Patents by Inventor John D. Teddy
John D. Teddy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11270015Abstract: A request is received from a security tool, the request relating to an event involving data records in a storage device. An application programming interface (API) is used to interface with secure storage functionality of the storage device, the secure storage functionality enabling a set of secure storage operations. A security operation is caused to be performed at the storage device involving the data records based at least in part on the request. In one aspect, the set of secure storage operations can include a direct read operation, a direct write operation, a copy-on-write operation, and a save-attempted-write operation.Type: GrantFiled: July 10, 2019Date of Patent: March 8, 2022Assignee: McAfee, LLCInventors: Atul Kabra, Michael Hughes, John D. Teddy
-
Patent number: 11063974Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.Type: GrantFiled: October 31, 2019Date of Patent: July 13, 2021Assignee: McAfee, LLCInventors: Cedric Cochin, John D. Teddy, Ofir Arkin, James Bean, Joel R. Spurlock, Carl Woodward
-
Patent number: 10834124Abstract: An opportunity to assist with remediation of a file at a remote particular host device is identified. One or more remediation techniques are identified that can be applied to assist with remediation of the file at the particular host device. In one aspect, one or more remediation scripts are identified from a plurality of remediation scripts for remediation of the file and provided to the particular host device for execution on the particular host device. In another aspect, a remediation tool is identified and launched on a computing device remote from the particular host device with operations of the remediation tool applied to resources of the particular host device. In another aspect, at least a portion of the remediation techniques are remotely initiated to be performed locally at the particular host device.Type: GrantFiled: January 30, 2019Date of Patent: November 10, 2020Assignee: McAfee, LLCInventors: John D. Teddy, James Douglas Bean, Gregory William Dalcher, Jeff Hetzler
-
Publication number: 20200067960Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.Type: ApplicationFiled: October 31, 2019Publication date: February 27, 2020Inventors: Cedric Cochin, John D. Teddy, Ofir Arkin, James Bean, Joel R. Spurlock, Carl Woodward
-
Patent number: 10476899Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.Type: GrantFiled: September 25, 2015Date of Patent: November 12, 2019Assignee: McAfee, LLCInventors: Cedric Cochin, John D. Teddy, Ofir Arkin, James Bean, Joel R. Spurlock, Carl Woodward
-
Publication number: 20190332794Abstract: A request is received from a security tool, the request relating to an event involving data records in a storage device. An application programming interface (API) is used to interface with secure storage functionality of the storage device, the secure storage functionality enabling a set of secure storage operations. A security operation is caused to be performed at the storage device involving the data records based at least in part on the request. In one aspect, the set of secure storage operations can include a direct read operation, a direct write operation, a copy-on-write operation, and a save-attempted-write operation.Type: ApplicationFiled: July 10, 2019Publication date: October 31, 2019Applicant: McAfee, LLCInventors: Atul Kabra, Michael Hughes, John D. Teddy
-
Publication number: 20190166136Abstract: An opportunity to assist with remediation of a file at a remote particular host device is identified. One or more remediation techniques are identified that can be applied to assist with remediation of the file at the particular host device. In one aspect, one or more remediation scripts are identified from a plurality of remediation scripts for remediation of the file and provided to the particular host device for execution on the particular host device. In another aspect, a remediation tool is identified and launched on a computing device remote from the particular host device with operations of the remediation tool applied to resources of the particular host device. In another aspect, at least a portion of the remediation techniques are remotely initiated to be performed locally at the particular host device.Type: ApplicationFiled: January 30, 2019Publication date: May 30, 2019Applicant: McAfee, LLCInventors: John D. Teddy, James Douglas Bean, Gregory William Dalcher, Jeff Hetzler
-
Patent number: 10205744Abstract: An opportunity to assist with remediation of a file at a remote particular host device is identified. One or more remediation techniques are identified that can be applied to assist with remediation of the file at the particular host device. In one aspect, one or more remediation scripts are identified from a plurality of remediation scripts for remediation of the file and provided to the particular host device for execution on the particular host device. In another aspect, a remediation tool is identified and launched on a computing device remote from the particular host device with operations of the remediation tool applied to resources of the particular host device. In another aspect, at least a portion of the remediation techniques are remotely initiated to be performed locally at the particular host device.Type: GrantFiled: May 25, 2017Date of Patent: February 12, 2019Assignee: McAfee, LLCInventors: John D. Teddy, James Douglas Bean, Gregory William Dalcher, Jeff Hetzler
-
Patent number: 10083295Abstract: Particular embodiments described herein provide for an electronic device that can be configured to acquire a plurality of reputations related to an object and combine the plurality of reputations to create a total reputation for the object. The object can include a plurality of sub-objects and each of the plurality of reputations can correspond to one of the sub-objects.Type: GrantFiled: December 23, 2014Date of Patent: September 25, 2018Assignee: McAfee, LLCInventors: Joel R. Spurlock, John D. Teddy
-
Patent number: 10043003Abstract: Particular embodiments described herein provide for an electronic device that can be configured to acquire a plurality of reputations related to an object and combine the plurality of reputations to create a total reputation for the object. The object can include a plurality of sub-objects and each of the plurality of reputations can correspond to one of the sub-objects.Type: GrantFiled: December 23, 2014Date of Patent: August 7, 2018Assignee: McAfee, LLCInventors: Joel R. Spurlock, John D. Teddy
-
Publication number: 20180083983Abstract: An opportunity to assist with remediation of a file at a remote particular host device is identified. One or more remediation techniques are identified that can be applied to assist with remediation of the file at the particular host device. In one aspect, one or more remediation scripts are identified from a plurality of remediation scripts for remediation of the file and provided to the particular host device for execution on the particular host device. In another aspect, a remediation tool is identified and launched on a computing device remote from the particular host device with operations of the remediation tool applied to resources of the particular host device. In another aspect, at least a portion of the remediation techniques are remotely initiated to be performed locally at the particular host device.Type: ApplicationFiled: May 25, 2017Publication date: March 22, 2018Applicant: McAfee, LLCInventors: John D. Teddy, James Douglas Bean, Gregory William Dalcher, Jeff Hetzler
-
Patent number: 9769186Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor network traffic to and from a device, compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, and take remedial action if the monitored traffic is outside the characteristics of the device.Type: GrantFiled: December 23, 2014Date of Patent: September 19, 2017Assignee: McAfee, Inc.Inventors: John D. Teddy, Ramnath Venugopalan, Cedric Cochin, Joel R. Spurlock
-
Patent number: 9723006Abstract: There is disclosed in an example a computing apparatus, including: a process deprivilging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request directed to a first resource; determining that the first resource is not owned by the process; and at least partially blocking access to the first resource. There is further disclosed a method of providing the process deprivileging engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the process deprivileging engine.Type: GrantFiled: June 27, 2015Date of Patent: August 1, 2017Assignee: McAfee, Inc.Inventors: Zheng Zhang, John D. Teddy, Craig D. Schmugar, Erdem Aktas, Clint R. Merrill, Kunal Mehta
-
Publication number: 20170093897Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.Type: ApplicationFiled: September 25, 2015Publication date: March 30, 2017Inventors: Cedric Cochin, John D. Teddy, Ofir Arkin, James Bean, Joel R. Spurlock, Carl Woodward
-
Publication number: 20170061164Abstract: In an example, there is disclosed a system and method for a two-device scrambled display. A first device displays content in a scrambled form. A second device acts as an interpreter, including an input driver for receiving a scrambled input; an output driver for displaying an organically perceptible output; and one or more logic elements comprising a unscrambling engine operable for: receiving an input on the input driver; detecting that at least a portion of the input is scrambled; unscrambling the scrambled portion of the input; and outputting an unscrambled analog of the scrambled input via the output driver.Type: ApplicationFiled: June 27, 2015Publication date: March 2, 2017Applicant: McAfee, Inc.Inventors: Craig D. Schmugar, Clint R. Merrill, Erdem Aktas, James Bean, Cedric Cochin, John D. Teddy
-
Publication number: 20160381024Abstract: There is disclosed in an example a computing apparatus, including: a process deprivilging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request directed to a first resource;determining that the first resource is not owned by the process; and at least partially blocking access to the first resource. There is further disclosed a method of providing the process deprivileging engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the process deprivileging engine.Type: ApplicationFiled: June 27, 2015Publication date: December 29, 2016Inventors: Zheng Zhang, John D. Teddy, Craig D. Schmugar, Erdem Aktas, Clint R. Merrill, Kunal Mehta
-
Publication number: 20160180084Abstract: Particular embodiments described herein provide for an electronic device that can be configured to acquire a plurality of reputations related to an object and combine the plurality of reputations to create a total reputation for the object. The object can include a plurality of sub-objects and each of the plurality of reputations can correspond to one of the sub-objects.Type: ApplicationFiled: December 23, 2014Publication date: June 23, 2016Inventors: Joel R. Spurlock, John D. Teddy
-
Publication number: 20160182538Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor network traffic to and from a device, compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, and take remedial action if the monitored traffic is outside the characteristics of the device.Type: ApplicationFiled: December 23, 2014Publication date: June 23, 2016Inventors: John D. Teddy, Ramnath Venugopalan, Cedric Cochin, Joel R. Spurlock
-
Patent number: 9311126Abstract: A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.Type: GrantFiled: July 27, 2011Date of Patent: April 12, 2016Assignee: McAfee, Inc.Inventors: Jonathan L. Edwards, Gregory W. Dalcher, John D. Teddy
-
Patent number: 9311480Abstract: An antimalware support system is provided to support one or more host-based antimalware clients. A query is received from a particular host device that identifies a file detected by an antimalware tool local to the particular host device. Reputation data is determined for the file, and a response to the query is sent to the particular host device. The query response includes the reputation data determined for the file.Type: GrantFiled: March 15, 2013Date of Patent: April 12, 2016Assignee: McAfee, Inc.Inventors: John D. Teddy, James Douglas Bean, Gregory William Dalcher, Jeff Hetzler, Andrew Arlin Woodruff