Method for protecting a computer from suspicious objects

US 20060010495A1
Filed: 07/06/2004
Published: 01/12/2006
Est. Priority Date: 07/06/2004
Status: Abandoned Application

First Claim

Patent Images

1. In an inspection facility connected to an anti-virus center for updates, a method for protecting a computer from suspicious objects, the method comprising the steps of:

inspecting an object;

upon determining said object as suspicious, holding said object into quarantine for a time period, thereby enabling said inspection test(s) of said facility to be updated during said time period by said anti-virus center;

upon ending of said time period, re-inspecting said object, thereby inspecting said object by updated inspection test(s); and

upon determining said object as malicious by said re-inspection, blocking said object, otherwise forwarding said object toward its destination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an inspection facility (e.g. at a gateway server, at a proxy server, at a firewall to a network, at an entrance to a local area network or even at the user'"'"'s computer) connected to an anti-virus center for updates, a method for protecting a computer from suspicious objects (e.g. a file, an executable, a Web page, an email message, etc.), the method comprising the steps of: inspecting an object; upon determining the object as suspicious, holding the object in quarantine (e.g. preventing from the object to be forwarded to its destination) for a time period, thereby enabling the inspection facility to be updated during the time period by the anti-virus center; upon ending of the time period, re-inspecting the object, thereby inspecting the object by updated inspection tests; and upon determining the object as malicious by the re-inspection, blocking the object, otherwise forwarding the object toward its destination.

Citations

14 Claims

1. In an inspection facility connected to an anti-virus center for updates, a method for protecting a computer from suspicious objects, the method comprising the steps of:
- inspecting an object;
  
  upon determining said object as suspicious, holding said object into quarantine for a time period, thereby enabling said inspection test(s) of said facility to be updated during said time period by said anti-virus center;
  
  upon ending of said time period, re-inspecting said object, thereby inspecting said object by updated inspection test(s); and
  
  upon determining said object as malicious by said re-inspection, blocking said object, otherwise forwarding said object toward its destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1, further comprising:
    - at said inspection facility, inspecting said object during said time period by at least one new inspection method; and
      
      upon determining said object as malicious, informing said anti-virus center with the findings of the inspection.
  - 3. A method according to claim 2, wherein said at least one new inspection method is selected from a group comprising:
    - emulation of said object, controlled execution of said object by automatic means, controlled execution of said object by a human factor.
  - 4. A method according to claim 1, wherein said object is selected from a group comprising:
    - a file, an executable, a Web page, an email message.
  - 5. A method according to claim 2, wherein said object is determined as suspicious by a dedicated test thereof.
  - 6. A method according to claim 5, wherein said test is based on a CRC value of said object.
  - 7. A method according to claim 5, wherein said suspicious is determined by an unusual number of objects passing through said inspection facility in a time period and each of which having the same CRC value of a member selected from a group comprising:
    - the whole of said object, a part of said object, a specific part of said object, a function of said object.
  - 8. A method according to claim 1, wherein said quarantine comprises preventing said object from reaching its destination.
  - 9. A method according to claim 1, wherein said inspecting is carried out at a facility selected from a group comprising:
    - a gateway server, a proxy server, a firewall to a network, an entrance to a local area network, said computer.

10. A system for protecting a computer, comprising:
- an inspection facility operative to inspect objects sent to the computer; and
  
  for each said object for which said inspecting determines that said each object is suspicious;
  
  to quarantine said each object.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein said objects are sent to the computer via a network, and wherein said inspection facility is located at a site selected from the group consisting of:
    - a gateway server of said network, a proxy server of said network, a firewall to said network and an entrance to said network.
  - 12. The system of claim 10, wherein said inspection facility is located at the computer.
  - 13. The system of claim 10, wherein said quarantining is for a time period, and wherein said inspection facility is further operative:
    - for each said object for which said inspecting determines that said each object is suspicious;
      
      to re-inspect said each object after said time period.
  - 14. The system of claim 10, further comprising:
    - an anti-virus center for providing said inspection facility with tools for said inspection and said re-inspection, said re-inspection including, for each said object for which said inspecting determines that said each object is suspicious, testing said each object using at least one tool provided to said inspection facility by said anti-virus center while said each object is quarantined.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aladdin Knowledge Systems Limited (Thales SA)
Original Assignee
Aladdin Knowledge Systems Limited (Thales SA)
Inventors
Cohen, Oded, Margalit, Yanki, Margalit, Dany

Application Number

US10/883,676
Publication Number

US 20060010495A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/56 Computer malware detection ...

H04L 63/1441 Countermeasures against mal...

Method for protecting a computer from suspicious objects

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method for protecting a computer from suspicious objects

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links