throbber
Case 3:17-cv-05659-WHA Document 390-20 Filed 03/14/19 Page 1 of 5
`
`Exhibit Q
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`Case 3:17-cv-05659-WHA Document 390-20 Filed 03/14/19 Page 2 of 5
`
`
`

`
`abcdefÿhdidejklbdimdÿaj
`zticbcb{ztpÿ|l}
`~cjÿ€tee
`W
`nopÿqrbcsetu
`vtlfrmdjÿwÿhlxrylbj
`hrssltd
`U
`)
`
ÿV/ &5
`'04/'
`ÿÿÿ ÿ ÿ!"#" $
`K#MXYZHAGÿIJÿ [# ÿKM"ÿL[\ÿ]KL^ÿZ
`HAGÿIJÿ [# ÿKM"ÿL[\ÿ F"\ÿ_A ÿ`Z
`   ÿ
`%&'(
`ÿ)*ÿ+ ,ÿ&-
`-ÿÿ((
`.'
`ÿ((/
ÿ0/ÿ'.1'2ÿ'3ÿ3
`0
` 4'2ÿ5.6
`7ÿ89ÿ'ÿ'.--
`
`:
`.-ÿ0
0ÿ0

`ÿ;.
`ÿ-ÿ-/.&0
`.ÿ5.6
`<ÿ0ÿ-ÿ'/0ÿ'
`
`--ÿ0/ÿ /'4'&
`ÿ0

`ÿ((
`.'
`ÿ0/ÿ9&0

`
`
`
`=5'
`ÿ0

`ÿ5.6
`7ÿ)
`
`ÿ>2&
`ÿ 7
`?@AÿBCÿDEFGÿHAGÿIJÿKLÿLGÿGG#MÿNÿ@ÿ
`O
ÿ'.--ÿ0
`
'P&
`ÿ 
`0
`-ÿÿ:
`3 0ÿ'&5
`<ÿ6

ÿ-ÿ /5'
`3ÿ0/ÿ 
`0
`ÿÿ;'.ÿ:
`3 0
`'&5
`ÿ
`06
`
`'ÿ ÿ'3ÿ Q7ÿ+ÿ:
`3 0ÿ'&5
`ÿ-ÿÿ- /
`ÿ/ÿ0

`0ÿ.
`:
`.7ÿ

`ÿ
2

`ÿ0

`ÿ'&5
`<ÿ0

`
`
`
2

`ÿ0

`ÿ5.6
`ÿ0

`07ÿ

`ÿ)RSÿ)
`
`-ÿ3
`:
`ÿ /5(
`-ÿ0
-ÿ:
`3 0ÿ'&5
`ÿ0/ÿ0

`ÿ(/. 
`-
`T'2-ÿ'3ÿ
`0

`ÿ(
`50-ÿ/ÿ3
`'
`-ÿ0

`ÿ-
`--/'7ÿ89ÿ0

`ÿ-
`--/'ÿ-ÿ3
`'
`3<ÿÿ
`-
`0ÿ( *
`0ÿ-ÿ-
`'0ÿ0/
`0

`ÿ .
`'0ÿ'3ÿ0

`ÿ( *
`0-ÿ
`ÿ3/((
`3ÿ9/5ÿ0

`ÿ-
`:
`7
`
`

`

`When a file is analyzed, a file hash is generated, and the results of the analysis are stored ina
`
`database. When a file is uploaded to the Juniper Sky ATP cloud, the first step is to check whether
`
`this file has been looked at before.If it has, the stored verdict is returned to the SRX Series device
`
`and there is no need to re-analyzethe file. In addition to files scanned by Juniper Sky ATP,
`
`information about common malwarefiles is also stored to provide faster response.
`
`Cache lookup is performedin real time. All other techniques are done offline. This means thatif
`
`the cache lookup doesnotreturn a verdict, the file is sent to the client system while the Juniper
`
`Sky ATP cloud continues to examine the file using the remaining pipeline techniques.If a later
`
`analysis returns a malware verdict, then the file and hostare flagged.
`
`Antivirus Scan
`
`Case 3:17-cv-05659-WHA Document 390-20 Filed 03/14/19 Page 3 of 5
`Case 3:17-cv-05659-WHA Document 390-20 Filed 03/14/19 Page 3of5
`Cache Lookup
`
`  ÿ
`
`
ÿÿ ÿÿ ÿÿ ÿ

ÿÿ   ÿÿ
ÿ ÿÿ
ÿÿ ÿ ÿÿ
` ÿ
ÿÿ ÿÿ! ÿÿ
ÿ"! ÿ#$ÿ%&'ÿ(ÿ
ÿÿ !ÿÿÿ(
($ÿ)


`
ÿ ÿ
ÿ ÿ$ ÿÿ  ÿ*ÿÿ
ÿ
ÿ ÿ+ (ÿÿ  ÿÿ
ÿ#,-ÿ#  ÿ +(
`ÿ
 ÿÿÿ ÿÿ . ÿ
ÿ ÿ*ÿ/ÿÿ ÿ( ÿÿ"! ÿ#$ÿ%&'
`0/ÿÿ(00ÿ0) ÿ ÿÿÿ ÿÿ!+ ÿ ÿ !
`1(
ÿ$!ÿÿ! 0 ÿÿ ÿ/0 ÿ%ÿ
ÿ (
2 ÿ ÿ ÿ3 ÿ&
ÿ0 ÿ
ÿ
`
ÿ((
ÿ$!ÿ ÿÿ ÿÿ+ (ÿ
ÿ ÿÿ ÿÿ
ÿ( ÿ 0ÿ)
 ÿ
ÿ"! 
`6789:; <ÿ= 7
`#$ÿ%&'ÿ(ÿ(/ ÿÿ 40 ÿ
ÿ ÿÿ
ÿ 0ÿ!!  ÿ (
2  ÿ*ÿÿ 
`ÿ ÿÿ0) ÿ+ (ÿ
ÿ
ÿ ÿÿ
ÿ ÿ5 
`&
ÿ+ ÿÿ/+ÿ>) ÿÿÿ! (/ÿÿÿ ÿ0 ÿÿ! /ÿ
 
`(
ÿÿ+ ÿ?ÿ)0ÿ!) ÿÿ$ ÿ&
ÿ+ ÿÿ/+ÿ>) ÿ
`
ÿÿÿ)ÿ
ÿ
ÿ0) ÿ&
ÿ+ÿ(0 ÿÿÿ
ÿ!(
ÿÿ
ÿ+ÿ(0 
` ( ÿ%/+ÿÿ @ ÿÿ  ÿ0ÿ
 ÿÿ$)ÿ0) ÿ
ÿ .ÿ
 
`"! ÿ#$ÿ%&'ÿ/ ÿ0/! ÿ/+ÿ>) ÿ!($ ÿÿ?ÿ ÿÿ ÿÿ ÿ&

` /+  =A 8ÿ67 BC<:<
` ÿ ÿ
ÿ ÿÿ
ÿ0(
 ÿ ÿ
0ÿÿ+ (0 ÿ ÿ!/+ ÿÿ
`#/(ÿÿ 40 ÿ ÿ)
ÿ(ÿÿ
0 ÿD(ÿ/(ÿÿÿ
E)
`ÿÿ!(ÿÿFGÿ ( ÿ&
ÿ)ÿ ÿ 40! ÿÿ ÿ/(ÿÿ! (H
`I ÿ0/JK0 ÿÿ
ÿ ÿ
ÿ+ ÿÿ( ÿÿ
ÿ ÿÿ
ÿÿ
`
ÿ ÿ)ÿ(0! ÿ
`1  ÿÿ(/ÿ J*ÿ
ÿ ÿ0ÿ
ÿ )ÿ Lÿ*ÿÿ(
ÿ$
`*MNÿ%'*L
`O ÿ !JP)ÿ0ÿÿ
ÿ Lÿ%ÿ(00ÿ (
2 ÿÿ0) ÿÿÿ (!ÿ!/
`
`ÿ
ÿ( ÿÿ
ÿ (!ÿÿÿ/0 ÿ%ÿÿÿ (!/ÿÿÿÿ(/ÿÿ

` ÿÿ0)
`&
ÿ!ÿÿ
ÿ/(ÿÿÿ ÿÿ
ÿ0(
 ÿ ÿ
0ÿÿ0!+ ÿ
ÿ+ (
`(((
`
`The advantageof antivirus softwareis its protection against a large numberof potential threats,
`
`such as viruses, trojans, worms, spyware,and rootkits. The disadvantage of antivirus softwareis
`
`thatit is always behind the malware.The virus comesfirst and the patch to the virus comes
`
`second. Antivirus is better at defending familiar threats and known malware than zero-day threats.
`
`Juniper Sky ATP utilizes multiple antivirus software packages, not just one, to analyzea file. The
`
`results are then fed into the machine learning algorithm to overcome false positives and false
`
`negatives.
`
`Static Analysis
`
`Static analysis examinesfiles without actually running them. Basic static analysis is straightforward
`
`and fast, typically around 30 seconds.The following are examples of areas static analysis inspects:
`
`¢« Metadata information—Name ofthe file, the vendor or creator of this file, and the original data
`
`the file was compiled on.
`
`¢ Categories of instructions used—Is the file modifying the Windowsregistry?Is it touching disk
`
`I/O APIs?.
`
`e File entropy—Howrandomis the file? A common technique for malwareis to encrypt portions
`
`of the code and then decryptit during runtime. A lot of encryptionis a strong indication a this
`
`file is malware.
`
`The output of the static analysis is fed into the machine learning algorithm to improve the verdict
`
`accuracy.
`
`

`

`Case 3:17-cv-05659-WHA Document 390-20 Filed 03/14/19 Page 4 of 5
`
`  ÿ
`
`
`
`
ÿÿÿ
ÿ ÿ ÿ ÿÿ ÿÿÿ ÿ!ÿ"
ÿ ÿ#ÿ$ 
` ÿ%&'()*+,'-#ÿÿ ÿÿ.  ÿÿÿÿ / . ÿÿÿ . ÿ 0 !ÿ1.ÿ
ÿ#
`ÿ ÿ ÿ 0 ÿÿ ÿ.#ÿÿÿÿ0.ÿ
 #ÿ ÿÿ ÿ ÿ
`ÿÿ0!ÿ
ÿ ÿÿ. ÿÿ
ÿ 0 ÿ ÿÿ2 ÿÿ.ÿÿ 0 
`. !ÿ3 ÿ
ÿ4 ÿ ÿ
ÿ #ÿ
ÿ  ÿÿ0ÿÿ 2 ÿ ÿ ÿÿ

`
 ÿ ÿ
ÿÿ   ÿÿ0  !
`5
 ÿ2 ÿÿ  ÿÿ 6/ÿ 0 ÿ . ÿÿÿ7ÿÿ
.ÿ #
`.
ÿÿ. ÿ0  !ÿ8. ÿ57ÿ9 :ÿ. ÿÿ.6 ÿÿ(;<;=>,*'ÿ>;<@',AB;%ÿÿ7ÿ

`2 ÿÿ  ÿ
ÿÿÿ ÿ. ÿ 0 !ÿCÿ / #ÿ8. ÿ57ÿ9 :ÿD
`E   ÿÿ ÿ4 ÿÿ. ÿ ÿ.
ÿÿ. ÿ0  #ÿ.
`7 7 #ÿ ÿÿ ÿ.
ÿÿ$2 ÿ7 !
`F  ÿ7 ÿ

G0. ÿ ÿÿ
ÿ #ÿ.
ÿÿ ÿ #ÿ. ÿ #ÿ ÿÿ 
` 27ÿ2
ÿH  ÿ !
`F  ÿ0. 6 ÿ ÿÿ
ÿ ÿ !
`1  ÿ 
I. ÿ6ÿ
 0 ÿ ÿ6ÿ
ÿ  ÿ ÿ2
 ÿ .ÿ
`0 !ÿ
ÿÿ6ÿ
ÿ  ÿ ÿÿ
ÿ 6/ÿ
ÿ ÿÿ.ÿÿ6 . ÿ

`J KLÿML NOÿ OPNQK
`
` ÿ
ÿ2 ÿÿ ÿ ÿ0!ÿ
ÿ ÿ
ÿ ÿ.ÿ
ÿ ÿ ÿÿ6 ÿ
`  ÿ2

ÿÿÿ2 !
`8. ÿ57ÿ9 :ÿ. ÿÿ2ÿ ÿ  ÿÿ
 ÿ ÿÿÿÿ!
`R
 ÿ ÿ S ÿ4 ÿ ÿ  ÿÿÿ0 ÿ ÿ!ÿ

`
 ÿ ÿ
ÿÿ ÿ2
ÿ . ÿÿ
. ÿÿ2 ÿ ÿ
`TKNL QÿMLUL
`
`
. ÿÿ 2 ÿ !ÿHÿ ÿ2
ÿ2 ÿ7ÿ7 #ÿ ÿÿ .ÿ G
`ÿ ÿ ÿÿ
 ÿ 00 !
`8. ÿ57ÿ9 :ÿÿÿ.6 ÿ6 2 ÿVGWVÿÿ  ÿ
ÿ
 ÿ 0 ÿÿ ÿ ÿ
`2 ÿ ÿ
ÿ
 ÿ 0 ÿÿ  ÿ
!ÿ5 ÿ 6 ÿW!
` 6 ÿWDÿ
 ÿX 0 ÿ1 
`
`

`

`Case 3:17-cv-05659-WHA Document 390-20 Filed 03/14/19 Page 5 of 5
`
`<=>?@AÿC?D?E
`F?GHIJKH
`L
`M  Nÿ ÿ .
` ÿÿO-
`PÿQÿR
`2 1ÿ
 ÿ  
`SÿQÿT
`U-ÿ
 ÿ  
`VÿQPL
`W8
ÿ
 ÿ  
` ÿ ÿ 
` ÿ ÿ
 ÿ  ÿÿ
ÿÿÿÿÿÿ  ÿ
 
`
` !"# $ÿ&'()* +#",'+
`ÿÿ- .-ÿ
 ÿ
` 
`/ 
 -ÿ01
`ÿÿ- .-ÿ
 ÿ
` ÿ2.ÿ
`34567ÿ ÿ 8ÿ
`ÿÿ9: ÿ 8ÿ;
`XYZ[\]^
`_`abcÿef
`ghijjifgaikaihcjÿljfkamfn`noncp
`qmrjfcaiÿljohsamf
`tjufiaav
`gamchwcÿef
`qvhxjÿyn`ihip
`z\{|]}{~
`
`

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket