&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
			function printpage()
			{
			window.print()
			}
			</script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11681591.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,681,591 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>System and method of restoring a clean backup after a malware attack</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Andrey Kulaga,  Moscow (RU);  Oleg Ishanov,  Singapore (SG);  Vladimir Strogov,  Singapore (SG);  Serguei Beloussov,  Costa del Sol (SG); and  Stanislav Protasov,  Singapore (SG)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Acronis International GmbH,  Schaffhausen (CH)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Acronis International GmbH,  Schaffhausen (CH)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Apr.  2, 2020, as Appl. No. 16/838,356.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/828,034, filed on Apr.  2, 2019.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2020/0319979 A1, Oct.  8, 2020</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 11/14</b></i> (2006.01); <i><b>G06F 21/56</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 11/1469</b></i> (2013.01)&#xa0;[<i><b>G06F 21/568</b></i> (2013.01); <i>G06F 2201/84</i> (2013.01); <i>G06F 2221/034</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>21 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11681591-20230620-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method of restoring a clean backup after a malware attack, comprising:<div class="claim_text">forming a list of files that are of a plurality of designated file types that can be infected by malicious software, the files stored on a computing device;</div>
                <div class="claim_text">performing one or more snapshots of the files according to a predetermined schedule over a predetermined period of time;</div>
                <div class="claim_text">performing one or more backups according to a predetermined schedule of the computing device;</div>
                <div class="claim_text">storing the one or more snapshots simultaneously with the one or more backups, wherein the one or more snapshots correlate to one or more of the backups;</div>
                <div class="claim_text">determining that a malware attack is being carried out on the computing device and generating a list of dangerous objects that spread the malware attack, wherein the malware attack comprises a polymorphic virus whose code changes each time an infected file is executed;</div>
                <div class="claim_text">comparing the list of dangerous objects with the one or more snapshots to determine when the malware attack occurred;</div>
                <div class="claim_text">identifying a clean backup that was created most recently before the malware attack as compared to other backups by incrementally scanning a subset of the one or more backups representing half-way points in a binary search until the clean backup that does not include any version of the polymorphic virus is detected; and</div>
                <div class="claim_text">recovering data for the computing device from the clean backup.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>