Techniques for detecting malicious files
First Claim
1. A system for detecting malicious files comprising:
- one or more computer processors communicatively coupled to a network, the one or more computer processors being configured to;
collect at least one of a file or an attribute of the file;
determine if the file is malicious;
identify, if the file is determined to be malicious, a download Uniform Resource Locator (URL) from which the file was downloaded, a connection URL to which the file attempted to connect, and a limited time frame associated with the file, the limited time frame having a beginning point in time and an ending point in time; and
create a block policy for the download URL and the connection URL that is configured to be applied only for the limited time frame, the block policy configured to block any network connection with, or block any file from downloading and executing from, the download URL and the connection URL during the limited time frame.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for detecting malicious files are disclosed. In one embodiment, the techniques may be realized as a system for detecting malicious files comprising one or more computer processors. The one or more computer processors may be configured to collect at least one of a file or an attribute of the file. The one or more computer processors may further be configured to determine if the file is malicious. The one or more computer processors may further be configured to identify, if the file is determined to be malicious, a Uniform Resource Locator (URL) and a time frame associated with the file. The one or more computer processors may further be configured to detect a threat based on the URL and the time frame.
12 Citations
20 Claims
-
1. A system for detecting malicious files comprising:
one or more computer processors communicatively coupled to a network, the one or more computer processors being configured to; collect at least one of a file or an attribute of the file; determine if the file is malicious; identify, if the file is determined to be malicious, a download Uniform Resource Locator (URL) from which the file was downloaded, a connection URL to which the file attempted to connect, and a limited time frame associated with the file, the limited time frame having a beginning point in time and an ending point in time; and create a block policy for the download URL and the connection URL that is configured to be applied only for the limited time frame, the block policy configured to block any network connection with, or block any file from downloading and executing from, the download URL and the connection URL during the limited time frame. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A computer-implemented method for detecting malicious files, the method comprising:
-
collecting at least one of a file or an attribute of the file; determining if the file is malicious; identifying, if the file is determined to be malicious, a download Uniform Resource Locator (URL) from which the file was downloaded, a connection URL to which the file attempted to connect, and a limited time frame associated with the file, the limited time frame having a beginning point in time and an ending point in time; and creating a block policy for the download URL and the connection URL that is configured to be applied only for the limited time frame, the block policy configured to block any network connection with, or block any file from downloading and executing from, the download URL and the connection URL during the limited time frame. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium storing instructions thereon that are configured to be executed by at least one processor and thereby cause the at least one processor to operate so as to:
-
collect at least one of a file or an attribute of the file; determine if the file is malicious; identify, if the file is determined to be malicious, a download Uniform Resource Locator (URL) from which the file was downloaded, a connection URL to which the file attempted to connect, and a limited time frame associated with the file, the limited time frame having a beginning point in time and an ending point in time; and create a block policy for the download URL and the connection URL that is configured to be applied only for the limited time frame, the block policy configured to block any network connection with, or block any file from downloading and executing from, the download URL and the connection URL during the limited time frame. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification