicating expected values of the at least one key metric. In response to determining that the usage information does not correspond to the predicted usage pattern and does not comprise a known outlier, the method may comprise detecting the behavioral anomaly.
    Type: Application
    Filed: February 22, 2021
    Publication date: December 30, 2021
    Inventors: Andrey Kulaga, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20210397697
    Abstract: Disclosed herein are systems and method for detecting passwords vulnerable to compromise. In one exemplary aspect, a method comprises identifying a plurality of files in at least one storage device of an organization. For each respective file in the plurality of files, in response to determining that the respective file type is in the database of vulnerable file types, the method comprises parsing text in the respective file and identifying, for the respective file, at least one demographic associated with the organization. The method further comprises retrieving dictionaries and expressions specific to the at least one demographic and determining the text in the respective file comprises a password using the retrieved dictionaries and expressions of the at least one demographic. In response to determining that the text comprises the password, the method comprises generating a security alert for an administrator of the storage device.
    Type: Application
    Filed: April 5, 2021
    Publication date: December 23, 2021
    Inventors: Andrey Kulaga, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20210397726
    Abstract: Disclosed herein are systems and methods for classifying organizational structure for implementing data protection policies. In one exemplary aspect, a method may comprise retrieving a plurality of data files of an organization, wherein the plurality of data files are stored in a data storage; retrieving structural information of the organization, the structural information comprising details of user accounts, organizational roles, and file metadata within the organization; classifying the structural information into an organization type of a plurality of organization types; classifying each respective data file of the plurality of data files into a respective topic of a plurality of topics, wherein the plurality of topics are associated with the organization type; generating a data protection policy for the organization based on each respective topic of the plurality of data files and the organization type; and executing the data protection policy on the data storage.
    Type: Application
    Filed: March 15, 2021
    Publication date: December 23, 2021
    Inventors: Andrey Kulaga, Stanislav Protasov, Serguei Beloussov, Nikolay Grebennikov
  • Publication number: 20210382705
    Abstract: Disclosed herein are systems and method for seamlessly migrating from an existing software to a new software. In one exemplary aspect, a method may comprise retrieving usage activity information of the existing software from the at least one computing device and identifying settings from the existing software to migrate. The method may further comprise converting, based on an internal database with metadata information about the new software, the settings in the existing software to corresponding settings in the new software, and determining, based on the usage activity information, a migration plan indicative of a sequence of tasks for installing the new software and removing the existing software such that a quality of service associated with accessing the plurality of features on the at least one computing device does not decrease to less than a threshold quality of service. The method may further comprise executing the migration plan.
    Type: Application
    Filed: May 18, 2021
    Publication date: December 9, 2021
    Inventors: Andrey Kulaga, Serguei Beloussov, Stanislav Protasov, Nikolay Grebennikov
  • Publication number: 20210200866
    Abstract: Disclosed herein are systems and method for inspecting archived slices for malware using empty spare files. In one exemplary aspect, the method comprises generating a backup slice and a virtual volume comprising a list of files in the backup slice and associated file information. The method comprises mounting the virtual volume to a disk. The method comprises creating, in the virtual volume, empty sparse files that are placeholders of the files reference in the list of files. The method comprises detecting a change between a respective empty sparse file and a corresponding file in a previous backup slice and accordingly storing the actual content of the file in the virtual volume in place of the respective empty sparse file. The method comprises scanning the virtual volume for malicious software and generating a cured slice that replaces the backup slice in the backup archive upon detection.
    Type: Application
    Filed: March 15, 2021
    Publication date: July 1, 2021
    Inventors: Vladimir Strogov, Anatoly Stupak, Andrey Kulaga, Alexey Sergeev, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20210019404
    Abstract: Disclosed herein are systems and method for inspecting archived slices for malware. In one exemplary aspect, the method comprises mounting, to a disk, a first slice of a plurality of slices in a backup archive, wherein the first slice is an image of user data at a first time. The method further comprises detecting a modified block of the mounted, identifying at least one file in the mounted first slice that corresponds to the detected modified block, and scanning the at least one file for viruses and malicious software. In response to detecting that the at least one file is infected, the method comprises generating a cured slice that comprises the user data of the mounted first slice without the at least one file.
    Type: Application
    Filed: February 24, 2020
    Publication date: January 21, 2021
    Inventors: Vladimir Strogov, Anatoly Stupak, Andrey Kulaga, Alexey Sergeev, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20210014243
    Abstract: Disclosed herein are systems and method for anti-virus scanning of backup data at a centralized storage. In an exemplary aspect, a method may receive, at the centralized storage, a backup slice from each respective computing device in a plurality of computing devices, wherein the centralized storage comprises, for each respective computing device, a respective backup archive including a plurality of backup slices. The method may mount the received backup slice as a virtual disk. The method may detect, for the respective computing device, a change between the mounted virtual disk and any number of previous backup slices and may evaluate the change against behavioral rules to identify malicious behavior. In response to determining that the change exhibits malicious behavior, the method may execute a remediation action to prevent an attack on the plurality of computing devices or the centralized storage.
    Type: Application
    Filed: June 22, 2020
    Publication date: January 14, 2021
    Inventors: Andrey Kulaga, Vladimir Strogov, Sergey Ulasen, Oleg Ishanov, Igor Kornachev, Nikolay Grebennikov, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20200379853
    Abstract: Disclosed herein are systems and method for preventing malware reoccurrence when restoring a computing device using a backup image. In one exemplary aspect, a method may identify, from a plurality of backup images for a computing device, a backup image that was created most recently before the computing device was compromised. The method may mount the backup image as a disk and scanning the disk for malicious software. The method may disable all ports and services on the computing device to prevent unauthorized network connections and service launches. The method may restore data to the computing device from the mounted disk. The method may update software on the computing device and applying latest patches, and reopen the ports and restart the services on the computing device subsequent to updating the software and applying the latest patches.
    Type: Application
    Filed: June 1, 2020
    Publication date: December 3, 2020
    Inventors: Serguei Beloussov, Oleg Ishanov, Vladimir Strogov, Andrey Kulaga, Igor Kornachev, Alexey Sergeev, Anton Enakiev, Stanislav Protasov
  • Publication number: 20200319979
    Abstract: Disclosed herein are systems and method for restoring a clean backup after a malware attack. In one aspect, a method forms a list of files that are of a plurality of designated file types that can be infected by malicious software. The method performs one or more snapshots of the files according to a predetermined schedule over a predetermined period of time and performs one or more backups. The method determines that a malware attack is being carried out on the computing device and generates a list of dangerous objects that spread the malware attack. The method compares the list of dangerous objects with the one or more snapshots to determine when the malware attack occurred. The method identifies a clean backup that was created most recently before the malware attack as compared to other backups and recovers data for the computing device from the clean backup.
    Type: Application
    Filed: April 2, 2020
    Publication date: October 8, 2020
    Inventors: Andrey Kulaga, Oleg lshanov, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20200311270
    Abstract: Disclosed herein are systems and method for scanning objects of a computing device, by an anti-malware, using a white list created for an organization based on data of the organization. In one aspect, an exemplary method comprises obtaining one or more objects of the organization from the computing device, and for each obtained object of the one or more objects, computing a hash value of the obtained object, determining whether the obtained object is whitelisted, and scanning the obtained object based on whether the obtained object is whitelisted, wherein the whitelist is created based on scanning of objects stored in archives of the organization, and the obtained object is determined as being whitelisted when the computed hash value of the obtained object matches a hash value of an object in a whitelist created for the organization.
    Type: Application
    Filed: March 26, 2020
    Publication date: October 1, 2020
    Inventors: Dmitry Gryaznov, Oleg Ishanov, Vladimir Strogov, Andrey Kulaga, Igor Kornachev, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20200274895
    Abstract: Systems and methods for remediating vulnerabilities on a plurality of computing devices is disclosed herein. In one exemplary aspect, a method comprises classifying monitored data into a plurality of categories using a machine learning algorithm. For each respective data file of the monitored data, the method comprises retrieving one or more policies associated with a classified category of the respective data file and determining whether respective data file complies with the one or more policies. The method further comprises generating a compliance map based on compliance with policies for each respective data file of the monitored data, wherein the compliance map indicates vulnerabilities in the plurality of computing devices, determining whether the vulnerabilities are actionable, and in response to determining the vulnerabilities are actionable, requesting actions to be performed on the plurality of devices to remediate the vulnerabilities and non-compliance.
    Type: Application
    Filed: January 21, 2020
    Publication date: August 27, 2020
    Inventors: Andrey Kulaga, Vladimir Strogov, Oleg lshanov, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20200192769
    Abstract: Disclosed herein are systems and methods for data remediation without data loss. In one exemplary aspect, the method comprises performing, at a first time, a first backup of a plurality of files on a file system of a computer system; tracking changes to any of the plurality of files on the file system after the first time; performing, at a second time, a second backup of the plurality of files on the file system; detecting, based on a scan of the second backup, an infection of the computer system caused by a malicious application; identifying, by the processor, a most recent backup of the file system that does not comprise the infection; in response to determining that the first backup is the most recent backup: restoring the first backup to the file system, and restoring a subset of files on the file system for which authorized changes.
    Type: Application
    Filed: December 18, 2019
    Publication date: June 18, 2020
    Inventors: Oleg Ishanov, Vladimir Strogov, Igor Kornachev, Andrey Kulaga, Nikolay Grebennikov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 9497223
    Abstract: Method and system for configuration of a computer system according to security policies. The configuration of an employee's personal computer system according to the security policies of the corporate network provides for security of access to the corporate network. Configuration change instructions are generated according to the security policy and applied to the configuration of the computer system. The configuration system includes at least one computer system used to access a corporate network, a policy application module configured to determine configuration parameters of the computer system and to pass the configuration data to an instruction forming module. The computer system is configured according to the selected security policy by execution of at least one configuration change instruction. The configuration system also includes a database of security policies.
    Type: Grant
    Filed: September 20, 2014
    Date of Patent: November 15, 2016
    Assignee: Kaspersky Lab, ZAO
    Inventors: Andrey A. Kulaga, Andrey A. Pravdivy, Denis A. Minchenko
  • Patent number: 9355224
    Abstract: A system for a dynamic adjustment of expiration date of an authorization key, the system comprising: a security product that will be installed on a predetermined number of computers. The administration key allows a use of the software product on the predetermined number of computers during a predetermined period of time. The plurality of authorization units purchased from a vendor that are the smallest increments of time that a duration period of the authorization key is measured in. The expiration date for all the computers can be updated at any time, depending on the number of computers on which the software is installed at any given time. The administration server determines a beginning and an ending date of a functionality of the authorization key for the security product. The data base receives and stores the beginning and the ending date of the functionality of the authorization key for the security product.
    Type: Grant
    Filed: May 16, 2008
    Date of Patent: May 31, 2016
    Assignee: Kaspersky Lab, ZAO
    Inventors: Stephane Le Hir, Philippe Bodemer, Damiem M. Billy, Andrey A. Kulaga, Alexey Y. Kalgin, Andrey V. Kazachkov, Damir R. Shiyafetdinov
  • Publication number: 20160088018
    Abstract: Method and system for configuration of a computer system according to security policies. The configuration of an employee's personal computer system according to the security policies of the corporate network provides for security of access to the corporate network. Configuration change instructions are generated according to the security policy and applied to the configuration of the computer system. The configuration system includes at least one computer system used to access a corporate network, a policy application module configured to determine configuration parameters of the computer system and to pass the configuration data to an instruction forming module. The computer system is configured according to the selected security policy by execution of at least one configuration change instruction. The configuration system also includes a database of security policies.
    Type: Application
    Filed: September 20, 2014
    Publication date: March 24, 2016
    Inventors: Andrey A. Kulaga, Andrey A. Pravdivy, Denis A. Minchenko
  • Publication number: 20150163239
    Abstract: Disclosed are systems and methods for valuating compliance of computer resources, including valuating compliance of a hardware or software resource of a computer system with requirements for the computer system; valuating compliance of one or more objects of interest associated with the hardware or software resource with requirements for the objects of interest; and valuating overall compliance of the hardware or software resource based on the compliance of said hardware or software resource with the requirements for the computer system and the compliance of the one or more objects of interest associated with said hardware or software resource with the requirements for the objects of interest.
    Type: Application
    Filed: March 5, 2014
    Publication date: June 11, 2015
    Applicant: KASPERSKY LAB ZAO
    Inventors: Andrey A. Agapov, Andrey A. Kulaga, Stanislav S. Alexeev
  • Patent number: 9038131
    Abstract: Disclosed are systems and methods for valuating compliance of computer resources, including valuating compliance of a hardware or software resource of a computer system with requirements for the computer system; valuating compliance of one or more objects of interest associated with the hardware or software resource with requirements for the objects of interest; and valuating overall compliance of the hardware or software resource based on the compliance of said hardware or software resource with the requirements for the computer system and the compliance of the one or more objects of interest associated with said hardware or software resource with the requirements for the objects of interest.
    Type: Grant
    Filed: March 5, 2014
    Date of Patent: May 19, 2015
    Assignee: Kaspersky Lab ZAO
    Inventors: Andrey A. Agapov, Andrey A. Kulaga, Stanislav S. Alexeev
  • Patent number: 8856774
    Abstract: A system and method for testing and optimization of updates. An update is received by a test module, which selects a testing environment and determines a testing period. The test module tests the update in the testing environment and provides the test results to an analyzer module. The analyzer module determines the feasibility of the update installation based on a set of feasibility rules. If the update is deemed feasible, the update is added to the list of the updates for installation and provided to an installation module for installation on computer systems.
    Type: Grant
    Filed: January 20, 2014
    Date of Patent: October 7, 2014
    Assignee: Kaspersky Lab, ZAO
    Inventors: Andrey A. Kulaga, Andrey V. Lashchenkov, Andrey V. Kazachkov