Off node scanning

US 10,621,357 B2
Filed: 08/31/2017
Issued: 04/14/2020
Est. Priority Date: 08/31/2017
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more processors; and

one or more hardware storage devices having stored thereon instructions that are executable by the one or more processors to configure the system to facilitate secure scanning of other computing systems while reducing risk introduced by computer scanners, including instructions that are executable to configure the computer system to perform at least the following;

receiving system state data of a target computer;

generating a virtual replica of the target computer, from the system state data, on a second computer isolated from the target computer; and

providing a computer scanner access to the system state data of the target computer with the virtual replica of the target computer, while preventing the computer scanner from having access to the target computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security risks associated with scanning a computer are at least mitigated by performing the scanning off node. State data of a target node, or computer, can be acquired in various ways. The acquired state data can be subsequently employed to generate a virtual replica of the target computer or portion thereof on a second computer isolated from the target computer. The virtual replica of the target computer provides a scanner access to the data needed to perform a scan on the second computer without accessing or being able to impact the target computer.

25 Citations

20 Claims

1. A system comprising:
- one or more processors; and
  
  one or more hardware storage devices having stored thereon instructions that are executable by the one or more processors to configure the system to facilitate secure scanning of other computing systems while reducing risk introduced by computer scanners, including instructions that are executable to configure the computer system to perform at least the following;
  
  receiving system state data of a target computer;
  
  generating a virtual replica of the target computer, from the system state data, on a second computer isolated from the target computer; and
  
  providing a computer scanner access to the system state data of the target computer with the virtual replica of the target computer, while preventing the computer scanner from having access to the target computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1 further comprising collecting the system state data from the target computer.
  - 3. The system of claim 1 further comprising collecting the system state data from a copy of a virtual hard disk of the target computer provided by a storage service.
  - 4. The system of claim 1 further comprising collecting the system state data of the target computer and saving the system state data externally to a nonvolatile data store accessible by the data acquisition component.
  - 5. The system of claim 1, further comprising intercepting a request by the computer scanner to an operating system of an underlying computer executing the virtual replica of the target computer and returning data from the target computer that satisfies the request.
  - 6. The system of claim 1, wherein the computer scanner is developed by a second entity different from and independent of a first entity that provides a platform for execution of the target computer.
  - 7. The system of claim 1, wherein the computer scanner is an authenticated vulnerability scanner that scans a computer for security vulnerabilities.
  - 8. The system of claim 7, wherein the system state data comprises a directory listing.

9. A method performed by a computing system comprising at least one processor coupled to a memory storing machine-executable instructions, the method comprising:
- generating a virtual replica of a target computer on a second computer, isolated from the target computer, based on state data collected from the target computer;
  
  receiving a request for the state data of the target computer from a computer scanner;
  
  retrieving the state data that satisfies the request from the virtual replica of the target computer; and
  
  providing retrieved state data to the computer scanner in response to the request, while preventing the computer scanner from having access to the target computer, thereby reducing risk introduced by the computer scanner.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9 further comprising collecting the state data from a collection component executed on the target computer.
  - 11. The method of claim 9 further comprising:
    - requesting a copy of a virtual hard disk of the target computer from a storage service; and
      
      collecting the state data from the copy of a virtual hard disk received in response to the request.
  - 12. The method of claim 9 further comprising:
    - collecting state data from the target computer; and
      
      storing the state data to a non-volatile store external to the target computer.
  - 13. The method of claim 9 further comprising loading a third-party computer scanner on the second computer configured to request the state data.
  - 14. The method of claim 9 further comprising:
    - intercepting the request by the computer scanner for the state data from the target computer; and
      
      retrieving the state data from the target computer that satisfies the request from the virtual replica of the target computer.
  - 15. The method of claim 9 further comprising loading a third-party scanner library on the second computer configured to request the state data and communicate with a third-party computer scanner component, executable on a third computer, configured to analyze the state data and return a scan result.
  - 16. The method of claim 9 further comprising:
    - receiving a report based on a scan result; and
      
      conveying, for display on a display device, the report.

17. A computer-readable storage medium having instructions stored thereon that enable at least one processor to perform a method upon execution of the instructions, the method comprising:
- generating a virtual replica of a target computer, on a second computer distinct from the target computer, with state data of the target computer;
  
  receiving a request for the state data of the target computer from a third-party vulnerability scanner;
  
  retrieving the state data of the target computer that satisfies the request from the virtual replica of the target computer on the second computer;
  
  returning the state data to the third-party vulnerability scanner in response to the request, while preventing the third-party vulnerability scanner from having access to the target computer, thereby reducing risk introduced by the third-party vulnerability scanner; and
  
  receiving a vulnerability assessment based on a scan of the state data.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable storage medium of claim 17 further comprising collecting the state data from the target computer with a collection component installed on the target computer.
  - 19. The computer-readable storage medium of claim 17 further comprising collecting the state data from a copy of a virtual hard disk of the target computer provided by a storage service.
  - 20. The computer-readable storage medium of claim 17 wherein the vulnerability assessment is received from the third-party vulnerability scanner based on the scan of the state data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Ochs, Rebecca Jean, Chinta, Ramesh, Satapathy, Amrita, Cooperstein, Jeffrey, Parthasarathy, Harini, Field, Scott Antony, Rouatbi, Mohamed, Gonzalez, Julian Federico
Primary Examiner(s)
Zhao, Don G

Application Number

US15/692,393
Publication Number

US 20190065754A1
Time in Patent Office

957 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

Off node scanning

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Off node scanning

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links