Validation for behavior-blocking system
First Claim
Patent Images
1. A method comprising:
- detecting a potentially malicious action of a potentially unsafe application on a first computer system;
checking a local configuration on said first computer system to determine if said potentially unsafe application is an application unknown to said first computer system, wherein upon a determination that said potentially unsafe application is an application unknown to said first computer system during said checking, said method further comprising;
sending an application characteristic of said potentially unsafe application to a second computer system; and
receiving a first response from said second computer system, said first response indicating whether said potentially unsafe application is a safe application, an unsafe application or an unknown application.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes detecting a potentially malicious action of a potentially unsafe application on a host computer system; sending an application characteristic of the potentially unsafe application to a server system; and receiving a response from the server system indicating whether the potentially unsafe application is a safe application, an unsafe application or an unknown application. If the potentially unsafe application in an unknown application, the potentially unsafe application is executed in a sandbox on the server system.
110 Citations
36 Claims
-
1. A method comprising:
-
detecting a potentially malicious action of a potentially unsafe application on a first computer system;
checking a local configuration on said first computer system to determine if said potentially unsafe application is an application unknown to said first computer system, wherein upon a determination that said potentially unsafe application is an application unknown to said first computer system during said checking, said method further comprising;
sending an application characteristic of said potentially unsafe application to a second computer system; and
receiving a first response from said second computer system, said first response indicating whether said potentially unsafe application is a safe application, an unsafe application or an unknown application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
receiving an application characteristic of a potentially unsafe application; and
using said application characteristic to determine whether said potentially unsafe application is a known safe application, a known unsafe application, or an unknown application. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method comprising:
-
detecting a potentially malicious action of a potentially unsafe application on a first computer system;
sending an application characteristic of said potentially unsafe application to a second computer system; and
receiving a first response from said second computer system, said first response indicating whether said potentially unsafe application is a safe application, an unsafe application or an unknown application.
-
-
31. A computer-program product comprising a computer-readable medium containing computer program code comprising:
-
a monitoring and detection application for detecting a potentially malicious action of a potentially unsafe application on a first computer system, said monitoring and detection application further for sending an application characteristic of said potentially unsafe application to a second computer system, and said monitoring and detection application further for receiving a first response from said second computer system, said first response indicating whether said potentially unsafe application is a safe application, an unsafe application or an unknown application.
-
-
32. A computer-program product comprising a computer-readable medium containing computer program code comprising:
-
a validation application for receiving an application characteristic of a potentially unsafe application, and said validation application further for using said application characteristic to determine whether said potentially unsafe application is a known safe application, a known unsafe application, or an unknown application.
-
-
33. A method comprising:
-
detecting a potentially malicious action of a potentially unsafe application; and
using a local configuration to determine if said potentially unsafe application is an unknown application.
-
-
34. A method comprising:
-
detecting a potentially malicious action of a potentially unsafe application on a first computer system;
checking a local configuration on said first computer system to determine if said potentially unsafe application is an application unknown to said first computer system, wherein upon a determination that said potentially unsafe application is an application unknown to said first computer system during said checking, said method further comprises;
determining whether a secure connection exists between said first computer and a second computer. - View Dependent Claims (35, 36)
-
Specification