System and method for using rules to protect against malware
First Claim
1. A method for preventing a malicious or unwanted software application function from acting upon an object within a computer system, the method utilizing a plurality of rules to associate one or more object attributes with the object within the computer system, the method comprising:
- determining one or more of the plurality of rules that apply to the object within the computer system;
associating one or more object attributes with the object within the computer system according to the one or more applicable rules;
detecting a software application function before allowing the software application function to act upon the object within the computer system;
scanning the object within the computer system for the one or more object attributes;
determining whether the one or more object attributes indicate that the software application function must be prevented from acting upon the object within the computer system; and
disabling the software object function when the one or more object attributes indicate that the software application function must be prevented from acting upon the object within the computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a method of disabling malicious or unwanted software on a computer system using a plurality of rules, wherein the plurality of rules automatically disable functions originating from malicious software. In one embodiment, the method includes detecting a function that is attempting to act on an object within the computer system and identifying one or more rules from the plurality of rules that apply to the object. The function may then be automatically disabled when the identified rules indicate that the function should be disabled.
-
Citations
20 Claims
-
1. A method for preventing a malicious or unwanted software application function from acting upon an object within a computer system, the method utilizing a plurality of rules to associate one or more object attributes with the object within the computer system, the method comprising:
-
determining one or more of the plurality of rules that apply to the object within the computer system; associating one or more object attributes with the object within the computer system according to the one or more applicable rules; detecting a software application function before allowing the software application function to act upon the object within the computer system; scanning the object within the computer system for the one or more object attributes; determining whether the one or more object attributes indicate that the software application function must be prevented from acting upon the object within the computer system; and disabling the software object function when the one or more object attributes indicate that the software application function must be prevented from acting upon the object within the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for preventing a malicious or unwanted software application function from acting upon an object within a computer system, the system utilizing a plurality of rules to associate one or more object attributes with the object within the computer system, the system comprising:
-
a memory upon which the plurality of rules are stored; a comparator that determined one or more of the plurality of rules that apply to the object within the computer system; a flagging module that associates one or more object attributes with the object within the computer system according to the one or more applicable rules; a detector that detects a software application function attempting to act upon the object within the computer system before allowing the software application function to act upon the object within the computer system; a scanner that scans the object within the computer system for the one or more object attributes and determines whether the one or more object attributes indicate that the software application function must be prevented from acting upon the object within the computer system; and a disabler that disables the software object function when the one or more object attributes indicate that the software application function must be prevented from acting upon the object within the computer system. - View Dependent Claims (17, 18, 19, 20)
-
Specification