IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8341736 B1

PDFFull Text
Date of Patent:
Dec. 25, 2012

Filed:

Oct. 12, 2007

Detection and dynamic alteration of execution of potential software threats

Applicants:

Sterling Reasor, Bellevue, WA (US);

Jonathan Keller, Redmond, WA (US);

Jason Joyce, Redmond, WA (US);

Ahmed Hussain, Redmond, WA (US);

Kanwaljit Marok, Seattle, WA (US);

Nizan Manor, Seattle, WA (US);

Santanu Chakraborty, Redmond, WA (US);

Inventors:

Sterling Reasor, Bellevue, WA (US);

Jonathan Keller, Redmond, WA (US);

Jason Joyce, Redmond, WA (US);

Ahmed Hussain, Redmond, WA (US);

Kanwaljit Marok, Seattle, WA (US);

Nizan Manor, Seattle, WA (US);

Santanu Chakraborty, Redmond, WA (US);

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorney:
Primary Examiner:

Gilberto Barron, Jr

Assistant Examiner:

Izunna Okeke

Int. Cl.
CPC ...
G06F 21/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

An arrangement for dynamically identifying and intercepting potential software threats before they execute on a computer system is provided in which a file system filter driver (called a 'mini-filter') interfaces with an anti-malware service to selectively generate an alert event and allow the threat to run, in addition to generating an alert event and suspending the threat. The decision to suspend the threat or allow it to run is made through application of a cascading logic hierarchy that includes respective policy-defined actions, user-defined actions, and signature-defined actions. The mini-filter generates the alert event to the anti-malware service whenever a file is opened, or modified and closed. The service uses an engine to scan the file to identify potential threats which are handled though application of the logic hierarchy which provides for configurations defined in a lower tier of the hierarchy to be overridden by those contained in a higher tier.

Find Patent Forward Citations

Loading…