| Patent Number |
Title Of Patent |
Date Issued |
| 7406714 |
Computer code intrusion detection system based on acceptable retrievals |
July 29, 2008 |
| Methods, apparati, and computer-readable media for protecting computer code (1) from malicious retrievers (3). A method embodiment of the present invention comprises the steps of generating (22) retrieval information characteristic of data sent to a retriever (3) by the computer code |
| 7373519 |
Distinguishing legitimate modifications from malicious modifications during executable computer |
May 13, 2008 |
| Prior to a modification of an executable computer file (101), a modification analysis manager (111) stores (1101) content concerning a specified number of specified sized blocks (115) of a specified section of the executable file (101). After the modification of the executable file ( |
| 7367056 |
Countering malicious code infections to computer files that have been infected more than once |
April 29, 2008 |
| Methods, apparati, and computer-readable media for countering malicious code infections to computer files (20). A preferred embodiment comprises selecting (40) an invariant section of each file (20), wherein said invariant section is invariant to malicious code infections and to repair |
| 7337471 |
Selective detection of malicious computer code |
February 26, 2008 |
| System, methods, and computer readable media for determining whether a computer file (340) has been infected by an attacking agent. A scanning engine (205) generates a new hash of a critical viral target region of the file (340) and compares it to a stored hash of the critical viral |
| 7185332 |
Multi-tiered incremental software updating |
February 27, 2007 |
| A software application (110) is updated to a newer version by means of incremental update patches (122). The incremental update patches (122) each contain that information necessary to transform one version of an application to another version. Any version of an application (110) may |
| 7130981 |
Signature driven cache extension for stream based scanning |
October 31, 2006 |
| A scanning manager (101) dynamically resizes (205) a flow scanning cache (109) based on signature (105) content in order to scan a flow (103) for signatures (105). The scanning manager (101) reads a directive (107) in a signature (105) to resize (205) the cache (109) in order to scan the |
| 6651249 |
Multi-tiered incremental software updating |
November 18, 2003 |
| A software application (110) is updated to a newer version by means of incremental update patches (122). The incremental update patches (122) each contain that information necessary to transform one version of an application to another version. Any version of an application (110) may be |
| 6230316 |
Patching rebased and realigned executable files |
May 8, 2001 |
| Incremental updating of a file (100) that has been rebased or realigned is accomplished through the use of a canonical form (100B). In terms of rebasing, a canonical form (100B) is one that has been rebased to a predetermined base address (104). In one embodiment this predetermined b |
| 6094731 |
Antivirus accelerator for computer networks |
July 25, 2000 |
| System, method, and computer readable medium for examining a file (1) associated with an originating computer (2) to determine whether a virus is present within the file (1). File (1) contains at least one sector and is scanned by an antivirus module (3). An identification and hash value |
| 6067410 |
Emulation repair system |
May 23, 2000 |
| An emulation repair system (200) restores virus-infected computer files (220) to their uninfected states without risk of infecting the rest of the computer system (202), by providing a virtual machine (216) for emulating the virus-infected computer file (220), a foundation module (240) i |
| 6052531 |
Multi-tiered incremental software updating |
April 18, 2000 |
| A software application (110) is updated to a newer version by means of incremental update patches (122). The incremental update patches (122) each contain that information necessary to transform one version of an application to another version. Any version of an application (110) may be |
| 6021510 |
Antivirus accelerator |
February 1, 2000 |
| System and method for examining a file (1) associated with a digital computer (2) to determine whether a computer virus is present within the file (1). The file (1) contains at least one numbered sector. When the file (1) is examined for an initial time, the file (1) is scanned by an |
| 5696822 |
Polymorphic virus detection module |
December 9, 1997 |
| A Polymorphic Anti-Virus Module (PAM) (200) comprises a CPU emulator (210) for emulating the target program, a virus signature scanning module (250) for scanning decrypted virus code, and an emulation control module (220), including a static exclusion module (230), a dynamic exclusion mo |
