Structured rollout of updates to malicious computer code detection definitions

US 20040153666A1
Filed: 02/05/2003
Published: 08/05/2004
Est. Priority Date: 02/05/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for updating an attacking agent detection module in a computer system, the method comprising the steps of:

determining a risk rating for the computer system;

determining a request time in response to the determination of the risk rating;

transmitting a request for an update of the module to an update server at the request time; and

receiving the update from the update server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer-readable media for updating a module (305) for detecting attacking agents. In one embodiment, a scanning engine module (305) determines a risk rating for a client computer system (105). The client (105) determines a request time based upon the risk rating and transmits a request for an update of the scanning engine module (305) to an update server (100) at the request time. The update server (100) then transmits to the client (105) an update for the scanning engine module (305).

Citations

26 Claims

1. A method for updating an attacking agent detection module in a computer system, the method comprising the steps of:
- determining a risk rating for the computer system;
  
  determining a request time in response to the determination of the risk rating;
  
  transmitting a request for an update of the module to an update server at the request time; and
  
  receiving the update from the update server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the step of determining a risk level comprises the sub-step of determining an identity of a user of the computer system.
  - 3. The method of claim 1, wherein the step of determining a risk level comprises determining a number of files on the computer system.
  - 4. The method of claim 1, wherein the step of determining a risk level comprises determining a level of activity for the computer system.
  - 5. The method of claim 4, wherein the level of activity comprises a number of files modified in a predetermined period of time.
  - 6. The method of claim 4, wherein the level of activity comprises an amount of network communication.
  - 7. The method of claim 4, wherein the level of activity comprises an indicator of which applications are run on the client system.
  - 8. The method of claim 1, further comprising the step of contacting the server to determine whether a newer version of the module is available.

9. A method for transmitting updates to an attacking agent detection module to a plurality of client computer systems, the method comprising the steps of:
- requesting a risk rating from each of the plurality of client computer systems;
  
  receiving a risk rating from each of the plurality of client computer systems;
  
  generating an update order for the client computer systems in response to the risk ratings; and
  
  transmitting updates to the client computer systems according to the update order.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the step of determining a risk rating for a client computer system is determined in part according to an identity of a user of the client computer system.
  - 11. The method of claim 9, wherein the risk rating for a client computer system is determined in part according to a number of files on the client computer system.
  - 12. The method of claim 9, wherein the risk rating for a client computer system is determined in part according to a level of activity on the client computer system.

13. A system for updating a scanning engine module in a computer system, the system comprising:
- a risk determination module, configured to generate a risk assessment for the computer system;
  
  an update module, coupled to the risk determination module, and configured to;
  
  determine a request time in response to the risk assessment;
  
  transmit a request for an update of the scanning engine module to an update server at the request time; and
  
  receive the update from the update server.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the risk determination module generates the risk assessment in response to an identity of a user of the computer system.
  - 15. The system of claim 13, wherein the risk determination module generates the risk assessment in response to a number of files on the computer system.
  - 16. The system of claim 13, wherein the risk determination module generates the risk assessment in response to an activity level of the computer system.

17. A computer-readable medium containing computer code instructions for updating an attacking agent detection module in a computer system, the computer code comprising instructions for:
- determining a risk rating for the computer system;
  
  determining a request time in response to the determination of the risk rating;
  
  transmitting a request for an update of the module to an update server at the request time; and
  
  receiving the update from the update server.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer-readable medium of claim 17, wherein the instructions for determining a risk level comprise instructions for determining an identity of a user of the computer system.
  - 19. The computer-readable medium of claim 17, wherein the instructions for determining a risk level comprise instructions for determining a number of files on the computer system.
  - 20. The computer-readable medium of claim 17, wherein the instructions for determining a risk level comprise instructions for determining a level of activity for the computer system.
  - 21. The computer-readable medium of claim 17, further comprising instructions for contacting the server to determine whether a newer version of the module is available.

22. A computer-readable medium containing computer code instructions for transmitting updates to an attacking agent detection module to a plurality of client computer systems, the computer code comprising instructions for:
- requesting a risk rating from each of the plurality of client computer systems;
  
  receiving a risk rating from each of the plurality of client computer systems;
  
  generating an update order for the client computer systems in response to the risk ratings; and
  
  transmitting updates to the client computer systems according to the update order.
- View Dependent Claims (23, 24, 25)
- - 23. The computer-readable medium of claim 22, wherein the risk rating for a client computer system is determined in part according to an identity of a user of the client computer system.
  - 24. The computer-readable medium of claim 22, wherein the risk rating for a client computer system is determined in part according to a number of files on the client computer system.
  - 25. The computer-readable medium of claim 22, wherein the risk rating for a client computer system is determined in part according to a level of activity on the client computer system.

26. A method for updating an attacking agent detection module in a computer system, the method comprising the steps of:
- determining a risk rating for the computer system;
  
  transmitting the risk rating and a request for an update of the module to an update server at the request time; and
  
  receiving the update from the update server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
NortonLifeLock Inc.
Inventors
Sobel, William E.

Application Number

US10/359,416
Publication Number

US 20040153666A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/56   Computer malware detection ...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

Structured rollout of updates to malicious computer code detection definitions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Structured rollout of updates to malicious computer code detection definitions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links