Patents by Inventor Vladimir Strogov

Vladimir Strogov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11436328
    Abstract: Methods and systems for safeguarding against malware such as ransomware are described. In part, the disclosure relates to systems and methods for restoring user data and other data encrypted by malware or otherwise rendered inaccessible thereby. In one embodiment, the disclosure relates to a method of safeguarding user data. The method includes monitoring a plurality of processes executing on a computing device; detecting when a first process of the plurality of processes attempts to modify one or more parameters of a user data file; determining if first process is a trusted process or an untrusted process using one or more heuristics; and if the first process is determined to be an untrusted process, create a backup version of the user data file, wherein the backup version of the user data file is created with regard to an unchanged version the user data file.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: September 6, 2022
    Inventors: Vladimir Strogov, Nikolay Grebennikov, Serguei Beloussov, Mark Shmulevich, Stanislav Protasov, Eugene Aseev
  • Patent number: 11438349
    Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.
    Type: Grant
    Filed: September 24, 2020
    Date of Patent: September 6, 2022
    Assignee: Acronis International GmbH
    Inventors: Alexey Kostyushko, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov, Anastasia Pereberina, Nikolay Grebennikov
  • Patent number: 11416612
    Abstract: Disclosed are systems and methods for detecting malicious applications. The described techniques detect a first process has been launched on a computing device, and monitor at least one thread associated with the first process using one or more control points of the first process. An execution stack associated with the one or more control points of the first process is received from the first process. In response to detecting activity on the one or more control points of the first process, an indication that the execution of the first process is malicious is generated by applying a machine learning classifier to the received execution stack associated with the one or more control points of the first process.
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: August 16, 2022
    Assignee: Acronis International GmbH
    Inventors: Vladimir Strogov, Serguei Beloussov, Alexey Dod, Valery Chernyakovsky, Anatoly Stupak, Sergey Ulasen, Nikolay Grebennikov, Vyacheslav Levchenko, Stanislav Protasov
  • Patent number: 11403389
    Abstract: Disclosed herein are systems and method for detecting unauthorized access to computing resources for cryptomining. In one exemplary aspect, a method may detect that at least one process has been launched on a computer system. In response to the detecting, the method may collect data related to the launch of the at least one process. The method may compare the collected data with behavioral rules specifying compliant behavior on the computer system. The method may identify suspicious behavior associated with the at least one process in response to determining that the collected data does not meet the behavioral rules. The method may generate an alert indicative of the suspicious behavior. In response to identifying the suspicious behavior, the method may obtain telemetry data of the computer system, and may update the behavioral rules based on the telemetry data to improve accuracy of identifying further suspicious behavior.
    Type: Grant
    Filed: June 5, 2020
    Date of Patent: August 2, 2022
    Assignee: Acronis International GmbH
    Inventors: Vadim Karasev, Sergey Lebedev, Ravikant Tiwari, Oleg Ishanov, Evgeny A Aseev, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20220237288
    Abstract: Disclosed herein are systems and method for inspecting archived slices for malware. In one exemplary aspect, the method comprises identifying a first slice in a plurality of slices in a backup archive, wherein the first slice is an image of user data at a first time. The method comprises scanning the first slice of the plurality of slices in the backup archive and detecting at least one infected file in the first slice. The method comprises identifying a block of the first slice that corresponds to the at least one infected file. The method comprises mounting, to a disk, a second slice of the plurality of slices. The method comprises tracking the block and determining that the at least one infected file exists on the second slice and removing the infected file from the second slice by generating a respective cured slice of the second slice.
    Type: Application
    Filed: April 11, 2022
    Publication date: July 28, 2022
    Inventors: Vladimir Strogov, Anatoly Stupak, Andrey Kulaga, Alexey Sergeev, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11394738
    Abstract: Systems and methods for remediating vulnerabilities on a plurality of computing devices is disclosed herein. In one exemplary aspect, a method comprises classifying monitored data into a plurality of categories using a machine learning algorithm. For each respective data file of the monitored data, the method comprises retrieving one or more policies associated with a classified category of the respective data file and determining whether respective data file complies with the one or more policies. The method further comprises generating a compliance map based on compliance with policies for each respective data file of the monitored data, wherein the compliance map indicates vulnerabilities in the plurality of computing devices, determining whether the vulnerabilities are actionable, and in response to determining the vulnerabilities are actionable, requesting actions to be performed on the plurality of devices to remediate the vulnerabilities and non-compliance.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: July 19, 2022
    Assignee: Acronis International GmbH
    Inventors: Andrey Kulaga, Vladimir Strogov, Oleg Ishanov, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20220207139
    Abstract: Disclosed herein are systems and methods for preventing malicious injections. In one aspect, a method includes monitoring active processes that are running in suspended mode. For each active process being monitored, the method includes injecting a dynamic link library (DLL) into the active process to hook an application programming interface (API) of an application corresponding to the active process, wherein the DLL is injected for tracking commands for suspension and resumption of the active process. The method includes monitoring file inputs and outputs of the application for anomalies while the active process is in the suspended mode, and when a command for resuming the active process is detected using the DLL, determining, based on the monitoring, whether a malicious process is inserted into the active process. The method includes allowing the suspended process to resume execution in response to determining that no malicious process is inserted in the active process.
    Type: Application
    Filed: December 6, 2021
    Publication date: June 30, 2022
    Inventors: Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20220207134
    Abstract: Disclosed herein are systems and methods for securing cloud meetings using containers. In one aspect, an exemplary system comprises, a device comprising a processor, an OS operable in a user mode and a kernel mode, and a kernel driver for performing operations while in kernel mode, the kernel driver having a kernel driver interceptor configured to: register for a process notification callback for user applications used for web-based meetings, monitor to determine when a process notification callback is received, receive a process notification callback and a command line in the callback, and analyze and transmit the command line to a service that secures the meeting, wherein the securing is performed by: configuring a container for executing the user application in an isolated virtual environment, transferring, to the container, all resources needed to run the user application, and executing the user application in the container.
    Type: Application
    Filed: December 28, 2021
    Publication date: June 30, 2022
    Inventors: Stanislav Protasov, Anton Enakiev, Alexey Kostyushko, Vladimir Strogov, Serguei Beloussov
  • Publication number: 20220200996
    Abstract: Disclosed herein are systems and methods for providing network protection for web-based conferencing services. In one aspect, an exemplary system comprises, a device comprising a processor, an operating system (OS) operable in a user mode and a kernel mode, and a kernel driver for performing operations while the OS is in kernel mode, the kernel driver configured to: monitor file operations that involve objects belonging to a web conferencing service, receive a request from an application executing in a user mode, the request being for an operation to be executed in the kernel mode, when the operation involves at least one object belonging to the web conferencing service, request for an authorization from a protection service executing in the user mode, and allow the operation to be performed only when the authorization is received from the protection service.
    Type: Application
    Filed: November 16, 2021
    Publication date: June 23, 2022
    Inventors: Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11328061
    Abstract: Disclosed herein are systems and method for inspecting archived slices for malware. In one exemplary aspect, the method comprises mounting, to a disk, a first slice of a plurality of slices in a backup archive, wherein the first slice is an image of user data at a first time. The method further comprises detecting a modified block of the mounted, identifying at least one file in the mounted first slice that corresponds to the detected modified block, and scanning the at least one file for viruses and malicious software. In response to detecting that the at least one file is infected, the method comprises generating a cured slice that comprises the user data of the mounted first slice without the at least one file.
    Type: Grant
    Filed: February 24, 2020
    Date of Patent: May 10, 2022
    Assignee: Acronis International GmbH
    Inventors: Vladimir Strogov, Anatoly Stupak, Andrey Kulaga, Alexey Sergeev, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11327850
    Abstract: Disclosed herein are systems and method for disaster recovery using application streaming. In one aspect, a method includes generating a backup image of a computing system having at least one installed application and user data. The generating involves including the user data in the backup image and actively excluding program data files of the at least one installed application from the backup image. The method includes determining an application package specifying the installed application. The application package is stored at an application streaming service. Responsive to detecting a disaster recovery event, the method further includes copying the user data from the backup image to a recovery computing instance, and executing, on the recovery computing instance, a remote application from the application streaming service based on the determined application package.
    Type: Grant
    Filed: May 12, 2020
    Date of Patent: May 10, 2022
    Assignee: Acronis International GmbH
    Inventors: Anton Enakiev, Vladimir Strogov, Alexey Sergeev, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11327848
    Abstract: Disclosed herein are systems and methods for data remediation without data loss. In one exemplary aspect, the method comprises performing, at a first time, a first backup of a plurality of files on a file system of a computer system; tracking changes to any of the plurality of files on the file system after the first time; performing, at a second time, a second backup of the plurality of files on the file system; detecting, based on a scan of the second backup, an infection of the computer system caused by a malicious application; identifying, by the processor, a most recent backup of the file system that does not comprise the infection; in response to determining that the first backup is the most recent backup: restoring the first backup to the file system, and restoring a subset of files on the file system for which authorized changes.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: May 10, 2022
    Assignee: Acronis International GmbH
    Inventors: Oleg Ishanov, Vladimir Strogov, Igor Kornachev, Andrey Kulaga, Nikolay Grebennikov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20220121742
    Abstract: Disclosed herein are systems and method for malicious behavior detection in processing chains comprising identifying and monitoring events generated by a first process executing on a computing device; storing snapshots of data modified by any of the events; determining a level of suspicion for the first process, wherein the level of suspicion is a likelihood of the first process being attributed to malware based on the data modified by any of the events; in response to determining that the first process is not trusted based on the determined level of suspicion, identifying at least one sub-process of the first process; and restoring, from the snapshots, objects affected by the first process and the at least one sub-process.
    Type: Application
    Filed: December 29, 2021
    Publication date: April 21, 2022
    Inventors: Vladimir Strogov, Vyacheslav Levchenko, Serguei Beloussov, Sergey Ulasen, Stanislav Protasov
  • Publication number: 20220091877
    Abstract: Disclosed herein are systems and method for selectively restoring a computer system to an operational state. In an exemplary aspect, the method may include creating a backup image of the computer system comprising a set of data blocks, detecting that the computer system has begun an initial startup, identifying a subset of the data blocks read from a disk of the computer system during the initial startup. In response to determining that the computer system should be restored, the method may include restoring the subset of the data blocks such that the computer system is operational during startup, and restoring a remaining set of the data blocks from the backup image after the startup of the computer system.
    Type: Application
    Filed: December 8, 2021
    Publication date: March 24, 2022
    Inventors: Alexey Sergeev, Anton Enakiev, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20220091876
    Abstract: Disclosed herein are systems and method for selectively restoring a computer system to an operational state. In an exemplary aspect, the method may create a backup image of the computer system comprising a set of data blocks, and create and start a virtual machine based on the backup image. The method may identify a subset of the data blocks accessed from the backup image during startup of the virtual machine. In response to determining that the computer system should be restored, the method may restore the subset of the data blocks such that the computer system is operational during startup, and restore a remaining set of the data blocks from the backup image after the startup of the computer system.
    Type: Application
    Filed: December 8, 2021
    Publication date: March 24, 2022
    Inventors: Alexey Sergeev, Anton Enakiev, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11250126
    Abstract: Disclosed herein are systems and method for malicious behavior detection in processing chains comprising identifying a chain of related processes executing on a computing device; for each respective process in the chain of related processes: monitoring events generated by the respective process; storing snapshots of data modified by any of the events; determining a level of suspicion for the respective process by applying an artificial intelligence (AI) model to the snapshots of data; determining whether the chain of related processes is trusted based on the determined levels of suspicion; and in response to determining that the chain of related processes is not trusted, restoring objects affected by the chain from the snapshots.
    Type: Grant
    Filed: September 25, 2019
    Date of Patent: February 15, 2022
    Assignee: Acronis International GmbH
    Inventors: Vladimir Strogov, Vyacheslav Levchenko, Serguei Beloussov, Sergey Ulasen, Stanislav Protasov
  • Patent number: 11249791
    Abstract: Disclosed herein are systems and method for selectively restoring a computer system to an operational state. In an exemplary aspect, the method may create a backup image of the computer system comprising a set of data blocks and may store the backup image of the computer system in an archive storage database. The method may determine a subset of the data blocks of the backup image that are required to keep the computer system operational. In response to determining that the computer system should be restored, the method may restore the subset of the data blocks such that the computer system is operational during startup, and may restore a remaining set of the data blocks from the backup image after the startup of the computer system.
    Type: Grant
    Filed: April 30, 2020
    Date of Patent: February 15, 2022
    Assignee: Acronis International GmbH
    Inventors: Alexey Sergeev, Anton Enakiev, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20210248106
    Abstract: Disclosed herein are systems and methods for updating select files in an image backup. In an exemplary aspect, a method comprises performing an image backup of a storage device comprising a plurality of files. The method comprises selecting a file of the plurality of files based on file selection rules and subsequent to the image backup, detecting that the file has exited a full consistency state. The method comprises monitoring the file to detect a return to the full consistency state. In response to detecting that the file has returned to the full consistency state, the method comprises identifying a physical address of at least one sector comprising the file on the storage device, and updating a version of the file previously captured in the image backup with a version of the file after returning to the full consistency state.
    Type: Application
    Filed: December 14, 2020
    Publication date: August 12, 2021
    Inventors: Alexey Sergeev, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11068194
    Abstract: Disclosed herein are systems and method for storing and managing states of a computing device. In one aspect, an exemplary method comprises determining an initial state of the computing device, wherein the initial state includes states of all storage sectors associated with the computing device, storing the determined initial state in an initial blocks storage, for each new state that corresponds to a respective point in time subsequent to a time at which the initial state was determined, creating a snapshot, where the created snapshot includes a difference between the initial state and the new state, for each created snapshot, identifying a set of changed blocks that are in storage, and storing the changed blocks of data to a changed blocks storage, and creating a snap-map for any number of consecutive changes based on the sets of changed blocks corresponding to the respective consecutive changes.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: July 20, 2021
    Assignee: Acronis International GmbH
    Inventors: Oleg Melnikov, Vladimir Strogov, Alexey Sergeev, Serguei Beloussov, Alexey Dod, Stanislav Protasov
  • Patent number: 11070570
    Abstract: Disclosed herein are systems and method for correlating malware detections by endpoint devices and servers. In one aspect, an exemplary method comprises receiving, by a correlator, from one or more servers, one or more events collected without invasive techniques, one or more events collected using one or more invasive techniques, and one or more final verdicts, correlating the one or more events collected without invasive techniques with one or more events collected using the one or more invasive techniques, creating a suspicious pattern when an event of the one or more events collected without invasive techniques is correlated with an event of the one or more events collected using the one or more invasive techniques, and the event of the one or more events collected using one or more invasive techniques is used to detect a malware, and updating databases of one or more endpoint devices with created suspicious patterns.
    Type: Grant
    Filed: March 1, 2019
    Date of Patent: July 20, 2021
    Assignee: ACRONIS INTERNATIONAL GMBH
    Inventors: Alexey Kostyushko, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov, Anastasia Pereberina, Nikolay Grebennikov