REMEDIAL ACTION AGAINST MALICIOUS CODE AT A CLIENT FACILITY

US 20080244074A1
Filed: 03/30/2007
Published: 10/02/2008
Est. Priority Date: 03/30/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

requesting a network site interaction from a client computing facility;

determining that the network site interaction from the client computing facility is unacceptable based on an acceptance policy at a gateway facility;

denying access to the network site from the client computing facility;

sending information relating to the attempted interaction with the network site from the gateway facility to the client computing facility, wherein the information indicates that the attempted interaction occurred; and

causing the client computing facility to interpret the information relating to the attempted interaction, determine whether the attempted interaction was the result of an automatically generated request, and take remedial action in the event that the attempted interaction was the result of the automatically generated request.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of this invention may relate to a malicious application remedial action request application where a network site interaction may be requested from a client computing facility; the network site interaction from the client computing facility may be determined to be unacceptable based on an acceptance policy at a gateway facility; access to the network site from the client computing facility may be denied; information relating to the attempted interaction with the network site may be sent from the gateway facility to the client computing facility, wherein the information may indicate that the attempted interaction occurred; and the client computing facility may interpret the information relating to the attempted interaction, determine whether the attempted interaction was the result of an automatically generated request, and take remedial action in the event that the attempted interaction was the result of the automatically generated request.

75 Citations

View as Search Results

153 Claims

1. A method, comprising:
- requesting a network site interaction from a client computing facility;
  
  determining that the network site interaction from the client computing facility is unacceptable based on an acceptance policy at a gateway facility;
  
  denying access to the network site from the client computing facility;
  
  sending information relating to the attempted interaction with the network site from the gateway facility to the client computing facility, wherein the information indicates that the attempted interaction occurred; and
  
  causing the client computing facility to interpret the information relating to the attempted interaction, determine whether the attempted interaction was the result of an automatically generated request, and take remedial action in the event that the attempted interaction was the result of the automatically generated request.
- View Dependent Claims (2, 12, 13, 14, 15, 21, 23, 24, 31, 32, 33, 34, 38, 43, 60, 73, 74)
- - 2. The method of claim 1, wherein the automatically generated request was sent by a malicious code.
  - 12. The method of claim 1, wherein the acceptance policy comprises an unacceptable network site database.
  - 13. The method of claim 1, wherein the acceptance policy comprises an acceptable network site database.
  - 14. The method of claim 1, wherein the acceptance policy comprises a network site reputation database.
  - 15. The method of claim 1, wherein the acceptance policy comprises a rule evaluation of the network site interaction acceptability.
  - 21. The method of claim 1, wherein the acceptance policy is based on a block list.
  - 23. The method of claim 1, wherein the acceptance policy is based on an acceptance list.
  - 24. The method of claim 1, wherein the network site interaction is an access request to a network system.
  - 31. The method of claim 1, wherein the information is stored on the client computing facility.
  - 32. The method of claim 31, wherein the stored information is parsed by a client computer facility malicious code analysis application using a virus identity file (IDE).
  - 33. The method of claim 32, wherein the IDE parsed information is used to determine an appropriate action by the client computer facility.
  - 34. The method of claim 1, wherein the remedial action taken by the client computer facility is a result of a client computing facility resident malicious code detection application accessing information using IDE information.
  - 38. The method of claim 1, wherein the information comprises data adapted to be interpreted by the client computing facility.
  - 43. The method of claim 1, wherein the information comprises at least one command to be executed by the client computing facility.
  - 60. The method of claim 1, wherein the remedial action comprises scanning the client computing facility for malware.
  - 73. The method of claim 1, wherein the remedial action comprises any action determined by the client computer facility malicious code analysis application interacting with the IDE and the information.
  - 74. The method of claim 1, further comprising the step of sending an access approval request from the client computing facility to the gateway facility indicating that the requested network site interaction was user initiated and requesting a policy change to allow the user initiated network site interaction.

3-11. -11. (canceled)

16-20. -20. (canceled)

22. (canceled)

25-30. -30. (canceled)

35-37. -37. (canceled)

39-42. -42. (canceled)

44-59. -59. (canceled)

61-72. -72. (canceled)

75. (canceled)

76. A method, comprising:
- requesting a network site interaction from a client computing facility;
  
  determining that the network site interaction from the client computing facility is unacceptable based on an acceptance policy facility located on the client computing facility;
  
  denying access to the network site from the client computing facility; and
  
  causing the client computing facility to interpret information of the attempted interaction as determined by the acceptance policy facility, determine whether the attempted interaction was the result of an automatically generated request, and take remedial action in the event that the attempted interaction was the result of the automatically generated request.

77-151. -151. (canceled)

152. A system, comprising:
- a gateway adapted to provide network access to a client computing facility, the gateway further adapted to receive a network site interaction request from the client computing facility;
  
  the gateway further comprising an acceptance policy for determining the acceptability of the network site interaction from the client computing facility;
  
  an information file relating to the attempted interaction with the network site, wherein the information file is sent from the gateway to the client computing facility in response to a blocked network interaction; and
  
  a remedial action facility adapted to cause the client computing facility to interpret information from the information file, determine whether the attempted interaction was the result of an automatically generated request, and take remedial action in the event that the attempted interaction was the result of the automatically generated request.

153-302. -302. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
Baccas, Paul, Howard, Fraser, Svajcer, Vanja

Granted Patent

US 8,782,786 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

G06F 21/56   Computer malware detection ...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

REMEDIAL ACTION AGAINST MALICIOUS CODE AT A CLIENT FACILITY

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

153 Claims

Specification

Use Cases

Quick Links

Others

REMEDIAL ACTION AGAINST MALICIOUS CODE AT A CLIENT FACILITY

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

153 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others