&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11947667.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,947,667 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Preventing ransomware from encrypting files on a target machine</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Eldar Aharoni,  Holon (IL);  Vadim Goldstein,  Rishon Lezion (IL);  Mashav Sapir,  Ness-Ziona (IL); and  Jenny Kitaichik,  Ramat-Gan (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Palo Alto Networks, Inc.,  Santa Clara, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jun.  14, 2023, as Appl. No. 18/209,897.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/209,897 is a continuation of application No. 17/989,602, filed on Nov.  17, 2022, granted, now 11,720,671.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/989,602 is a continuation of application No. 17/228,554, filed on Apr.  12, 2021, granted, now 11,531,753, issued on Dec.  20, 2022.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/228,554 is a continuation of application No. 16/130,636, filed on Sep.  13, 2018, granted, now 11,010,469, issued on May   18, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0325499 A1, Oct.  12, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/00</b></i> (2013.01); <i><b>G06F 21/55</b></i> (2013.01); <i><b>G06F 21/56</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/554</b></i> (2013.01)&#xa0;[<i><b>G06F 21/566</b></i> (2013.01); <i>G06F 2221/034</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11947667-20240402-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system, comprising:<div class="claim_text">a processor configured to:<div class="claim_text">monitor file system activities on a computing device;</div>
                  <div class="claim_text">detect an unauthorized activity associated with a honeypot file or a honeypot folder, wherein the honeypot file is a virtual file generated as a spoofed file system response using a filter driver or the honeypot folder is a virtual folder generated as the spoofed file system response using the filter driver, wherein the virtual file is dynamically generated with a spoofed header, a spoofed time stamp, and a spoofed file size using the filter driver, and wherein the virtual folder is not generated for the spoofed file system in response to legitimate directory activities based on an endpoint agent executing on the computing device determining that a return address associated with a request to access a protected directory is associated with a predetermined set of shell related Dynamic Link Libraries (DLLs);</div>
                  <div class="claim_text">perform an action based on a policy in response to the unauthorized activity associated with the honeypot file or the honeypot folder; and</div>
                </div>
                <div class="claim_text">a memory coupled to the processor and configured to provide the processor with instructions.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>