The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Sep. 06, 2016
Filed:
Jun. 16, 2011
Vishal Kapoor, Seattle, WA (US);
Jonathan Mark Keller, Redmond, WA (US);
Ajith Kumar, Seattle, WA (US);
Adrian M. Marinescu, Sammamish, WA (US);
Marc E. Seinfeld, Fort Lauderdale, FL (US);
Anil Francis Thomas, Redmond, WA (US);
Michael Sean Jarrett, Kirkland, WA (US);
Joseph J. Johnson, Seattle, WA (US);
Joseph L. Faulhaber, Bozeman, MT (US);
Vishal Kapoor, Seattle, WA (US);
Jonathan Mark Keller, Redmond, WA (US);
Ajith Kumar, Seattle, WA (US);
Adrian M. Marinescu, Sammamish, WA (US);
Marc E. Seinfeld, Fort Lauderdale, FL (US);
Anil Francis Thomas, Redmond, WA (US);
Michael Sean Jarrett, Kirkland, WA (US);
Joseph J. Johnson, Seattle, WA (US);
Joseph L. Faulhaber, Bozeman, MT (US);
Microsoft Technology Licensing, LLC, Redmond, WA (US);
Abstract
The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.