&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12086234.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,086,234 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>System and method for checking reputations of executable files using file origin analysis</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Shirish Vijayvargiya,  Pune (IN);  Pankaj Suryawanshi,  Pune (IN); and  Roshan Kolhe,  Pune (IN)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  VMware LLC,  Palo Alto, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  VMWARE, INC.,  Palo Alto, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Oct.  22, 2021, as Appl. No. 17/507,825.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Claims priority of application No. 202141035579 (IN), filed on Aug.  6, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0041397 A1, Feb.  9, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 29/06</b></i> (2006.01); <i><b>G06F 21/52</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/52</b></i> (2013.01)&#xa0;[<i>G06F 2221/033</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12086234-20240910-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A computer-implemented method for checking reputations of executable files in an endpoint device, the method comprising:<div class="claim_text">executing an integrity verification on an executable file being scanned to determine whether the executable file has been unaltered since being installed in the endpoint device, wherein executing an integrity verification comprises:<div class="claim_text">computing a hash of the executable file;</div>
                  <div class="claim_text">searching for a stored hash of the executable file in a local storage of the endpoint device;</div>
                  <div class="claim_text">comparing the computed hash of the executable file with the stored hash of the executable file; and</div>
                  <div class="claim_text">when the computed hash of the executable file matches the stored hash of the executable file, determining that the executable file has been unaltered since being installed in the endpoint device;</div>
                </div>
                <div class="claim_text">when the executable file has been determined to be altered since being installed in the endpoint device, setting a reputation of the executable file as unknown;</div>
                <div class="claim_text">when the executable file has been determined to be unaltered since being installed in the endpoint device, executing a file origin analysis on the executable file based on a vendor identifier for the executable file to determine whether the executable file is from an approved source, wherein the vendor identifier for the executable file is a key used to sign a software installer package that included the executable file that is stored locally when the software installer package is installed in the endpoint device; and</div>
                <div class="claim_text">when the executable file is determined to be from an approved source, producing an output that indicates that the executable file has an approved reputation.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>