Symantec Patent Grants

Systems and methods for protecting virtual machine program code

Granted: May 23, 2017
Patent Number: 9659156
A computer-implemented method for protecting virtual machine program code may include (1) identifying one or more software program functions developed for execution in a virtual machine to be protected against reverse engineering, (2) converting one or more of the software program functions to native code for the computing device, (3) obtaining a memory address of one or more virtual machine functions, (4) generating one or more at least partially random alphanumeric values to identify…

Systems and methods for generating repair scripts that facilitate remediation of malware side-effects

Granted: May 23, 2017
Patent Number: 9659176
The disclosed computer-implemented method for generating repair scripts that facilitate remediation of malware side-effects may include (1) identifying a potentially malicious file located on a computing system, (2) determining at least one potential side-effect of the potentially malicious file, (3) generating, based at least in part on the potential side-effect of the potentially malicious file, a repair script that facilitates remediation of the potential side-effect, and then (4)…

Systems and methods for protecting data files

Granted: May 23, 2017
Patent Number: 9659182
A method for protecting data files may include (1) identifying a data file to be protected against data loss, (2) identifying a set of software programs permitted to open the data file by (a) identifying a format of the data file and (b) identifying at least one software program capable of opening files of the format of the data file, (3) detecting an attempt to open the data file by a software program not included in the set of software programs, and (4) performing a security action in…

Automatically learning signal strengths at places of interest for wireless signal strength based physical intruder detection

Granted: May 23, 2017
Patent Number: 9659474
A method for intruder detection is provided. The method includes determining received signal strength of a first wireless device, while the first wireless device is moved at random within a region and generating a profile of the received signal strength of the first wireless device. The method includes determining received signal strength of a second wireless device and issuing an alert, responsive to received signal strength of the second wireless device meeting the profile. An intruder…

Systems and methods for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions

Granted: May 23, 2017
Patent Number: 9661004
A computer-implemented method for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions may include (1) identifying a torrent file that includes metadata for facilitating a torrent transaction for obtaining a target file via a peer-to-peer file-sharing protocol, (2) identifying at least one entity involved in the torrent transaction, (3) obtaining reputation information associated with the entity involved in the torrent transaction,…

Systems and methods for automatic endpoint protection and policy management

Granted: May 23, 2017
Patent Number: 9661023
A computer-implemented method for dynamically adjusting server settings is described. In one embodiment, at least one parameter of a status of a server that diverges from a corresponding baseline setting of a policy maintained by the server may be identified. An adjustment to the baseline setting of the policy may be calculated based at least in part on the divergent parameter. The baseline setting of the policy may be adjusted according to the calculated adjustment. A command may be…

Systems and methods for detecting information leakage by an organizational insider

Granted: May 16, 2017
Patent Number: 9652597
A computer-implemented method for detecting information leakage by an organizational insider may include (1) identifying a set of organizational insiders of an organization, (2) identifying a set of public forums used by one or more organizational insiders, (3) identifying a set of messages posted to one or more public forums, (4) creating a message record corresponding to each message, with the record including a message summary, and a set of message metadata fields, (5) consolidating…

Systems and methods for analyzing suspected malware

Granted: May 16, 2017
Patent Number: 9652615
The disclosed computer-implemented method for analyzing suspected malware may include (1) identifying a file suspected of including malware, (2) performing a static analysis of the file to identify at least one indication of an attack vector that the file uses to attack computing systems, (3) obtaining, from at least one computing system, telemetry data that identifies at least one indication of an attack vector that the file uses to attack computing systems, (4) constructing, using the…

Techniques for classifying non-process threats

Granted: May 16, 2017
Patent Number: 9652616
Techniques for classifying non-process threats are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for classifying non-process threats comprising generating trace data of at least one observable event associated with execution of a process, representing a first feature of the at least one observable event of the trace data, calculating, using a computer processor, a similarity between the first feature and at least one sample feature, and…

Systems and methods for evaluating networks

Granted: May 16, 2017
Patent Number: 9654503
A computer-implemented method for evaluating networks may include (1) identifying an initial set of recorded packet performance data that describes an instance of an attempt to establish a network connection path between an original node and a subsequent node in a network, (2) detecting, by a software security system, a network anomaly based on comparison data resulting from a comparison between the initial set of recorded packet performance data and an additional set of recorded packet…

Detecting a hijacked network address

Granted: May 16, 2017
Patent Number: 9654504
A computer system monitors a set of inactive addresses. The computer system identifies a suspicious activity associated with at least one inactive address of the set of inactive addresses. The computer system determines a suspicion score for the at least one inactive address based on the suspicious activity associated with the at least one inactive address. The computer system categorizes the at least one inactive address as a potentially hijacked address if the suspicion score exceeds a…

Match signature recognition for detecting false positive incidents and improving post-incident remediation

Granted: May 16, 2017
Patent Number: 9654510
The present disclosure relates to using signatures in a data loss prevention system. According to one embodiment, a DLP system identifies an occurrence of a data loss prevention (DLP) incident triggered by content and a DLP rule. The DLP system generates a first signature representing the DLP incident based on a specific pattern inherent to the content which triggered the DLP incident. The DLP system compares the first signature to one or more second signatures generated from other DLP…

Systems and methods for identifying repackaged files

Granted: May 9, 2017
Patent Number: 9646157
A computer-implemented method for identifying repackaged files may include (1) identifying an application package that packages files for a mobile device application that is to be executed through a mobile device operating system, (2) identifying, within the application package, a resource file that identifies resources for the application package defined in a programming language for the mobile device operating system, (3) parsing the resource file to identify a flag for a resource that…

Systems and methods for detecting malicious files

Granted: May 9, 2017
Patent Number: 9646158
A computer-implemented method for detecting malicious files may include (1) identifying a length of at least one line within a textual file, (2) assessing, based at least in part on the length of the line within the textual file, a likelihood that at least a portion of the textual file has been encrypted, (3) determining, based on the likelihood that at least a portion of the textual file has been encrypted, a likelihood that the textual file is malicious, and (4) performing a…

Systems and methods for verifying the authenticity of graphical images

Granted: May 9, 2017
Patent Number: 9647846
The disclosed computer-implemented method for verifying the authenticity of graphical images may include (1) identifying a graphical image intended for presentation by a display and then, prior to facilitating presentation of the graphical image by the display, (2) identifying an original unique identifier of at least a portion of the graphical image encoded into the graphical image, (3) computing a subsequent unique identifier of the portion of the graphical image, and (4) determining,…

System and method of data interception and conversion in a proxy

Granted: May 9, 2017
Patent Number: 9647989
An intercepting proxy server processes traffic between an enterprise user and a cloud application which provides Software as a Service (SaaS). The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating information by encrypting individual real data elements without disturbing the validity of the application protocol. To the processing cloud application real data are only visible as…

Systems and methods for determining membership of an element within a set using a minimum of resources

Granted: May 2, 2017
Patent Number: 9639577
A computer-implemented method for scanning a file is described. A Golomb-Compressed Sequence (GCS) index may be queried to determine whether GCS data is associated with the scanned data. The GCS index may be stored in a first storage medium and the GCS data may be stored in a second storage medium. The second storage medium may be different from the first storage medium. Upon determining the GCS data is associated with the scanned data, the location of the GCS data associated with the…

Dynamic on-device passcodes to lock lost or stolen devices

Granted: May 2, 2017
Patent Number: 9639692
Dynamic on-device passcode to lock lost device is described. In one method, a security agent executing on a processor of a user device periodically generates a dynamic passcode using a cryptographic function and a cryptographic seed according to a predefined time interval. While the user device is in a first state, the security agent sends the cryptographic seed to an authentication service. The method receives an acknowledgement of receipt of the cryptographic seed from the…

Techniques for detecting a security vulnerability

Granted: May 2, 2017
Patent Number: 9639693
Techniques for detecting security vulnerabilities are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting security vulnerabilities including assigning a reputation to an application, distributing the reputation to a client, receiving monitored system behavior from the client related to the client executing the application, determining whether to change the reputation of the application based on the monitored system behavior, distributing the…

Method and apparatus for analyzing end user license agreements

Granted: May 2, 2017
Patent Number: 9639696
A method and apparatus for analyzing end user license agreements and taking action based on the analysis outcome. In one embodiment, the method includes sensing initialization of an installable software program installation, extracting a EULA from the installable during installation, pausing presentation of the EULA to a user, providing a database of suspect terms, analyzing whether a suspect term exists in the EULA, and presenting at least one of the EULA or a suspect term to the user.