Abstract: Methods and apparatuses for automatic treatment planning, including recommendation systems, quality assurance, error prevention, text mining, text matching, and treatment planning optimization.

Abstract: Methods and apparatuses for automatic treatment planning, including recommendation systems, quality assurance, error prevention, text mining, text matching, and treatment planning optimization.

Abstract: A method for emulating execution of a file includes emulating execution of the instructions of a file on a virtual processor of an emulator. The execution of the instructions is halted in response to an invocation of an API function. A determination is made whether the invoked API function is present in the updatable modules of the emulator. The updatable modules contain implementation of API functions. In response to determining that the invoked API function is present in the updatable modules, execution of the invoked API function is emulated according to corresponding implementation contained in the updatable modules. Otherwise, result of execution of the invoked API function is generated by executing a corresponding virtual API function on a processor of a computing device.

Abstract: Methods and apparatuses for asynchronously identifying and modeling a gingiva strip from the three-dimensional (3D) dental model of the patient's dentition. These methods may reduce the time required to generate accurate 3D dental models and therefore may reduce and streamline the process of generating dental treatment plans.

Abstract: Methods and apparatuses for adjusting three-dimensional (3D) dental model data of a patient's dentition to detect and remove one or more attachments on a dental structure (e.g., tooth) of the patient's dentition. These methods and apparatuses may be used for generating treatment plans for treating the patient's teeth, including for more accurately and efficiently aligning the patient's teeth.

Abstract: Methods and apparatuses for adjusting three-dimensional (3D) dental model data of a patient's dentition to detect and remove one or more attachments on a dental structure (e.g., tooth) of the patient's dentition by asynchronously allowing user to approve and/or modify the identified attachments. These methods may reduce the time required to generate accurate 3D dental models and therefore may reduce and streamline the process of generating dental treatment plans.

Abstract: Disclosed herein are systems and methods for forming a log during an execution of a file with vulnerabilities. In one aspect, an exemplary method comprises, discovering an activation of a trigger during an execution of a thread of a process created upon opening the file, wherein the trigger describes conditions accompanying an event which relates to an attempt to exploit a vulnerability of the file, analyzing a stack of the process created upon opening the file, and discovering a chain of function calls preceding the event in a form of a sequence of call and return addresses, analyzing the discovered chain of function calls for fulfillment of conditions of the trigger which relate to the attempt to exploit the vulnerability, and when the conditions of the trigger are fulfilled, saving information about the chain of function calls in a log.

Abstract: Disclosed herein are systems and methods of categorizing a .NET application. In one aspect, an exemplary method comprises, by a hardware processor of a security module, launching a CLR profiler upon launching of the .NET application, forming an execution log of the .NET application and adding information about events occurring during the execution of the .NET application via the launched CLR profiler, assigning to the .NET application, a category of a predetermined list of categories based on an analysis of the execution log of the .NET application, and determining whether the .NET application is categorized as being a malicious application.

Abstract: A method for emulating execution of a file includes emulating execution of the instructions of a file on a virtual processor of an emulator. The execution of the instructions is halted in response to an invocation of an API function. A determination is made whether the invoked API function is present in the updatable modules of the emulator. The updatable modules contain implementation of API functions. In response to determining that the invoked API function is present in the updatable modules, execution of the invoked API function is emulated according to corresponding implementation contained in the updatable modules. Otherwise, result of execution of the invoked API function is generated by executing a corresponding virtual API function on a processor of a computing device.

Abstract: Disclosed is a method for analyzing a log for conducting an antivirus scan of a file. The method includes opening a file in a virtual machine. The opening of the file includes execution of a guest process having a thread in a virtual processor of the virtual machine. A plurality of events in the thread of the guest process is intercepted. Registers associated with a system call made during execution of the first thread of the guest process are determined. Execution of the thread of the guest process is halted. In a log associated with the opening of the file, information is saved indicating events intercepted during execution of the thread in an altered guest physical memory page, and context data of the virtual processor. Using at least one template having rules, the saved log is analyzed to determine whether the file opened in the virtual machine is harmful.

Abstract: Methods and apparatuses for automatic treatment planning, including recommendation systems, quality assurance, error prevention, text mining, text matching, and treatment planning optimization.

Abstract: Disclosed herein are systems and methods for forming a log during an execution of a file with vulnerabilities. In one aspect, an exemplary method comprises, discovering an activation of a trigger during an execution of a thread of a process created upon opening the file, wherein the trigger describes conditions accompanying an event which relates to an attempt to exploit a vulnerability of the file, analyzing a stack of the process created upon opening the file, and discovering a chain of function calls preceding the event in a form of a sequence of call and return addresses, analyzing the discovered chain of function calls for fulfillment of conditions of the trigger which relate to the attempt to exploit the vulnerability, and when the conditions of the trigger are fulfilled, saving information about the chain of function calls in a log.

Abstract: Disclosed are systems and methods for analysis of files for maliciousness and determining an action. An exemplary method comprises: opening a file, by a processor, in a virtual machine, intercepting an event arising in an execution of a thread of a process created upon opening of the file, determining, a context of the processor on which the thread is being executed, the determination including reading register values of the processor and a stack, comparing the context with rules that check: a behavior of the thread of the process, a changing, by the thread, of attributes of the file, and an access of the thread to the Internet, and based on a result of the comparison, performing at least one of: recognizing the file as being malicious, halting the execution of the thread, changing the context of the processor, and waiting for a next intercepted event.

Abstract: Disclosed is a method for analyzing a log for conducting an antivirus scan of a file. The method includes opening a file in a virtual machine. The opening of the file includes execution of a guest process having a thread in a virtual processor of the virtual machine. A plurality of events in the thread of the guest process is intercepted. Registers associated with a system call made during execution of the first thread of the guest process are determined. Execution of the thread of the guest process is halted. In a log associated with the opening of the file, information is saved indicating events intercepted during execution of the thread in an altered guest physical memory page, and context data of the virtual processor. Using at least one template having rules, the saved log is analyzed to determine whether the file opened in the virtual machine is harmful.

Abstract: Disclosed are systems and methods for execution of program code by an interpreter. One exemplary method comprises: generating intermediate instructions based on a unified grammar from instructions of the program code, beginning execution of the intermediate instructions in an emulated computer environment, in response to detecting an instruction of the program code associated with an object for which a rule of interpretation is not found, halting further execution of the intermediate instructions, obtaining an auxiliary code corresponding to the object, wherein a result of execution of the auxiliary code corresponds to the result of the execution of the object, and wherein the auxiliary code contains objects for which the interpreter has a rule of interpretation, executing the instructions of the auxiliary code; and after completion of the execution of the auxiliary code, resuming the execution of the intermediate instructions.

Abstract: Disclosed are systems and methods for generating a log for conducting an antivirus scan of a file. The described technique includes opening a file in a virtual machine, which causes execution of a guest process and a thread in a (virtual) processor of the virtual machine. The technique includes identifying, during execution of the first thread, events that involve alteration of guest physical memory pages of the virtual machine. The technique determines altered guest physical memory page based on analysis of the log and identifies when a transfer of control to altered guest physical memory pages has occurred. The resultant log for analysis by a security application includes information indicating the events occurring during execution of the thread in the altered guest physical memory page, and context data of the virtual processor on which the thread is being executed.

Abstract: Disclosed are systems and methods for analysis of files for maliciousness and determining an action. An exemplary method comprises: opening a file, by a processor, in a virtual machine, intercepting an event arising in an execution of a thread of a process created upon opening of the file, determining, a context of the processor on which the thread is being executed, the determination including reading register values of the processor and a stack, comparing the context with rules that check: a behavior of the thread of the process, a changing, by the thread, of attributes of the file, and an access of the thread to the Internet, and based on a result of the comparison, performing at least one of: recognizing the file as being malicious, halting the execution of the thread, changing the context of the processor, and waiting for a next intercepted event.

Abstract: Disclosed are system and method for controlling execution of a computer program. An example method includes determining whether code instructions or data of interest are found in a portion of a page in an original virtual address space, when the code instructions or data are found in the portion of the page of a first type, tagging it as non-executable and tagging the portion of no interest as executable, when the code instructions or data are found in the portion of the second type, tagging it using an opcode and tagging the portion of no interest as executable, when the code instructions or data are found in the portion of the first type, duplicating the original virtual address space and tagging the portion of interest as executable and tagging the portion of no interest as non-executable and transferring execution of the computer program to a memory location other than the one in which a notification was received.

Abstract: Disclosed herein are systems and methods of categorizing a .NET application. In one aspect, an exemplary method comprises, by a hardware processor of a security module, launching a CLR profiler upon launching of the .NET application, forming an execution log of the .NET application and adding information about events occurring during the execution of the .NET application via the launched CLR profiler, assigning to the .NET application, a category of a predetermined list of categories based on an analysis of the execution log of the .NET application, and determining whether the .NET application is categorized as being a malicious application.

Abstract: Disclosed are systems and methods for execution of program code by an interpreter. One exemplary method comprises: generating intermediate instructions based on a unified grammar from instructions of the program code, beginning execution of the intermediate instructions in an emulated computer environment, in response to detecting an instruction of the program code associated with an object for which a rule of interpretation is not found, halting further execution of the intermediate instructions, obtaining an auxiliary code corresponding to the object, wherein a result of execution of the auxiliary code corresponds to the result of the execution of the object, and wherein the auxiliary code contains objects for which the interpreter has a rule of interpretation, executing the instructions of the auxiliary code; and after completion of the execution of the auxiliary code, resuming the execution of the intermediate instructions.