Systems and methods for whitelisting file clusters in connection with trusted software packages
First Claim
1. A computer-implemented method for whitelisting file clusters in connection with trusted software packages, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, based on files present on a plurality of computing systems and by a backend server that curates file clusters for the plurality of computing systems, a trusted file cluster that comprises a plurality of clean files, the plurality of clean files representing at least a portion of a single software package;
identifying, based on the files present on the plurality of computing systems and by the backend server, an additional file cluster that;
is not, at the time that the additional file cluster is identified, recognized as part of the single software package; and
includes a plurality of additional files in which each file in the plurality of additional files co-exists with the plurality of clean files included in the trusted file cluster on at least a threshold percentage of computing systems in the plurality of computing systems;
determining that the trusted file cluster and the additional file cluster each represent portions of the single trusted software package; and
in response to determining that the trusted file cluster and the additional file cluster represent portions of the single trusted software package;
merging the trusted file cluster and the additional file cluster into a merged file cluster;
whitelisting the merged file cluster on a whitelist that describes files that are explicitly approved for use on computing devices that utilize the whitelist; and
using the whitelist to treat files represented on the whitelist at a lower level of security than files that are not represented on the whitelist.
6 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for whitelisting file clusters in connection with trusted software packages may include (1) identifying a trusted file cluster that includes a set of clean files, (2) identifying an additional file cluster that includes a set of additional files that typically co-exist with the set of clean files included in the trusted file cluster on computing systems, (3) determining that the trusted file cluster and the additional file cluster represent portions of a single trusted software package, and then, in response to determining that the trusted file cluster and the additional file cluster represent portions of the single trusted software package, (4) merging the trusted file cluster and the additional file cluster into a merged file cluster and (5) whitelisting the merged file cluster. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for whitelisting file clusters in connection with trusted software packages, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying, based on files present on a plurality of computing systems and by a backend server that curates file clusters for the plurality of computing systems, a trusted file cluster that comprises a plurality of clean files, the plurality of clean files representing at least a portion of a single software package; identifying, based on the files present on the plurality of computing systems and by the backend server, an additional file cluster that; is not, at the time that the additional file cluster is identified, recognized as part of the single software package; and includes a plurality of additional files in which each file in the plurality of additional files co-exists with the plurality of clean files included in the trusted file cluster on at least a threshold percentage of computing systems in the plurality of computing systems; determining that the trusted file cluster and the additional file cluster each represent portions of the single trusted software package; and in response to determining that the trusted file cluster and the additional file cluster represent portions of the single trusted software package; merging the trusted file cluster and the additional file cluster into a merged file cluster; whitelisting the merged file cluster on a whitelist that describes files that are explicitly approved for use on computing devices that utilize the whitelist; and using the whitelist to treat files represented on the whitelist at a lower level of security than files that are not represented on the whitelist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for whitelisting file clusters in connection with trusted software packages, the system comprising:
-
an identification module, stored in a non-transitory memory of the system, that; identifies, based on files present on a plurality of computing systems and by a backend server that curates file clusters for the plurality of computing systems, a trusted file cluster comprising a plurality of clean files, the plurality of clean files representing at least a portion of a single software package; and identifies, based on the files present on the plurality of computing systems and by the backend server, an additional file cluster that; is not, at the time that the additional file cluster is identified, recognized as part of the single software package; and includes a plurality of additional files in which each file in the plurality of additional files co-exists with the plurality of clean files included in the trusted file cluster on at least a threshold percentage of computing systems in the plurality of computing systems; a determination module, stored in the memory, that determines that the trusted file cluster and the additional file cluster each represent portions of the single trusted software package; a merging module, stored in the memory, that, in response to determining that the trusted file cluster and the additional file cluster represent portions of the single trusted software package, merges the trusted file cluster and the additional file cluster into a merged file cluster; a whitelisting module, stored in the memory, that; whitelists the merged file cluster on a whitelist that describes files that are explicitly approved for use on computing devices that utilize the whitelist; and uses the whitelist to treat files on the whitelist at a lower level of security than files that are not represented on the whitelist; and at least one physical processor configured to execute the identification module, the determination module, the merging module, and the whitelisting module. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify, based on files present on a plurality of computing systems and by a backend server that curates file clusters for the plurality of computing systems, a trusted file cluster that comprises a plurality of clean files, the plurality of clean files representing at least a portion of a single software package; identify, based on the files present on the plurality of computing systems and by the backend server, an additional file cluster that; is not, at the time that the additional file cluster is identified, recognized as part of the single software package; and includes a plurality of additional files in which each file in the plurality of additional files co-exists with the plurality of clean files included in the trusted file cluster on at least a threshold percentage of computing systems in the plurality of computing systems; determine that the trusted file cluster and the additional file cluster each represent portions of the single trusted software package; and in response to determining that the trusted file cluster and the additional file cluster represent portions of the single trusted software package; merge the trusted file cluster and the additional file cluster into a merged file cluster; whitelist the merged file cluster on a whitelist that describes files that are explicitly approved for use on computing devices that utilize the whitelist; and use the whitelist to treat files represented on the whitelist at a lower level of security than files that are not represented on the whitelist.
-
Specification