Patents by Inventor Joel R. Spurlock

Joel R. Spurlock has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11989293
    Abstract: Systems, methods, and media for identifying and responding to malicious files having similar features are provided. More particularly, in some embodiments, systems for identifying and responding to malicious files having similar features are provided, the systems comprising: a memory; and a hardware processor coupled to the memory and configured to: receive feature information extracted from a file, wherein the feature information includes at least two of static feature information, environmental feature information, and behavioral feature information; create clusters based on the feature information; determine if a file corresponding to one of the clusters is malicious; and report to a plurality of endpoints that other files corresponding to the one of the clusters is malicious.
    Type: Grant
    Filed: March 8, 2021
    Date of Patent: May 21, 2024
    Assignee: McAfee, LLC
    Inventors: Joel R. Spurlock, Leonardo Frittelli
  • Patent number: 11941119
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.
    Type: Grant
    Filed: October 6, 2020
    Date of Patent: March 26, 2024
    Assignee: McAfee, LLC
    Inventors: Craig D. Schmugar, Cedric Cochin, Andrew Furtak, Adam James Carrivick, Yury Bulygin, John J. Loucaides, Oleksander Bazhaniuk, Christiaan Beek, Carl D. Woodward, Ronald Gallella, Gregory Michael Heitzmann, Joel R. Spurlock
  • Patent number: 11870793
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify a process running on the electronic device, assign a reputation to the process if the process has a known reputation, determine if the process includes executable code, determine a reputation for the executable code, and combine the reputation for the executable code with the reputation assigned to the process to create a new reputation for the process.
    Type: Grant
    Filed: September 30, 2020
    Date of Patent: January 9, 2024
    Assignee: McAfee, LLC
    Inventor: Joel R. Spurlock
  • Patent number: 11399033
    Abstract: There is disclosed in one example an advertisement reputation server, including: a hardware platform including a processor and a memory; a network interface; and an advertisement reputation engine including instructions encoded in memory to instruct the processor to: receive via the network interface a plurality of advertisement instances displayed on client devices; extract from the advertisement instances an advertiser identifier; analyze one or more advertisements associated with the advertiser identifier to assign an advertiser reputation; and publish via the network interface advertisement reputation information derived from the reputation for the advertisement identifier.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: July 26, 2022
    Assignee: McAfee, LLC
    Inventors: Joel R. Spurlock, Nikhil Meshram, Prashanth Palasamudram Ramagopal, Daniel L. Burke
  • Patent number: 11379583
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to analyze data related to a digital certificate and assign a reputation to the digital certificate, where the reputation includes an indication if the data is proper. The analysis of the data can include determining if code signing for the digital certificate matches binary code for the digital certificate, if the digital certificate has been grafted to the data by modifying a portable executable file header, or the digital certificate is the same as another trusted digital certificate associated with different data.
    Type: Grant
    Filed: March 30, 2020
    Date of Patent: July 5, 2022
    Assignee: McAfee, LLC
    Inventors: Joel R. Spurlock, Ramnath Venugopalan
  • Patent number: 11238154
    Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; and instructions encoded within the memory to instruct the processor to provide a security agent to: identify a malicious process; construct a genealogical process tree of the malicious process, the genealogical process tree including both vertical direct inheritance and horizontal indirect inheritance relationships; and terminate the malicious process and at least some related processes in the genealogical process tree.
    Type: Grant
    Filed: July 5, 2019
    Date of Patent: February 1, 2022
    Assignee: McAfee, LLC
    Inventors: Jonathan L. Edwards, Saurabh Gautam, Dhananjay Kumar, Joel R. Spurlock
  • Publication number: 20210374240
    Abstract: Systems, methods, and media for identifying and responding to malicious files having similar features are provided. More particularly, in some embodiments, systems for identifying and responding to malicious files having similar features are provided, the systems comprising: a memory; and a hardware processor coupled to the memory and configured to: receive feature information extracted from a file, wherein the feature information includes at least two of static feature information, environmental feature information, and behavioral feature information; create clusters based on the feature information; determine if a file corresponding to one of the clusters is malicious; and report to a plurality of endpoints that other files corresponding to the one of the clusters is malicious.
    Type: Application
    Filed: March 8, 2021
    Publication date: December 2, 2021
    Inventors: Joel R. Spurlock, Leonardo Frittelli
  • Patent number: 11063974
    Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.
    Type: Grant
    Filed: October 31, 2019
    Date of Patent: July 13, 2021
    Assignee: McAfee, LLC
    Inventors: Cedric Cochin, John D. Teddy, Ofir Arkin, James Bean, Joel R. Spurlock, Carl Woodward
  • Patent number: 11049039
    Abstract: Disclosed herein are cloud-based machine learning systems and methods for monitoring networked devices to identify and classify characteristics, to infer typical or atypical behavior and assign reputation profiles across various networked devices, and to make remediation recommendations. In some embodiments, a cloud-based machine learning system may learn the typical operation and interfacing of a plurality of reputable devices that are known to be free from malicious software and other threats. In some embodiments, a cloud-based machine learning system may learn the typical operation and interfacing of a device, and may identify atypical operations or interfaces associated with that device by comparing the operations and interfaces to those of a plurality of networked devices or to those of a defined standard reference device.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: June 29, 2021
    Assignee: McAfee, LLC
    Inventors: Vincent J. Zimmer, Joel R. Spurlock, Ramnath Venugopalan, Ned M. Smith, Igor G. Muttik, Rajesh Poornachandran
  • Patent number: 11032266
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: June 8, 2021
    Assignee: McAfee, LLC
    Inventors: James Bean, Joel R. Spurlock, Cedric Cochin, Aditya Kapoor, Ramnath Venugopalan
  • Publication number: 20210029150
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify a process running on the electronic device, assign a reputation to the process if the process has a known reputation, determine if the process includes executable code, determine a reputation for the executable code, and combine the reputation for the executable code with the reputation assigned to the process to create a new reputation for the process.
    Type: Application
    Filed: September 30, 2020
    Publication date: January 28, 2021
    Applicant: McAfee, LLC
    Inventor: Joel R. Spurlock
  • Publication number: 20210019411
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.
    Type: Application
    Filed: October 6, 2020
    Publication date: January 21, 2021
    Applicant: McAfee, LLC
    Inventors: Craig D. Schmugar, Cedric Cochin, Andrew Furtak, Adam James Carrivick, Yury Bulygin, John J. Loucaides, Oleksander Bazhaniuk, Christiaan Beek, Carl D. Woodward, Ronald Gallella, Gregory Michael Heitzmann, Joel R. Spurlock
  • Publication number: 20210004458
    Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; and instructions encoded within the memory to instruct the processor to provide a security agent to: identify a malicious process; construct a genealogical process tree of the malicious process, the genealogical process tree including both vertical direct inheritance and horizontal indirect inheritance relationships; and terminate the malicious process and at least some related processes in the genealogical process tree.
    Type: Application
    Filed: July 5, 2019
    Publication date: January 7, 2021
    Inventors: Jonathan L. Edwards, Saurabh Gautam, Dhananjay Kumar, Joel R. Spurlock
  • Publication number: 20200412744
    Abstract: There is disclosed in one example an advertisement reputation server, including: a hardware platform including a processor and a memory; a network interface; and an advertisement reputation engine including instructions encoded in memory to instruct the processor to: receive via the network interface a plurality of advertisement instances displayed on client devices; extract from the advertisement instances an advertiser identifier; analyze one or more advertisements associated with the advertiser identifier to assign an advertiser reputation; and publish via the network interface advertisement reputation information derived from the reputation for the advertisement identifier.
    Type: Application
    Filed: June 25, 2019
    Publication date: December 31, 2020
    Applicant: McAfee, LLC
    Inventors: Joel R. Spurlock, Nikhil Meshram, Prashanth Palasamudram Ramagopal, Daniel L. Burke
  • Patent number: 10834109
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify a process running on the electronic device, assign a reputation to the process if the process has a known reputation, determine if the process includes executable code, determine a reputation for the executable code, and combine the reputation for the executable code with the reputation assigned to the process to create a new reputation for the process.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: November 10, 2020
    Assignee: McAfee, LLC
    Inventor: Joel R. Spurlock
  • Patent number: 10831893
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.
    Type: Grant
    Filed: July 14, 2016
    Date of Patent: November 10, 2020
    Assignee: McAfee, LLC
    Inventors: Craig D. Schmugar, Cedric Cochin, Andrew Furtak, Adam James Carrivick, Yury Bulygin, John J. Loucaides, Oleksander Bazhaniuk, Christiaan Beek, Carl D. Woodward, Ronald Gallella, Gregory Michael Heitzmann, Joel R. Spurlock
  • Publication number: 20200272733
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to analyze data related to a digital certificate and assign a reputation to the digital certificate, where the reputation includes an indication if the data is proper. The analysis of the data can include determining if code signing for the digital certificate matches binary code for the digital certificate, if the digital certificate has been grafted to the data by modifying a portable executable file header, or the digital certificate is the same as another trusted digital certificate associated with different data.
    Type: Application
    Filed: March 30, 2020
    Publication date: August 27, 2020
    Applicant: McAfee, LLC
    Inventors: Joel R. Spurlock, Ramnath Venugopalan
  • Patent number: 10642976
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to analyze data related to a digital certificate and assign a reputation to the digital certificate, where the reputation includes an indication if the data is proper. The analysis of the data can include determining if code signing for the digital certificate matches binary code for the digital certificate, if the digital certificate has been grafted to the data by modifying a portable executable file header, or the digital certificate is the same as another trusted digital certificate associated with different data.
    Type: Grant
    Filed: June 27, 2015
    Date of Patent: May 5, 2020
    Assignee: McAfee, LLC
    Inventors: Joel R. Spurlock, Ramnath Venugopalan
  • Publication number: 20200117802
    Abstract: Systems, methods, and media for identifying and responding to malicious files having similar features are provided. More particularly, in some embodiments, systems for identifying and responding to malicious files having similar features are provided, the systems comprising: a memory; and a hardware processor coupled to the memory and configured to: receive feature information extracted from a file, wherein the feature information includes at least two of static feature information, environmental feature information, and behavioral feature information; create clusters based on the feature information; determine if a file corresponding to one of the clusters is malicious; and report to a plurality of endpoints that other files corresponding to the one of the clusters is malicious.
    Type: Application
    Filed: March 29, 2019
    Publication date: April 16, 2020
    Inventors: Joel R. Spurlock, Leonardo Frittelli
  • Patent number: 10579544
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a request from a process to access data is a system, determine if the data is in a virtualized protected area of memory in the system, and allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process. The electronic device can also be configured to determine if new data should be protected, store the new data in the virtualized protected area of memory in the system if the new data should be protected, and store the new data in an unprotected area of memory in the system if the new data should not be protected.
    Type: Grant
    Filed: December 12, 2018
    Date of Patent: March 3, 2020
    Assignee: McAfee, LLC
    Inventors: Joel R. Spurlock, Zheng Zhang, Aditya Kapoor, Jonathan L. Edwards, Khai N. Pham