System and method for analyzing locked files
First Claim
1. A method for scanning files located on a storage device of a protected computer for pestware, the method comprising:
- identifying a file on the storage device that is inaccessible via an operating system of the protected computer;
locating, on the storage device, a listing of a plurality of pointers for the file, wherein each of the plurality of pointers in the listing points to a corresponding one of a plurality of locations on the storage device, and the storage device stores each of a plurality of portions of data for the file at a corresponding one of each of the plurality of locations;
accessing, while the operating system continues to limit access to the file via the operating system, at least one of the plurality of portions for the data; and
analyzing information from the at least one of the plurality of portions of data so as to determine whether the file is a potential pestware file.
9 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for scanning files for pestware on a protected computer are described. In one variation, when a file on a storage device is inaccessible via an operating system of the protected computer, a listing of a plurality of pointers for the file is located on the storage device. Each of the plurality of pointers in the listing points to a corresponding one of a plurality of locations on the storage device, and the storage device stores each of a plurality of portions of data for the file at a corresponding one of each of the plurality of locations. One or more of the plurality of portions for the data are accessed and analyzed, while the operating system continues to limit access to the file via the operating system, so as to determine whether the file is a pestware file.
-
Citations
21 Claims
-
1. A method for scanning files located on a storage device of a protected computer for pestware, the method comprising:
-
identifying a file on the storage device that is inaccessible via an operating system of the protected computer;
locating, on the storage device, a listing of a plurality of pointers for the file, wherein each of the plurality of pointers in the listing points to a corresponding one of a plurality of locations on the storage device, and the storage device stores each of a plurality of portions of data for the file at a corresponding one of each of the plurality of locations;
accessing, while the operating system continues to limit access to the file via the operating system, at least one of the plurality of portions for the data; and
analyzing information from the at least one of the plurality of portions of data so as to determine whether the file is a potential pestware file. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for detecting pestware files on a file storage device of a protected computer, the protected computer including an operating system, the system comprising:
a pestware detection module configured to;
identify a file on the storage device that is inaccessible via an operating system of the protected computer;
locate, on the storage device, a listing of a plurality of pointers for the file, wherein each of the plurality of pointers in the listing points to a corresponding one of a plurality of locations on the storage device, and the storage device stores each of a plurality of portions of data for the file at a corresponding one of each of the plurality of locations;
accessing, while the operating system continues to limit access to the file via the operating system, at least one of the plurality of portions for the data; and
analyzing information from the at least one of the plurality of portions of data so as to determine whether the file is a potential pestware file. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A computer readable medium encoded with instructions for scanning pestware files from a storage device of a protected computer, the instructions including instructions for:
-
identifying a file on the storage device that is inaccessible via an operating system of the protected computer;
locating, on the storage device, a listing of a plurality of pointers for the file, wherein each of the plurality of pointers in the listing points to a corresponding one of a plurality of locations on the storage device, and the storage device stores each of a plurality of portions of data for the file at a corresponding one of each of the plurality of locations;
accessing, while the operating system continues to limit access to the file via the operating system, at least one of the plurality of portions for the data; and
analyzing information from the at least one of the plurality of portions of data so as to determine whether the file is a potential pestware file. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification