US 12,273,375 B2
Detection of and protection from malware and steganography
Stewart P. MacLeod, Woodinville, WA (US); and Robert Pike, Woodinville, WA (US)
Assigned to Cyemptive Technologies, Inc., Woodinville, WA (US)
Filed by Cyemptive Technologies, Inc., Woodinville, WA (US)
Filed on Dec. 28, 2022, as Appl. No. 18/147,478.
Application 18/147,478 is a continuation of application No. 15/993,426, filed on May 30, 2018, granted, now 11,575,704.
Claims priority of provisional application 62/512,659, filed on May 30, 2017.
Prior Publication US 2023/0231872 A1, Jul. 20, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 11/20 (2006.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01)
CPC H04L 63/145 (2013.01) [G06F 11/2038 (2013.01); G06F 21/554 (2013.01); G06F 21/566 (2013.01); H04L 63/0263 (2013.01); H04L 63/1416 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for real-time detection of and protection from steganography in a kernel mode, comprising:
receiving a file at a managed node;
storing the received file in a file system of the managed node;
determining a size of the received file by retrieving size data from a plurality of sections within the received file;
retrieving a filesize value corresponding to the received file by accessing the filesize value from a source in the file system other than the stored file;
comparing the determined size of the received file to the stored filesize value of the received file;
determining, based on the comparison, that the determined size of the received file is different from the stored filesize value of the received file;
executing, responsive to determining that the determined size of the received file is greater than the stored filesize value of the received file, steganography detection analytics on the received file;
executing a steganography remediation action based on the steganography detection analytics; and
transmitting information describing the steganography remediation action to a client device.