JOSEPH JOHNSON, LMP
Massage Therapy at 3 Ave, Seattle, WA

2012029, Nov 22, 2012

Jun 16, 2011

13/161950

Vishal Kapoor - Seattle WA, US
Jonathan Mark Keller - Redmond WA, US
Ajith Kumar - Seattle WA, US
Adrian M. Marinescu - Sammamish WA, US
Marc E. Seinfeld - Fort Lauderdale FL, US
Anil Francis Thomas - Redmond WA, US
Michael Sean Jarrett - Kirkland WA, US
Joseph J. Johnson - Seattle WA, US
Joseph L. Faulhaber - Bozeman MT, US

MICROSOFT CORPORATION - Redmond WA

G06F 11/00

726 24

The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.

2013018, Jul 18, 2013

Jan 16, 2012

13/350816

William Pfeifer - Redmond WA, US
Joseph Johnson - Seattle WA, US
Ronald Thompson - Monroe WA, US
Ajith Kumar - Seattle WA, US
Nitin Sood - Redmond WA, US

Microsoft Corporation - Redmond WA

G06F 21/00

726 24

The trust reputation of the combination of an installation package and installer, as a pair, and the combination of a file and an installer, as a pair, is used to store the identity of a file in a persistent cache. An entry in the persistent cache indicates the trust worthiness of a file that does not contain malware thereby avoiding a scan of the file for malware. The trust worthiness of a file may be determined from known trust reputations of the installation package, installer, and file from a network of computing resources. By relying on the known trust reputation of the combination of the installation package and installer and the combination of the file and installer, the identity of the file may be stored in persistent cache quickly.

2012014, Jun 7, 2012

Dec 7, 2010

12/961854

Michael Sean Jarrett - Kirkland VA, US
Joseph Jared Johnson - Seattle WA, US
Vishal Kapoor - Seattle WA, US
Anil Francis Thomas - Redmond WA, US
Eugene John Neystadt - Kfar-Saba, IL
Dennis Scott Batchelder - Bellevue WA, US

Microsoft Corporation - Redmond WA

G06F 21/00

726 24

The subject disclosure is directed towards protecting virtual machines on guest partitions from malware in a resource-efficient manner. Antimalware software is divided into lightweight agents that run on each malware-protected guest partition, a shared scanning and signature update mechanism, and a management component. Each agent provides the scanning mechanism with files to scan for malware, such as by running a script, and receives results from the scanning mechanism including possible remediation actions to perform. The management component provides the scanning mechanism with access to virtual machine services, such as to pause, resume, snapshot and rollback guest partitions as requested by the scanning mechanism.

2011031, Dec 22, 2011

Jun 16, 2010

12/816567

Randal P. Treit - Monroe WA, US
Joseph J. Johnson - Seattle WA, US
Adrian Marinescu - Sammamish WA, US
Nitin Sood - Redmond WA, US
Marc E. Seinfeld - Fort Lauderdale FL, US

Microsoft Corporation - Redmond WA

G06F 21/00

726 23

In some embodiments, a local agent on a target system may evaluate current and/or historical system state information from a store (either local or remote) and dynamically adjust the level of diagnosis performed during the scan based on the evaluated state information. Individual diagnostic scans may, for example, be enabled and disabled based on the context in the store, and each scan may update the context for further evaluation. By employing such an approach, systems with a low risk profile and lacking symptoms of a problem may be scanned quickly while systems that show signs of a problem or have a high risk profile may receive a more thorough evaluation.

2012032, Dec 20, 2012

Jun 16, 2011

13/162211

Michael Jarrett - Kirkland WA, US
Vishal Kapoor - Seattle WA, US
Charles Turner - Bothel WA, US
Joseph Johnson - Seattle WA, US
Jason J. Joyce - Redmond WA, US

MICROSOFT CORPORATION - Redmond WA

G06F 11/00

726 24

Methods, systems, and computer program products are provided for recovering from false positives of malware detection. Malware signatures that are defective may be causing false positives during software scanning for malware. Such defective malware signatures may be detected (e.g., by user feedback, etc.) and revoked. Computers that are using the malware signatures to detect malware may be notified of the revoked signatures, and may be enabled to re-scan content identified as containing malware using malware signatures that do not include the revoked malware signatures. As such, if the content is determined during the re-scan to not be infected, the content may be re-enabled for usage on the computer (e.g., may be restored from quarantine storage).

4067322, Jan 10, 1978

Jan 28, 1976

5/653227

Joseph H. Johnson - Seattle WA

A61B 504

128 206E

A disposable, pre-gel body electrode for short term use has a self-contained electrolyte gel-impregnated pad therein sealed with a cap which minimizes electrolyte dry-out.