Method for protecting a computer from suspicious objects
First Claim
1. In an inspection facility connected to an anti-virus center for updates, a method for protecting a computer from suspicious objects, the method comprising the steps of:
- inspecting an object;
upon determining said object as suspicious, holding said object into quarantine for a time period, thereby enabling said inspection test(s) of said facility to be updated during said time period by said anti-virus center;
upon ending of said time period, re-inspecting said object, thereby inspecting said object by updated inspection test(s); and
upon determining said object as malicious by said re-inspection, blocking said object, otherwise forwarding said object toward its destination.
1 Assignment
0 Petitions
Accused Products
Abstract
In an inspection facility (e.g. at a gateway server, at a proxy server, at a firewall to a network, at an entrance to a local area network or even at the user'"'"'s computer) connected to an anti-virus center for updates, a method for protecting a computer from suspicious objects (e.g. a file, an executable, a Web page, an email message, etc.), the method comprising the steps of: inspecting an object; upon determining the object as suspicious, holding the object in quarantine (e.g. preventing from the object to be forwarded to its destination) for a time period, thereby enabling the inspection facility to be updated during the time period by the anti-virus center; upon ending of the time period, re-inspecting the object, thereby inspecting the object by updated inspection tests; and upon determining the object as malicious by the re-inspection, blocking the object, otherwise forwarding the object toward its destination.
-
Citations
14 Claims
-
1. In an inspection facility connected to an anti-virus center for updates, a method for protecting a computer from suspicious objects, the method comprising the steps of:
-
inspecting an object;
upon determining said object as suspicious, holding said object into quarantine for a time period, thereby enabling said inspection test(s) of said facility to be updated during said time period by said anti-virus center;
upon ending of said time period, re-inspecting said object, thereby inspecting said object by updated inspection test(s); and
upon determining said object as malicious by said re-inspection, blocking said object, otherwise forwarding said object toward its destination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for protecting a computer, comprising:
-
an inspection facility operative to inspect objects sent to the computer; and
for each said object for which said inspecting determines that said each object is suspicious;
to quarantine said each object. - View Dependent Claims (11, 12, 13, 14)
-
Specification