Privacy friendly malware quarantines
First Claim
1. A computer-implemented method for generating a quarantine file from a regular file, the method comprising:
- (a) encoding data in the regular file with a reversible function;
(b) identifying a set of metadata that describes attributes of the regular file;
(c) combining the encoded file data and the set of metadata in the quarantine file; and
(d) setting attributes of the quarantine file to match the attributes of the regular file.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system, method, and computer-readable medium for quarantining a file. Embodiments of the present invention are included in antivirus software that maintains a user interface. From the user interface, a user may issue a command to quarantine a file or the quarantine process may be initiated automatically by the antivirus software after malware is identified. When a file is marked for quarantine, aspects of the present invention encode file data with a function that is reversible. Then a set of metadata is identified that describes attributes of the file including any heightened security features that are used to limit access to the file. The metadata is moved to a quarantine folder, while the encoded file remains at the same location in the file system. As a result, the encoded file maintains the same file attributes as the original, non-quarantined file, including any heightened security features.
117 Citations
20 Claims
-
1. A computer-implemented method for generating a quarantine file from a regular file, the method comprising:
-
(a) encoding data in the regular file with a reversible function;
(b) identifying a set of metadata that describes attributes of the regular file;
(c) combining the encoded file data and the set of metadata in the quarantine file; and
(d) setting attributes of the quarantine file to match the attributes of the regular file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable medium bearing computer-executable instructions that, when executed on a computing device that includes a quarantine file causes the computing device to:
-
(a) decompress the quarantine file;
(b) decode file data in the quarantine file;
(c) store the decoded data in a regular file; and
(d) set attributes of the regular file to match the attributes that are recorded in the metadata included in the quarantine file. - View Dependent Claims (12, 13)
-
-
14. A software system for generating a quarantine file from a regular file, the software system comprising:
-
(a) a quarantine module operative to;
(i) encode file data; and
(ii) generate a quarantine file that contains encoded file data and metadata that describes attributes of the regular file;
(b) a quarantine folder for storing metadata that describes attributes of the regular file; and
(c) a user interface operative to;
(i) search the quarantine folder for metadata and display the metadata to a user; and
(ii) accept a command to quarantine the regular file. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification