Entity

Time filter

Source Type

Moscow, Russia

Kaspersky Lab is an international group operating in almost 200 countries and territories worldwide. The company is headquartered in Moscow, Russia, with its holding company registered in the United Kingdom. Kaspersky Lab currently employs over 2,850 qualified specialists. It has 31 representative territory offices in 30 countries and its products and technologies provide service for over 300 million users and over 250,000 corporate clients worldwide. The company is specially focused on large enterprises, and small and medium-sized businesses. Wikipedia.


Disclosed are systems, methods and computer program products for protecting cloud security services from unauthorized access and malware attacks. In one example, a cloud server receives one or more queries from security software of the user device. The server analyzes a system state and configuration of the user device to determine the level of trust associated with the user device. The server also analyzes the one or more queries received from the security software to determine whether to update the level of trust associated with the user device. The server determines, based on the level of trust, how to process the one or more queries. Finally, the server provides responses to the one or more queries from the security software based on the determination of how to process the one or more queries.


Disclosed are systems, methods, and computer program products for preserving and subsequently restoring a state of a program emulator. In one aspect, the system loads a file into an emulator of the computer system and determines whether an emulation is being performed for the first time. When the emulation is performed for the first time, the system loads into the emulator an initial image of the emulator state and emulates the file using the loaded initial image of the emulator state. During emulation, the system creates and stores new images of the emulator state upon occurrence of predefined conditions. When the emulation is not performed for the first time, the system identifies new images of the emulator state created during initial emulation of the file, loads into the emulator the identified images, and resume emulating the file using the new images of the emulator state.


Patent
Kaspersky Lab | Date: 2014-05-27

A malware detection rule is evaluated for effectiveness and accuracy. The detection rule defines criteria for distinguishing files having a characteristic of interest from other files lacking that characteristic, for instance, malicious files vs. benign files. The detection rule is applied to a set of unknown files. This produces a result set that contains files detected from among the set of unknown files as having the at least one characteristic of interest. Each file from the result set is compared to at least one file from a set of known files having the characteristic to produce a first measure of similarity, and to at least one file from a set of known files lacking the characteristic to produce a second measure of similarity. In response to the first measure of similarity exceeding a first similarity threshold, the detection rule is deemed effective. In response to the second measure of similarity exceeding a second similarity threshold, the detection rule is deemed inaccurate.


Disclose are system, method and computer program product for correcting antivirus records. In an example aspect, an antivirus application analyzes a software object for a presence of malware. The antivirus application includes an antivirus database and an antivirus cache. The antivirus application retrieves from the antivirus database an antivirus record associated with the analyzed object. The antivirus record indicates whether the object is clean or malicious and further includes at least a test antivirus record status indicator. The antivirus application checks at least in the antivirus cache for correction of the test antivirus record. The correction includes a change in the test status of the antivirus record. When a correction for the retrieved antivirus record is found in the antivirus cache, the antivirus application uses said correction for the antivirus record for a further processing of the software object.


Method and system for configuration of a computer system according to security policies. The configuration of an employees personal computer system according to the security policies of the corporate network provides for security of access to the corporate network. Configuration change instructions are generated according to the security policy and applied to the configuration of the computer system. The configuration system includes at least one computer system used to access a corporate network, a policy application module configured to determine configuration parameters of the computer system and to pass the configuration data to an instruction forming module. The computer system is configured according to the selected security policy by execution of at least one configuration change instruction. The configuration system also includes a database of security policies.

Discover hidden collaborations