Filter driver for identifying disk files by analysis of content
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for excluding certain types of files from being saved to a system by examining file data. The file data is examined by: mapping the circular queue to memory; reading the file identifiers from the circular queue (a named mutex is locked until all file identifiers have been read from the queue); using the file identifier to open the file; scanning the opened file to create a file signature; comparing the file signature to each entry on a list of signature criteria; and performing a storage policy if there is a match.
-
Citations
33 Claims
-
1-13. -13. (canceled)
-
14. A method, comprising:
-
intercepting an operation to save a file to a system;
determining whether a file signature corresponding to said file matches one or more signatures stored in a signature database;
in response to determining that said file signature matches one or more signatures stored in said signature database, executing a storage policy with respect to said file;
in response to determining that said file signature matches no signatures stored in said signature database, allowing said file to be saved to said system. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method, comprising:
-
intercepting an operation to save a file to a system;
determining whether a file identifier of said file satisfies specified file identifier criteria, wherein said file identifier criteria indicate disallowed types of files;
in response to determining that said file identifier satisfies said file identifier criteria, executing a storage policy with respect to said file;
in response to determining that said file identifier does not satisfy said file identifier criteria, determining whether a file signature corresponding to said file matches one or more signatures stored in a signature database;
in response to determining that said file signature matches one or more signatures stored in said signature database, executing said storage policy with respect to said file;
in response to determining that said file signature matches no signatures stored in said signature database, allowing said file to be saved to said system. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system, comprising:
-
an input/output filter driver;
a signature processing user mode service;
a signature database; and
a policy database;
wherein said input/output filter driver is configured to intercept an attempt to save a file to the system;
wherein said signature processing user mode service is configured to determine whether a file signature corresponding to said file matches one or more signatures stored in said signature database;
wherein in response to determining that said file signature matches one or more signatures stored in said signature database, said signature processing user mode service is further configured to execute a storage policy stored within said policy database with respect to said file; and
wherein in response to determining that said file signature matches no signatures stored in said signature database, said signature processing user mode service is further configured to allow said file to be saved to said system. - View Dependent Claims (30, 31, 32, 33)
-
Specification