Managed software remediation

US 10,305,929 B2
Filed: 12/21/2013
Issued: 05/28/2019
Est. Priority Date: 09/27/2013
Status: Active Grant

First Claim

Patent Images

1. A client device comprising:

a processor;

a network interface; and

instructions encoded in memory to provide a remediation engine configured to;

identify an application binary as requiring remedial analysis;

extract at least a portion of the application binary for remedial analysis;

send the extracted portion to a remediation server via the network interface;

receive via the network interface remediation data for the application binary; and

personalize the application binary by inserting operating system hooks to selectively enforce access permissions to system services according to the remediation data without modifying the application binary.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one example, a system and method are disclosed for malware and grayware remediation. For example, the system is operable to identify applications that have some legitimate behavior but that also exhibit some undesirable behavior. A remediation engine is provided to detect malware behavior in otherwise useful applications, and allow the useful parts of the application to run while blocking the malware behavior. In an example method of “healing,” this may involve modifying the application binary to remove undesirable behavior. In an example method of “personalization,” this may involve inserting control hooks through the operating system to prevent certain subroutines from taking effect.

Citations

23 Claims

1. A client device comprising:
- a processor;
  
  a network interface; and
  
  instructions encoded in memory to provide a remediation engine configured to;
  
  identify an application binary as requiring remedial analysis;
  
  extract at least a portion of the application binary for remedial analysis;
  
  send the extracted portion to a remediation server via the network interface;
  
  receive via the network interface remediation data for the application binary; and
  
  personalize the application binary by inserting operating system hooks to selectively enforce access permissions to system services according to the remediation data without modifying the application binary.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The client device of claim 1, wherein the system services are selected from the group consisting of geographic location, e-mail, short messaging service, telephony, contacts, internet access, camera, touchscreen, microphone, and speakers.
  - 3. The client device of claim 1, wherein the remediation data comprises personalization rules.
  - 4. The client device of claim 3, wherein the personalization rules comprise structured data identifying one or more malware behaviors in the application binary, and a remedial action for each malware behavior identified.
  - 5. The client device of claim 3, wherein the personalization rules comprise a malware reputation for the application binary.
  - 6. The client device of claim 1, wherein the instructions encoded in memory to provide a remediation engine are further configured to provide a user interface to receive a user selection to permit or block an action of the application binary, and to selectively enforce access permissions based on the user selection.
  - 7. The client device of claim 1, wherein the instructions encoded in memory to provide a remediation engine are further configured to identify an action of the application binary as a blacklisted action according to the remediation data, and to block the blacklisted action without user input.

8. A method of remedying an application binary comprising:
- identifying the application binary as requiring remedial analysis;
  
  extracting at least a portion of the application binary for remedial analysis;
  
  sending the extracted portion to a remediation server via the network interface;
  
  receiving via a network interface remediation data for the application binary; and
  
  personalizing the application binary by inserting operating system hooks to selectively enforce access permissions to system services according to the remediation data without modifying the application binary.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - disassembling the application binary;
      
      detecting malware behavior in the application binary; and
      
      healing the application binary by inserting or removing instructions to ameliorate the malware behavior and recompile the application binary.
  - 10. The method of claim 8, wherein the system services are selected from the group consisting of geographic location, e-mail, short messaging service, telephony, contacts, Internet access, camera, touchscreen, microphone, and speakers.
  - 11. The method of claim 8, wherein the remediation data comprises personalization rules.
  - 12. The method of claim 11, wherein the personalization rules comprise structured data identifying one or more malware behaviors in the application binary, and a remedial action for each malware behavior identified.
  - 13. The method of claim 11, wherein the personalization rules comprise a malware reputation for the application binary.
  - 14. The method of claim 8, further comprising selectively enforcing access permissions based on a user configuration.
  - 15. The method of claim 14, wherein the user configuration comprises instructions operable to provide interactive user input.

16. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to instruct a computing device to provide a remediation engine for:
- identifying an application binary as requiring remedial analysis;
  
  extracting at least a portion of the application binary for remedial analysis;
  
  sending the extracted portion to a remediation server via the network interface;
  
  receiving via a network interface remediation data for an application binary; and
  
  personalizing the application binary by inserting operating system hooks to selectively enforce access permissions to system services according to the remediation data without modifying the application binary.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The one or more tangible, non-transitory computer-readable mediums of claim 16, wherein the instructions are further to instruct the computing device for:
    - disassembling the application binary;
      
      detecting malware behavior in the application binary; and
      
      healing the application binary by inserting or removing instructions to ameliorate the malware behavior and recompile the application binary.
  - 18. The one or more tangible, non-transitory computer-readable mediums of claim 16, wherein the system services are selected from the group consisting of geographic location, e-mail, short messaging service, telephony, contacts, internet access, camera, touchscreen, microphone, and speakers.
  - 19. The one or more tangible, non-transitory computer-readable mediums of claim 16, wherein the remediation data comprises personalization rules.
  - 20. The one or more tangible, non-transitory computer-readable mediums of claim 19, wherein the personalization rules comprise structured data identifying one or more malware behaviors in the application binary, and a remedial action for each malware behavior identified.
  - 21. The one or more tangible, non-transitory computer-readable mediums of claim 19, wherein the personalization rules comprise a malware reputation for the application binary.
  - 22. The one or more tangible, non-transitory computer-readable mediums of claim 16, further comprising selectively enforcing access permissions based on a user configuration.
  - 23. The one or more tangible, non-transitory computer-readable mediums of claim 22, wherein the user configuration comprises instructions operable to provide interactive user input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Kulkarni, Dattatraya, Nalluri, Srikanth, Sinha, Raja, Krishnapur, Venkatasubrahmanyam
Primary Examiner(s)
Harris, Christopher C

Application Number

US14/913,722
Publication Number

US 20160205115A1
Time in Patent Office

1,984 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/568   eliminating virus, restorin...

G06F 21/6245   Protecting personal data, e...

G06F 21/629   to features or functions of...

H04L 63/102   Entity profiles

H04L 63/145   the attack involving the pr...

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

Managed software remediation

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Managed software remediation

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links