公开(公告)号：US20220027493A1

公开(公告)日：2022-01-27

申请号：US17361849

申请日：2021-06-29

申请人： Microsoft Technology Licensing, LLC

发明人： Dhananjay Ramakrishnappa ,  Gregory Irving Thiel ,  Manoharan Kuppusamy ,  Yogesh Bansal

IPC分类号： G06F21/62 ,  G06F9/54 ,  H04L29/06 ,  H04L29/08

摘要： A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a modification request to modify data in a target volume. If so, target analysis logic determines whether the request is for a target volume that is within a first or second protected volume. If the request is to modify data stored in the first protected volume, the request is blocked. If the request is to modify data in a second protected volume, then a whitelist is examined to determine whether the requesting process and user are on the whitelist. If not, the request is also blocked.

公开(公告)号：US11080416B2

公开(公告)日：2021-08-03

申请号：US16154197

申请日：2018-10-08

申请人： Microsoft Technology Licensing, LLC

发明人： Dhananjay Ramakrishnappa ,  Gregory Irving Thiel ,  Manoharan Kuppusamy ,  Yogesh Bansal

IPC分类号： H04L29/06 ,  G06F21/62 ,  G06F9/54 ,  H04L29/08

摘要： A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a modification request to modify data in a target volume. If so, target analysis logic determines whether the request is for a target volume that is within a first or second protected volume. If the request is to modify data stored in the first protected volume, the request is blocked. If the request is to modify data in a second protected volume, then a whitelist is examined to determine whether the requesting process and user are on the whitelist. If not, the request is also blocked.

公开(公告)号：US20220067195A1

公开(公告)日：2022-03-03

申请号：US17475701

申请日：2021-09-15

申请人： Microsoft Technology Licensing, LLC

发明人： Manoharan Kuppusamy ,  Dhananjay Ramakrishnappa ,  Shyam Arunkundram Ramprasad ,  Priyadarshi Ghosh

IPC分类号： G06F21/62 ,  G06F8/61 ,  G06F9/4401

摘要： A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a file open request. If so, target analysis logic determines whether the file open request is for a driver file or for a file within a protected volume that stores a driven whitelist file. If the file open request is for a file stored in a protected volume, the request is blocked. If the file open request is for a driver file, then the driver whitelist file is examined to determine whether the target driver is on the whitelist. If not, the file open request is also blocked.

公开(公告)号：US11151273B2

公开(公告)日：2021-10-19

申请号：US16154144

申请日：2018-10-08

申请人： Microsoft Technology Licensing, LLC

发明人： Manoharan Kuppusamy ,  Dhananjay Ramakrishnappa ,  Shyam Arunkundram Ramprasad ,  Priyadarshi Ghosh

IPC分类号： G06F21/62 ,  G06F8/61 ,  G06F9/4401 ,  G06F12/14 ,  H04L29/06 ,  G06F21/51

摘要： A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a file open request. If so, target analysis logic determines whether the file open request is for a driver file or for a file within a protected volume that stores a driven whitelist file. If the file open request is for a file stored in a protected volume, the request is blocked. If the file open request is for a driver file, then the driver whitelist file is examined to determine whether the target driver is on the whitelist. If not, the file open request is also blocked.

公开(公告)号：US12105820B2

公开(公告)日：2024-10-01

申请号：US17361849

申请日：2021-06-29

申请人： Microsoft Technology Licensing, LLC

发明人： Dhananjay Ramakrishnappa ,  Gregory Irving Thiel ,  Manoharan Kuppusamy ,  Yogesh Bansal

IPC分类号： H04L29/06 ,  G06F9/54 ,  G06F21/62 ,  H04L9/40 ,  H04L29/08 ,  H04L67/564 ,  H04L67/60

CPC分类号： G06F21/6218 ,  G06F9/545 ,  H04L63/101 ,  H04L67/564 ,  H04L67/60

摘要： A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a modification request to modify data in a target volume. If so, target analysis logic determines whether the request is for a target volume that is within a first or second protected volume. If the request is to modify data stored in the first protected volume, the request is blocked. If the request is to modify data in a second protected volume, then a whitelist is examined to determine whether the requesting process and user are on the whitelist. If not, the request is also blocked.

公开(公告)号：US12079364B2

公开(公告)日：2024-09-03

申请号：US17475701

申请日：2021-09-15

申请人： Microsoft Technology Licensing, LLC

发明人： Manoharan Kuppusamy ,  Dhananjay Ramakrishnappa ,  Shyam Arunkundram Ramprasad ,  Priyadarshi Ghosh

IPC分类号： G06F21/62 ,  G06F8/61 ,  G06F9/4401

CPC分类号： G06F21/6227 ,  G06F8/61 ,  G06F9/4411

摘要： A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a file open request. If so, target analysis logic determines whether the file open request is for a driver file or for a file within a protected volume that stores a driven whitelist file. If the file open request is for a file stored in a protected volume, the request is blocked. If the file open request is for a driver file, then the driver whitelist file is examined to determine whether the target driver is on the whitelist. If not, the file open request is also blocked.