OBTAINING NETWORK ORIGINS OF POTENTIAL SOFTWARE THREATS
First Claim
1. A method of obtaining the network origin of a downloaded entity of interest, the method including the steps of, in a processing system:
- recording the network locations of at least some files downloaded to the processing system;
recording the physical locations of the at least some files stored in one or more storage devices of the processing system;
identifying an entity of interest in the processing system;
searching the recorded network locations and the recorded physical locations for the network location and the physical location of the entity of interest; and
, if the network location and the physical location of the entity of interest is identified, transmitting the network location and the physical location of the entity of interest to a remote processing system.
6 Assignments
0 Petitions
Accused Products
Abstract
A method/system/computer program for obtaining the network origin of a downloaded entity of interest (e.g. a threat or malicious software). The method includes recording the network locations of at least some files downloaded to a processing system and recording the physical locations of the at least some files stored in one or more storage devices of the processing system. Then, identifying an entity of interest in the processing system and searching the recorded network locations and the recorded physical locations for the network location and the physical location of the entity of interest. Then, if the network location and the physical location of the entity of interest is identified, transmitting the network location and the physical location of the entity of interest to a remote processing system.
-
Citations
20 Claims
-
1. A method of obtaining the network origin of a downloaded entity of interest, the method including the steps of, in a processing system:
-
recording the network locations of at least some files downloaded to the processing system;
recording the physical locations of the at least some files stored in one or more storage devices of the processing system;
identifying an entity of interest in the processing system;
searching the recorded network locations and the recorded physical locations for the network location and the physical location of the entity of interest; and
,if the network location and the physical location of the entity of interest is identified, transmitting the network location and the physical location of the entity of interest to a remote processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer program product for obtaining the network origin of a downloaded entity of interest, the computer program product executable in a processing system and configured to:
-
record the network locations of at least some files downloaded to the processing system;
record the physical locations of the at least some files stored in one or more storage devices of the processing system;
identify an entity of interest in the processing system;
search the recorded network locations and the recorded physical locations for the network location and the physical location of the entity of interest; and
,if the network location and the physical location of the entity of interest is identified, transmit the network location and the physical location of the entity of interest to a remote processing system.
-
-
13. A method of obtaining the network location of a downloaded file, the method including the steps of, in a processing system:
-
identifying when an entity is being downloaded to the processing system;
storing the network location of the entity in a record, and storing one or more of a hash function for the entity, a size of the entity, a series of sections of the entity, and a filename for the entity;
identifying when a new file is created in the processing system;
comparing information in the record with one or more of a hash function for the new file, a size of the new file, a series of sections of the new file, and a filename for the new file; and
,if a match is found between the new file and the entity, storing at least the network location and the filename for the new file in a second record. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer program product for obtaining the network location of a downloaded file, the computer program product executable in a processing system and configured to:
-
identify when an entity is being downloaded to the processing system;
store the network location of the entity in a record, and store one or more of a hash function for the entity, a size of the entity, a series of sections of the entity, and a filename for the entity;
identify when a new file is created in the processing system;
compare information in the record with one or more of a hash function for the new file, a size of the new file, a series of sections of the new file, and a filename for the new file; and
,if a match is found between the new file and the entity, store at least the network location and the filename for the new file in a second record.
-
Specification