Managed software remediation
First Claim
Patent Images
1. A client device comprising:
- a processor;
a network interface; and
instructions encoded in memory to provide a remediation engine configured to;
identify an application binary as requiring remedial analysis;
extract at least a portion of the application binary for remedial analysis;
send the extracted portion to a remediation server via the network interface;
receive via the network interface remediation data for the application binary; and
personalize the application binary by inserting operating system hooks to selectively enforce access permissions to system services according to the remediation data without modifying the application binary.
10 Assignments
0 Petitions
Accused Products
Abstract
According to one example, a system and method are disclosed for malware and grayware remediation. For example, the system is operable to identify applications that have some legitimate behavior but that also exhibit some undesirable behavior. A remediation engine is provided to detect malware behavior in otherwise useful applications, and allow the useful parts of the application to run while blocking the malware behavior. In an example method of “healing,” this may involve modifying the application binary to remove undesirable behavior. In an example method of “personalization,” this may involve inserting control hooks through the operating system to prevent certain subroutines from taking effect.
-
Citations
23 Claims
-
1. A client device comprising:
-
a processor; a network interface; and instructions encoded in memory to provide a remediation engine configured to; identify an application binary as requiring remedial analysis; extract at least a portion of the application binary for remedial analysis; send the extracted portion to a remediation server via the network interface; receive via the network interface remediation data for the application binary; and personalize the application binary by inserting operating system hooks to selectively enforce access permissions to system services according to the remediation data without modifying the application binary. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of remedying an application binary comprising:
-
identifying the application binary as requiring remedial analysis; extracting at least a portion of the application binary for remedial analysis; sending the extracted portion to a remediation server via the network interface; receiving via a network interface remediation data for the application binary; and personalizing the application binary by inserting operating system hooks to selectively enforce access permissions to system services according to the remediation data without modifying the application binary. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to instruct a computing device to provide a remediation engine for:
-
identifying an application binary as requiring remedial analysis; extracting at least a portion of the application binary for remedial analysis; sending the extracted portion to a remediation server via the network interface; receiving via a network interface remediation data for an application binary; and personalizing the application binary by inserting operating system hooks to selectively enforce access permissions to system services according to the remediation data without modifying the application binary. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification