Harmonen
Timo Harmonen, Espoo FI
Patent application number | Description | Published |
---|---|---|
20120017275 | Identifying polymorphic malware - A method and apparatus for identifying an electronic file as polymorphic malware. A server receives from a client device a hash value and metadata associated with an electronic file. The server determines that the received metadata relates to corresponding metadata stored at a database, the corresponding stored metadata being associated with a further hash value that differs from the received hash value. A determination is made that each of the received hash values have been reported by fewer than a predetermined number of clients and, as a result, it is determined that the electronic file is likely to be polymorphic malware. | 01-19-2012 |
Timo Harmonen, Numela FI
Patent application number | Description | Published |
---|---|---|
20120159631 | Anti-Virus Scanning - A method and apparatus for performing an anti-virus scan of a file system. Intermediate scanning results are obtained for a file in the file system, prior to a scan of the file being completed. The intermediate scanning results are then stored in a database. The intermediate scanning results can be used to speed up subsequent scans, and to provide other useful information to an on-line anti-virus server. In a subsequent scan of the file system, a determination is made whether intermediate scanning results relating to the file are available in the database. If they are available for a particular type of intermediate scan, then a scan need not be performed for the file. If they are not, then the scan can be performed. | 06-21-2012 |
Timo Harmonen, Nummela FI
Patent application number | Description | Published |
---|---|---|
20130160124 | Disinfection of a File System - A method for determining appropriate actions to remedy potential security lapses following infection of a device by malware. Following detection of infection of the device the device undergoes a cleaning operation. As part of the cleaning operation infected electronic files and any other associated files or objects are removed from the device. From timestamps associated with the infected files and associated files and objects, either directly or from another source such as an anti-virus trace program, the time of infection can be estimated. This allows the system to reference timestamps on the device to determine the source of the infection. Additionally, if the type of infection is identified timestamps on the device can be used to determine where there are particular areas of vulnerability due to user actions on the device. | 06-20-2013 |