Context-Aware Real-Time Computer-Protection Systems and Methods
First Claim
1. A computer-implemented method for determining, in response to an event of interest, whether to perform a real-time file scan by examining the full context of the event of interest, the method comprising:
- detecting an event of interest;
identifying at least one file associated with the event of interest;
accessing contextual metadata associated with the event of interest;
accessing at least one rule that comprises criteria for determining, based on the event of interest and the contextual metadata, whether to perform a security scan on the file;
determining, by applying the rule, whether to perform the security scan on the file.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for determining, in response to an event of interest, whether to perform a real-time file scan by examining the full context of the event of interest may comprise: 1) detecting an event of interest, 2) identifying at least one file associated with the event of interest, 3) accessing contextual metadata associated with the event of interest, 4) accessing at least one rule that comprises criteria for determining, based on the event of interest and the contextual metadata, whether to perform a security scan on the file, and then 5) determining, by applying the rule, whether to perform the security scan on the file. Corresponding systems and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for determining, in response to an event of interest, whether to perform a real-time file scan by examining the full context of the event of interest, the method comprising:
-
detecting an event of interest; identifying at least one file associated with the event of interest; accessing contextual metadata associated with the event of interest; accessing at least one rule that comprises criteria for determining, based on the event of interest and the contextual metadata, whether to perform a security scan on the file; determining, by applying the rule, whether to perform the security scan on the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for determining, in response to an event of interest, whether to perform a real-time file scan by examining the full context of the event of interest, the system comprising:
-
an event-detection module programmed to; detect an event of interest; identify at least one file associated with the event of interest; a contextual-metadata database containing contextual metadata associated with the event of interest; a rule-application module programmed to; access at least one rule that comprises criteria for determining, based on the event of interest and the contextual metadata, whether to perform a security scan on the file; determine, by applying the rule, whether to perform the security scan on the file. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A computer-readable medium comprising computer-executable instructions that, when executed by a computing device, cause the computing device to:
-
detect an event of interest; identify at least one file associated with the event of interest; access contextual metadata associated with the event of interest; access at least one rule that comprises criteria for determining, based on the event of interest and the contextual metadata, whether to perform a security scan on the file; determine, by applying the rule, whether to perform the security scan on the file. - View Dependent Claims (19, 20)
-
Specification