公开(公告)号：US12093386B2

公开(公告)日：2024-09-17

申请号：US17173816

申请日：2021-02-11

Applicant: Commvault Systems, Inc.

Inventor： PurnaChandra Sekhar Bedhapudi ,  Sri Karthik Bhagi ,  Deepak Raghunath Attarde ,  Arun Prasad Amarendran ,  Amit Bhaskar Ausarkar ,  Mrityunjay Upadhyay

IPC: G06F21/56 ,  G06F16/17 ,  G06F16/174

CPC classification number: G06F21/566 ,  G06F16/1734 ,  G06F16/1752 ,  G06F2221/034 ,  G06F2221/2101

Abstract: This application relates to ransomware detection and data pruning management. Ransomware typically involves an I/O heavy process of encrypting data files and/or deleting or renaming the original files. Thus, ransomware attacks may be detected by analyzing the I/O activity in a given file system. In some embodiments, a software module running on a client machine manages copying, archiving, migrating, and/or replicating of primary data and restoring and/or pruning secondary data (e.g., backup copies of the primary data). When a potential ransomware attack is detected, the software module is immediately stopped so that the software module does not prune any data that may need to be restored. Upon receiving user input that indicates that the client machine is not under a ransomware attack, the software module is allowed to resume its operations, including pruning of the secondary data.

公开(公告)号：US12026252B2

公开(公告)日：2024-07-02

申请号：US17243188

申请日：2021-04-28

Applicant: Commvault Systems, Inc.

Inventor： Sri Karthik Bhagi ,  Pratima Laxman Gadhave ,  Marcelo dos Reis Mansano ,  Mrityunjay Upadhyay ,  PurnaChandra Sekhar Bedhapudi ,  Shyam Sundar Ramkumar

IPC: G06F21/55 ,  G06F9/455 ,  G06F11/14 ,  G06F21/54 ,  G06F21/56 ,  G06F21/62 ,  G06F21/78 ,  G06N5/04 ,  G06N20/00

CPC classification number: G06F21/554 ,  G06F9/45533 ,  G06F11/1451 ,  G06F21/54 ,  G06F21/561 ,  G06F21/566 ,  G06F21/567 ,  G06F21/568 ,  G06F21/6218 ,  G06F21/78 ,  G06N5/04 ,  G06N20/00 ,  G06F2201/815 ,  G06F2221/034

Abstract: An information management system includes one or more client computing devices in communication with a storage manager and a secondary storage computing device. The storage manager manages the primary data of the one or more client computing devices and the secondary storage computing device manages secondary copies of the primary data of the one or more client computing devices. Each client computing device may be configured with a ransomware protection monitoring application that monitors for changes in their primary data. The ransomware protection monitoring application may input the changes detected in the primary data into a machine-learning classifier, where the classifier generates an output indicative of whether a client computing device has been affected by malware and/or ransomware. Using a virtual machine host, a virtual machine copy of an affected client computing device may be instantiated using a secondary copy of primary data of the affected client computing device.

公开(公告)号：US12124338B2

公开(公告)日：2024-10-22

申请号：US18132915

申请日：2023-04-10

Applicant: Commvault Systems, Inc.

Inventor： Sri Karthik Bhagi ,  PurnaChandra Sekhar Bedhapudi

IPC: G06F11/10 ,  G06F11/14 ,  G06F16/17 ,  G06F21/64

CPC classification number: G06F11/1464 ,  G06F11/1461 ,  G06F16/1734 ,  G06F21/64 ,  G06F2201/84

Abstract: An information management system can detect instances in which data is being stored in a non-standard file path and can alert the user of the client computing device, modify the storage policy to include the non-standard file path, and/or initiate a secondary copy operation to prevent data loss of the data stored in the non-standard file path. For example, a client computing device may execute a filter driver that monitors interactions with files in the file system. The filter driver can identify any non-standard file paths not subject to a storage policy that include files in which interactions occurred. For a non-standard file path, the filter driver can determine whether the frequency of interaction with files in the non-standard file path satisfies a threshold frequency. If the threshold is satisfied, then the filter driver may determine that the files should be subject to the storage policy and take appropriate action.

公开(公告)号：US11656951B2

公开(公告)日：2023-05-23

申请号：US17082723

申请日：2020-10-28

Applicant: Commvault Systems, Inc.

Inventor： Sri Karthik Bhagi ,  PurnaChandra Sekhar Bedhapudi

IPC: G06F11/10 ,  G06F11/14 ,  G06F21/64 ,  G06F16/17

CPC classification number: G06F11/1464 ,  G06F11/1461 ,  G06F16/1734 ,  G06F21/64 ,  G06F2201/84

Abstract: An information management system can detect instances in which data is being stored in a non-standard file path and can alert the user of the client computing device, modify the storage policy to include the non-standard file path, and/or initiate a secondary copy operation to prevent data loss of the data stored in the non-standard file path. For example, a client computing device may execute a filter driver that monitors interactions with files in the file system. The filter driver can identify any non-standard file paths not subject to a storage policy that include files in which interactions occurred. For a non-standard file path, the filter driver can determine whether the frequency of interaction with files in the non-standard file path satisfies a threshold frequency. If the threshold is satisfied, then the filter driver may determine that the files should be subject to the storage policy and take appropriate action.