Protecting computer systems from unwanted software
First Claim
1. A computer-implemented method for protecting one or more computer systems from unwanted software, the method comprising:
- receiving a request to execute a first process file on a first computer system;
determining if the first process file is on an approved list;
allowing the first process file to run on the first computer system if the first process file is on the approved list.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for protecting one or more computer systems from unwanted software. A protection server computer maintains an approved list identifying a plurality of process files approved for execution. The protection server distributes an agent software program and the approved list to each of a plurality of computer systems. When a first computer system receives a request to execute a first process file, the agent software program intercepts the request and ensures that the first process file is on the approved list. The agent may also check a forbidden list of known bad software to ensure that undesired software is not executed. The approved list may be created by first configuring a securely managed “golden machine” with software (process files) intended to be used by computer systems in the enterprise. The approved list may then be created based on the known good process files stored on the golden machine.
69 Citations
39 Claims
-
1. A computer-implemented method for protecting one or more computer systems from unwanted software, the method comprising:
-
receiving a request to execute a first process file on a first computer system;
determining if the first process file is on an approved list;
allowing the first process file to run on the first computer system if the first process file is on the approved list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A memory medium comprising program instructions for protecting one or more computer systems from unwanted software, wherein the program instructions are executable to implement:
-
receiving a request to execute a first process file on a first computer system;
determining if the first process file is associated with an entry of an approved list of process files;
if the first process file is associated with an entry of the approved list of process files, executing the first process file on the first computer system; and
if the first process file is not associated with an entry of the approved list of process files, preventing execution of the first process file. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. A method for creating an approved list of process files useable for protecting one or more computer systems from unwanted software, the method comprising:
-
configuring a first computer system with a plurality of process files that are used by the one or more computer systems, wherein the first computer system is managed to prevent unwanted software from being stored on the first computer system;
determining process files stored on the first computer system after said configuring; and
storing information regarding the determined process files in the approved list based on said determining;
wherein the approved list is useable for protecting one or more computer systems from unwanted software. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
-
-
39. A system for protecting a plurality of computer systems from unwanted software, the system comprising:
-
a server computer system which comprises a processor and a memory medium, wherein the memory medium stores an approved list, wherein the approved list comprises a list of processes approved for execution on each of the plurality of computer systems;
a plurality of computer systems coupled to the server computer system over a network;
wherein the server computer system is operable to distribute an agent software program to a respective computer system of each of the plurality of computer systems;
wherein the server computer system is further operable to distribute the approved list to a respective computer system of each of the plurality of computer systems;
wherein each agent software program comprises program instructions executable on the respective computer system to;
receive a request for storage and/or execution of a process;
determine if the process is on the approved list; and
allow the process to run on the respective computer system if the process is on the approved list.
-
Specification