Symantec Patent Applications

SAMPLE-SPECIFIC SANDBOX CONFIGURATION BASED ON ENDPOINT TELEMETRY

Granted: September 27, 2018
Application Number: 20180276371
A method for determining sandbox configurations for malware analysis is described. In one embodiment, the method may include receiving a plurality of files, extracting at least one element from at least one file from the plurality of files, identifying one or more properties associated with an endpoint, determining a correlation between the at least one extracted element and the one or more properties of the endpoint, and determining one or more sandbox configurations based at least in…

MANAGING DATA ENCRYPTING APPLICATIONS

Granted: September 6, 2018
Application Number: 20180255074
A method for managing cloud based applications is described. In one embodiment, the method includes detecting initiation of an application, detecting an action performed relative to the application, capturing the data associated with the detected action before the application encrypts the at least portion of the data, analyzing the captured data, and applying a network management policy to a packet flow based at least in part on the analyzing the captured data. In some cases, the…

ANTENNA SYSTEM FOR WIRELESS COMMUNICATION DEVICES AND OTHER WIRELESS APPLICATIONS

Granted: July 5, 2018
Application Number: 20180191056
An antenna system for wireless communications and other wireless applications is disclosed. In one particular embodiment, the antenna system may comprise a frame with at least three facets and an antenna element mounted on each of the at least three facets, wherein each of the antenna elements are electromagnetically isolated from each other.

TECHNIQUES FOR AUTOMATED APPLICATION ANALYSIS

Granted: April 27, 2017
Application Number: 20170116409
Techniques for automated application analysis are disclosed. In one embodiment, the techniques may be realized as a method comprising detecting a code creation activity; detecting the presence of a previously-unknown application; associating the detected application with the code creation activity; and permitting the application to run based on associating the detected application with the code creation activity.

TECHNIQUES FOR GENERATING A VIRTUAL PRIVATE CONTAINER

Granted: April 6, 2017
Application Number: 20170098092
Techniques for generating a virtual private container (VPC) are disclosed. In one embodiment, the techniques may be realized as a virtual container defining a self-contained software environment, comprising one or more analytic components configured to carry out specified analytic functions on data within the container, wherein the one or more analytic components are isolated to run within the self-contained software environment of the container; an interface configured to identify and…

DATA LOSS MONITORING OF PARTIAL DATA STREAMS

Granted: January 5, 2017
Application Number: 20170005893
A method for detecting loss of sensitive information in partial data streams may include identifying partial data streams containing segments lost while capturing network traffic at a network computing device, determining characteristics of content of the partial data streams, padding content portions of the lost segments in the partial data streams, and scanning the partial data streams for sensitive information according to at least one data loss prevention (DLP) policy.

TECHNIQUES FOR MANAGING PRIVACY OF A NETWORK COMMUNICATION

Granted: December 22, 2016
Application Number: 20160371508
Techniques for managing privacy of a network communication may be realized as a computer-implemented system, including one or more processors that store instructions, and one or more computer processors that execute the instructions to receive a first network communication, extract information from the first network communication, identify a privacy rule based on the information, generate a second network communication based on the first network communication and the privacy rule, and…

TECHNIQUES FOR DATA BACKUP AND RESTORATION

Granted: June 23, 2016
Application Number: 20160179631
Techniques for data backup and restoration are disclosed. In one embodiment, the techniques may be realized as a method including generating a first backup representing a database at a first time; after the first backup, generating a plurality of journal entries, each journal entry representing a change to the database made after the first time; and restoring the database from the first backup and the plurality of journal entries, the restored database including the changes represented…

SEAMLESS AUTHENTICATION MECHANISM FOR USER PROCESSES AND WEB SERVICES RESIDING ON COMMON HOST

Granted: December 3, 2015
Application Number: 20150350195
Techniques are presented herein for authenticating local process to a web service, both executing on a common host computer server. The local process may present a self-signed certificate to the web service. In response, the web service may identify a file system directory on the first computer server containing a file storing the self-signed certificate. If the subject information identifying the owner of the process matches file system metadata indicating an owner of the file, then the…

AUTOMATED STEP-UP DIGITAL CERTIFICATE INSTALLATION PROCESS

Granted: November 26, 2015
Application Number: 20150341342
Techniques are disclosed for rapidly securing a server in response to request for a high-assurance digital certificate. As described, a CA may issue a basic tier certificate after performing a verification process to confirm that a party requesting a certificate for a given network domain, in fact, has control of that domain. Once issued and provisioned on the server, the server can establish secure connections with clients. At the same time, the CA continues to perform progressive…

DISCOVERY AND CLASSIFICATION OF ENTERPRISE ASSETS VIA HOST CHARACTERISTICS

Granted: October 29, 2015
Application Number: 20150310215
Techniques are presented herein for classifying a variety of enterprise computing resources based on asset characteristics. In particular, a computing asset, e.g., a server, may be classified based on any digital certificates provisioned on that server. That is, the properties of a digital certificate may be used to determine a measure of business value or importance of a server (or data hosted on that server). Once classified, a monitoring system may use the assigned classifications to…

TRANSMITTING ENCODED DIGITAL CERTIFICATE DATA TO CERTIFICATE AUTHORITY USING MOBILE DEVICE

Granted: October 22, 2015
Application Number: 20150304309
Techniques are disclosed for managing a digital certificate enrollment process. A certificate assistant on a server is configured to encode certificate enrollment data in a barcode graphic, such as a quick response (QR) code. A mobile phone application can then scan the barcode graphic using a camera to recover and transmit the enrollment data to a certificate authority. Doing so allows a system administrator (or other user) to complete the certificate enrollment process in cases where…

SYSTEM TO IDENTIFY MACHINES INFECTED BY MALWARE APPLYING LINGUISTIC ANALYSIS TO NETWORK REQUESTS FROM ENDPOINTS

Granted: October 1, 2015
Application Number: 20150281257
A method to identify machines infected by malware is provided. The method includes determining whether a universal resource locator in a network request is present in a first cache and determining whether a fully qualified domain name from the uniform resource locator is present in a second cache. The method includes evaluating a parent hostname as to suspiciousness. The method includes indicating the computing device has a likelihood of infection, responsive to one of: the universal…

SYSTEMS AND METHODS FOR IDENTIFYING A SOURCE OF A SUSPECT EVENT

Granted: October 1, 2015
Application Number: 20150278518
A computer-implemented method for identifying a source of a suspect event is described. In one embodiment, system events may be registered in a database. A suspicious event associated with a first process may be detected and the first process may be identified as being one of a plurality of potential puppet processes. The registered system events in the database may be queried to identify a second process, where the second process is detected as launching the first process.

SYSTEMS AND METHODS FOR IDENTIFYING ACCESS RATE BOUNDARIES OF WORKLOADS

Granted: September 24, 2015
Application Number: 20150269067
A computer-implemented method for identifying access rate boundaries of workloads may include (1) tracking the number of times each region of data within a plurality of regions of data is accessed during a period of time, (2) creating an ordered list of each region of data from the plurality of regions of data, (3) calculating one or more drops in access rates between two or more regions of data in the ordered list, (4) determining that a calculated access-rate drop from a first region…

SYSTEMS AND METHODS FOR PROVIDING TARGETED DATA LOSS PREVENTION ON UNMANAGED COMPUTING DEVICES

Granted: September 24, 2015
Application Number: 20150271207
A computer-implemented method for providing targeted data loss prevention on unmanaged computing devices may include (1) identifying a data loss prevention policy that defines permissible data handling within set bounds to prevent unauthorized data exfiltration from the set bounds, (2) identifying an application to install on at least one unmanaged endpoint device, where (i) the unmanaged endpoint device lacks a data loss prevention agent configured to apply the data loss prevention…

SYSTEMS AND METHODS FOR DISCOVERING WEBSITE CERTIFICATE INFORMATION

Granted: September 24, 2015
Application Number: 20150271171
The disclosed computer-implemented method for discovering website certificate information may include (1) receiving, from a plurality of computing devices within a community of users, information that identifies the certificate statuses of websites visited by the computing devices, (2) identifying, by analyzing the information, at least one issue with the certificate status of at least one website visited by at least one of the computing devices, and (3) performing at least one remedial…

SYSTEMS AND METHODS FOR SMART CIPHER SELECTION

Granted: September 24, 2015
Application Number: 20150271145
A computer-implemented method for smart cipher selection may include (1) receiving, at a server and from a client, a request to communicate according to a cipher for encryption, the request containing a client list of ciphers available at the client, (2) identifying a server list of ciphers available at the server, (3) measuring, in response to receiving the request, a resource load at the server and a risk factor indicating a degree of risk posed by the client, and (4) selecting a…

SYSTEMS AND METHODS FOR MANAGING SECURITY CERTIFICATES THROUGH EMAIL

Granted: September 24, 2015
Application Number: 20150271122
The disclosed computer-implemented method for managing security certificates through email may include (1) receiving an encrypted email that contains both identifying information that identifies a security certificate for authenticating a website and a management command relating to the security certificate, (2) determining whether authentication of the encrypted email succeeded such that the management command is authorized, and (3) when a determination is made that authentication of…

SYSTEMS AND METHODS FOR INCREASING COMPLIANCE WITH DATA LOSS PREVENTION POLICIES

Granted: September 24, 2015
Application Number: 20150269386
A computer-implemented method for increasing compliance with data loss prevention policies may include (1) identifying a file that is subject to a data loss prevention policy, (2) determining a classification of the file according to the data loss prevention policy, (3) identifying a graphical user interface that is configured to display a representation of the file, and (4) enhancing the representation of the file within the graphical user interface with a visual indication of the…