Using multiple layers of policy management to manage risk
First Claim
Patent Images
1. A system, comprising:
- a processor;
a receiver to receive a file at a computer system, the file including a content, the content of the file including a first portion;
a file type identifier to identify a purported file type of the file;
a scanner to scan the content of the file using a set of rules corresponding to the purported file type, the scanner operative to determine that the file does not conform to the set of rules corresponding to the purported file type for a first reason with an associated first issue ID;
a quarantine that can store the file;
a file issue exclusion policy specifying an approved file type and a second issue ID;
a file content policy that can be used to;
allow the first portion of the content of the file to be included in the file, quarantine the file, orsanitize the first portion of the content of the file,the file content policy including a whitelist of known approved portions of content;
the processor executing a comparator to compare the first portion of the content of the file with the whitelist, wherein the first portion of the content of the file can be included in the file based at least in part on the first portion of the content of the file matching a known approved portion of content in the whitelist; and
a transmitter to transmit the file to the recipient instead of storing the file in the quarantine based at least in part on the approved file type in the file issue exclusion policy matching the purported file type and the second issue ID in the file issue exclusion policy matching the first issue ID.
0 Assignments
0 Petitions
Accused Products
Abstract
A system for processing a file using a file issue exclusion policy to manage risk is disclosed. If a file does not conform to a set of rules and would otherwise be quarantined, a file issue exclusion policy can be reviewed. If the file issue exclusion policy indicates that the reason why the file did not conform to the set of rules is acceptable, the file can be delivered to the recipient despite not conforming to the set of rules.
-
Citations
17 Claims
-
1. A system, comprising:
-
a processor; a receiver to receive a file at a computer system, the file including a content, the content of the file including a first portion; a file type identifier to identify a purported file type of the file; a scanner to scan the content of the file using a set of rules corresponding to the purported file type, the scanner operative to determine that the file does not conform to the set of rules corresponding to the purported file type for a first reason with an associated first issue ID;
a quarantine that can store the file;a file issue exclusion policy specifying an approved file type and a second issue ID; a file content policy that can be used to; allow the first portion of the content of the file to be included in the file, quarantine the file, or sanitize the first portion of the content of the file, the file content policy including a whitelist of known approved portions of content; the processor executing a comparator to compare the first portion of the content of the file with the whitelist, wherein the first portion of the content of the file can be included in the file based at least in part on the first portion of the content of the file matching a known approved portion of content in the whitelist; and a transmitter to transmit the file to the recipient instead of storing the file in the quarantine based at least in part on the approved file type in the file issue exclusion policy matching the purported file type and the second issue ID in the file issue exclusion policy matching the first issue ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
receiving a file at a computer system, the file include content; determining a purported file type of the file; scanning the content of the file using a set of rules corresponding to the purported file type, including; identifying a first portion of the content of the file that can include malicious content; accessing a file content policy, including; accessing a whitelist of known approved portions of content; comparing the first portion of the content of the file with the whitelist of known approved portions of content; and based at least in part on the first portion of the content of the file being included in the whitelist, including the first portion of the content of the file in the file; based at least in part on the file content policy specifying that the first portion of the content of the file is allowed, allowing the first portion of the content of the file to be included in the file; based at least in part on the file content policy specifying that the first portion of the content of the file is disallowed, quarantining the file; and based at least in part on the file content policy specifying that the first portion of the content of the file is to be sanitized, sanitizing the first portion of the content of the file; determining that content does not conform to the set of rules corresponding to the purported file type; flagging the file for quarantine; determining a first issue ID for an issue as to why the content does not conform to the set of rules; accessing a file issue exclusion policy, the file issue exclusion policy specifying an approved file type and a second issue ID; and transmitting the file to a recipient instead of quarantining the file based at least in part on approved file type in the file issue exclusion policy matching the purported file type and the second issue ID in the file issue exclusion policy matching the first issue ID. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification