Managing access to documents with a file monitor
First Claim
1. A system for managing access to documents comprising:
- a hardware processor to;
retrieve, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
modify, via the file monitor, access to the file based on the policy data;
intercept, via the file monitor, a plurality of document management instructions executed with the file;
detect, via the file monitor, at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions; and
execute, via the file monitor, a policy instruction to prevent execution of the at least one document management instruction;
detect sensitive data in the file;
detect a second retrieved file from the case management system with a similarity to the file above a threshold value; and
modify a policy for the second file to indicate that the second file comprises sensitive data.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein is a system and method that can retrieve, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file. A processor can also modify, via the file monitor, access to the file based on the policy data, and intercept a plurality of document management instructions executed with the file. The processor can also detect at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions. Additionally, the processor can execute a policy instruction to prevent execution of the at least one document management instruction.
32 Citations
17 Claims
-
1. A system for managing access to documents comprising:
- a hardware processor to;
retrieve, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
modify, via the file monitor, access to the file based on the policy data;
intercept, via the file monitor, a plurality of document management instructions executed with the file;
detect, via the file monitor, at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions; and
execute, via the file monitor, a policy instruction to prevent execution of the at least one document management instruction;
detect sensitive data in the file;
detect a second retrieved file from the case management system with a similarity to the file above a threshold value; and
modify a policy for the second file to indicate that the second file comprises sensitive data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- a hardware processor to;
-
15. A method for managing access to documents comprising:
- retrieving, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
modifying, via the file monitor, access to the file based on the policy data;
intercepting, via the file monitor, a plurality of document management instructions executed with the file;
detecting, via the file monitor, at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions; and
executing, via the file monitor, a policy instruction to prevent execution of the at least one document management instruction;
detect sensitive data in the file;
detect a second retrieved file from the case management system with a similarity to the file above a threshold value; and
modify a policy for the second file to indicate that the second file comprises sensitive data. - View Dependent Claims (16)
- retrieving, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
-
17. A computer program product for managing access to documents, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a processor to cause the processor to:
- hook into event calls or modify an operating system to execute a file monitor, wherein the file monitor is to monitor, at a kernel level of the operating system, a plurality of system calls involving locally stored files;
retrieve, via the file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file;
modify, via the file monitor, access to the file based on the policy data;
intercept, via the file monitor, a plurality of document management instructions executed with the file;
detect, via the file monitor, at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions; and
execute, via the file monitor, a policy instruction to prevent execution of the at least one document management instruction;
detect sensitive data in the file;
detect a second retrieved file from the case management system with a similarity to the file above a threshold value; and
modify a policy for the second file to indicate that the second file comprises sensitive data.
- hook into event calls or modify an operating system to execute a file monitor, wherein the file monitor is to monitor, at a kernel level of the operating system, a plurality of system calls involving locally stored files;
Specification