&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
			function printpage()
			{
			window.print()
			}
			</script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11720671.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,720,671 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Preventing ransomware from encrypting files on a target machine</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Eldar Aharoni,  Holon (IL);  Vadim Goldstein,  Rishon Lezion (IL);  Mashav Sapir,  Ness-Ziona (IL); and  Jenny Kitaichik,  Ramat-Gan (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Nov.  17, 2022, as Appl. No. 17/989,602.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/989,602 is a continuation of application No. 17/228,554, filed on Apr.  12, 2021, granted, now 11,531,753.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/228,554 is a continuation of application No. 16/130,636, filed on Sep.  13, 2018, granted, now 11,010,469, issued on May   18, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0078950 A1, Mar.  16, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/00</b></i> (2013.01); <i><b>G06F 21/55</b></i> (2013.01); <i><b>G06F 21/56</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/554</b></i> (2013.01)&#xa0;[<i><b>G06F 21/566</b></i> (2013.01); <i>G06F 2221/034</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>21 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11720671-20230808-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system, comprising:<div class="claim_text">a processor configured to:<div class="claim_text">monitor file system activities on a computing device;</div>
                  <div class="claim_text">detect an unauthorized activity associated with a honeypot file or honeypot folder, wherein the honeypot file is a virtual file generated as a spoofed file system response using a filter driver or the honeypot folder is a virtual folder generated as the spoofed file system response using the filter driver, wherein the virtual file is dynamically generated using the filter driver with at least one of the following: a spoofed header, a spoofed time stamp, and a spoofed file size; and</div>
                  <div class="claim_text">perform an action based on a policy in response to the unauthorized activity associated with the honeypot file or the honeypot folder, wherein the action comprises one or more of the following: kill a process based on the policy in response to the unauthorized activity associated with the honeypot file or the honeypot folder associated with the process, or generate an alert based on the policy in response to the unauthorized activity associated with the honeypot file or honeypot folder; and</div>
                </div>
                <div class="claim_text">a memory coupled to the processor and configured to provide the processor with instructions.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>