System and method for heuristic analysis to identify pestware
First Claim
Patent Images
1. A method for blocking pestware activity, the method comprising:
- detecting an initial pestware activity on a protected computer;
recording the initial pestware activity;
receiving an instruction from a user of the protected computer to block the initial pestware activity;
blocking the initial pestware activity;
detecting a subsequent pestware activity;
comparing the subsequent pestware activity with the initial pestware activity; and
responsive to the subsequent pestware activity matching the initial pestware activity, automatically blocking the subsequent pestware activity.
9 Assignments
0 Petitions
Accused Products
Abstract
Systems for preventing pestware activity are described. One embodiment a heuristic engine configured to identify repeat pestware activity and configured to block the repeat pestware activity; an operating system pestware shield in communication with the heuristic engine, the operating system pestware shield configured to detect pestware activity and report the pestware activity to the heuristic engine; and a browser pestware shield in communication with the heuristic engine, the browser pestware shield configured to detect pestware activity and report the pestware activity to the heuristic engine.
-
Citations
29 Claims
-
1. A method for blocking pestware activity, the method comprising:
-
detecting an initial pestware activity on a protected computer;
recording the initial pestware activity;
receiving an instruction from a user of the protected computer to block the initial pestware activity;
blocking the initial pestware activity;
detecting a subsequent pestware activity;
comparing the subsequent pestware activity with the initial pestware activity; and
responsive to the subsequent pestware activity matching the initial pestware activity, automatically blocking the subsequent pestware activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for blocking pestware, the method comprising:
-
receiving a trigger from a pestware shield, the trigger corresponding to a presently-detected pestware activity;
determining if the received trigger is similar to a previously-received trigger received from the pestware shield, the previously-received trigger corresponding to previously-detected pestware; and
responsive to the received trigger being similar to the previously-received trigger, automatically blocking the presently-detected pestware activity. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for blocking pestware activity, the system comprising:
-
a heuristic engine configured to identify repeat pestware activity and configured to block the repeat pestware activity;
an operating system pestware shield in communication with the heuristic engine, the operating system pestware shield configured to detect pestware activity and report the pestware activity to the heuristic engine; and
a browser pestware shield in communication with the heuristic engine, the browser pestware shield configured to detect pestware activity and report the pestware activity to the heuristic engine. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification