Privacy friendly malware quarantines

US 20060161988A1
Filed: 01/14/2005
Published: 07/20/2006
Est. Priority Date: 01/14/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for generating a quarantine file from a regular file, the method comprising:

(a) encoding data in the regular file with a reversible function;

(b) identifying a set of metadata that describes attributes of the regular file;

(c) combining the encoded file data and the set of metadata in the quarantine file; and

(d) setting attributes of the quarantine file to match the attributes of the regular file.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system, method, and computer-readable medium for quarantining a file. Embodiments of the present invention are included in antivirus software that maintains a user interface. From the user interface, a user may issue a command to quarantine a file or the quarantine process may be initiated automatically by the antivirus software after malware is identified. When a file is marked for quarantine, aspects of the present invention encode file data with a function that is reversible. Then a set of metadata is identified that describes attributes of the file including any heightened security features that are used to limit access to the file. The metadata is moved to a quarantine folder, while the encoded file remains at the same location in the file system. As a result, the encoded file maintains the same file attributes as the original, non-quarantined file, including any heightened security features.

117 Citations

View as Search Results

20 Claims

1. A computer-implemented method for generating a quarantine file from a regular file, the method comprising:
- (a) encoding data in the regular file with a reversible function;
  
  (b) identifying a set of metadata that describes attributes of the regular file;
  
  (c) combining the encoded file data and the set of metadata in the quarantine file; and
  
  (d) setting attributes of the quarantine file to match the attributes of the regular file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1, further comprising copying the set of metadata that describes attributes of the regular file to a central location that is accessible to a user interface and wherein the user interface is operative to display the set of metadata to a user.
  - 3. The method as recited in claim 1, further comprising deleting the regular file after the encoded data and the set of metadata are stored in the quarantine file.
  - 4. The method as recited in claim 1, wherein encoding data in the regular file includes performing exclusive-OR encryption.
  - 5. The method as recited in claim 4, wherein performing exclusive-OR encryption includes:
    - (a) generating a random key; and
      
      (b) applying the exclusive-OR algebraic function to file data and the random key.
  - 6. The method as recited in claim 1, wherein the quarantine file that contains the encoded file data and the set of metadata is compressed into an archive file.
  - 7. The method as recited in claim 1, wherein the quarantine file is generated automatically after malware is detected.
  - 8. The method as recited in claim 1, wherein the quarantine file that contains the encoded file data and the set of metadata remains in the same location in the file system as the regular file.
  - 9. The method as recited in claim 1, wherein the quarantine file does not contain data that matches any malware signature.
  - 10. The method as recited in claim 1, wherein setting attributes of the quarantine file to match the attributes of the regular file includes making function calls to an application programming interface.

11. A computer-readable medium bearing computer-executable instructions that, when executed on a computing device that includes a quarantine file causes the computing device to:
- (a) decompress the quarantine file;
  
  (b) decode file data in the quarantine file;
  
  (c) store the decoded data in a regular file; and
  
  (d) set attributes of the regular file to match the attributes that are recorded in the metadata included in the quarantine file.
- View Dependent Claims (12, 13)
- - 12. The computer-readable medium as recited in claim 11, further comprising removing a set of metadata that is associated with the quarantine file from a central location that is accessible to a user interface.
  - 13. The computer-readable medium as recited in claim 11, wherein the encoded file data is decoded using the exclusive-OR algebraic function.

14. A software system for generating a quarantine file from a regular file, the software system comprising:
- (a) a quarantine module operative to;
  
  (i) encode file data; and
  
  (ii) generate a quarantine file that contains encoded file data and metadata that describes attributes of the regular file;
  
  (b) a quarantine folder for storing metadata that describes attributes of the regular file; and
  
  (c) a user interface operative to;
  
  (i) search the quarantine folder for metadata and display the metadata to a user; and
  
  (ii) accept a command to quarantine the regular file.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The software system as recited in claim 14, further comprising an antivirus engine for identifying data that is characteristic of malware.
  - 16. The software system as recited in claim 14, wherein the quarantine module is further configured to decode data in the quarantine file so that the data may be scanned for malware by the antivirus engine.
  - 17. The software system as recited in claim 14, wherein the user interface accepts a command to restore a quarantine file and wherein the quarantine module is further configured to convert the quarantine file back into the regular file.
  - 18. The software system as recited in claim 14, wherein the user interface is configured to accept commands to:
    - (a) scan the quarantine file for malware; and
      
      (b) submit the quarantine file to an antivirus software vendor.
  - 19. The software system as recited in claim 14, wherein the quarantine file and regular file are stored in the same location in the file system and maintain the same file attributes.
  - 20. The software system as recited in claim 14, wherein the regular file and the quarantine file are protected from authorized access with heightened security features.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Marinescu, Adrian M., Costea, Mihai, Thomas, Anil Francis, Bluvstein, Vadim N., Gheorghescu, Gheorghe Marius, Larsen, Kyle A.

Granted Patent

US 7,716,743 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/6209   to a single file or object,...

G06F 21/64   Protecting data integrity, ...

Privacy friendly malware quarantines

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

117 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy friendly malware quarantines

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links