System and method for detecting malicious applications

US 20040205354A1
Filed: 04/10/2003
Published: 10/14/2004
Est. Priority Date: 04/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method for detecting malicious applications comprising:

determining whether a communication is attempting to occur, wherein the communication is associated with a first application;

determining whether there is a second application associated with the first application; and

determining whether the second application is trusted.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for detecting malicious computer applications. According to an embodiment of the present invention, it is determined whether a communication is attempting to occur, wherein the communication is associated with a first application. It is also determined whether there is a second application associated with the first application; and also determined whether the second application is trusted.

28 Citations

View as Search Results

20 Claims

1. A method for detecting malicious applications comprising:
- determining whether a communication is attempting to occur, wherein the communication is associated with a first application;
  
  determining whether there is a second application associated with the first application; and
  
  determining whether the second application is trusted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising identifying the second application as launching the first application.
  - 3. The method of claim 2, further comprising associating the first application with the second application in a process tree.
  - 4. The method of claim 1, further comprising determining whether the first application is a trusted launcher.
  - 5. The method of claim 1, further comprising listing the second application in a warning if it is determined that the second application is not trusted.
  - 6. The method of claim 1, further comprising determining whether there is an untrusted launcher warning.
  - 7. The method of claim 1, further comprising allowing the communication if there is no warning.
  - 8. The method of claim 1, further comprising allowing the communication if the first application and second application are trusted.
  - 9. The method of claim 1, further comprising allowing the communication if a user permits the communication.
  - 10. The method of claim 9, further comprising adding the second application to a list of trusted launcher if the user permits the communication.

11. A system for detecting malicious applications comprising:
- a processor configured to determine whether a communication is attempting to occur, wherein the communication is associated with a first application;
  
  determine whether there is a second application associated with the first application; and
  
  determine whether the second application is trusted; and
  
  a memory coupled with the processor, wherein the memory provides instructions to the processor.
- View Dependent Claims (12, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the second application launched the first application.
  - 15. The system of claim 11, wherein the processor is further configured to determine whether the first application is a trusted launcher.
  - 16. The system of claim 11, wherein the processor is further configured to list the second application in a warning if it is determined that the second application is not trusted.
  - 17. The system of claim 11, wherein the processor is further configured to determine whether there is an untrusted launcher warning.
  - 18. The system of claim 11, wherein the processor is further configured to allow the communication if a user permits the communication.
  - 19. The system of claim 18, wherein the processor is further configured to add the second application to a list of trusted launcher if the user permits the communication.

20. A computer program product for detecting malicious applications, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
- determining whether a communication is attempting to occur, wherein the communication is associated with a first application;
  
  determining whether there is a second application associated with the first application; and
  
  determining whether the second application is trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Gabriel, Basil, Spiegel, Mark

Granted Patent

US 7,788,724 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/556   involving covert channels, ...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

System and method for detecting malicious applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for detecting malicious applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links