Please download the dossier by clicking on the dossier button x
×

Methods and apparatus for control and detection of malicious content using a sandbox environment

  • US 9,519,779 B2
  • Filed: 07/13/2015
  • Issued: 12/13/2016
  • Est. Priority Date: 12/02/2011
  • Status: Active Grant
First Claim
Patent Images

1. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:

  • initiate an instance of a first application within a sandbox environment;

    receive a set of indications of actual behavior of the instance of the first application including an indication that the instance of the first application is associating with an instance of a second application within the sandbox environment by at least one of (1) initiating the instance of the second application or (2) initiating a thread injection event with the instance of the second application;

    identify the instance of the first application associating with the instance of the second application as an anomalous behavior of the instance of the first application in response to an indication that the first application is allowed to associate with the second application not being within a set of indications of allowed behavior specific to the first application,send an indication associated with the anomalous behavior in response to identifying the anomalous behavior.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×