DETECTING AND RESPONDING TO MALWARE USING LINK FILES
First Claim
1. A computer-implemented method, comprising:
- monitoring, by a first computer, a generation of a first file that includes a target path that points to an object;
in response to monitoring the generation of the first file;
identifying, by the first computer, a process that caused the first file to be generated;
determining, by the first computer, whether the process is a prohibited process;
in response to determining that the process is a prohibited process, performing, by the first computer, one or more protection processes on the process and the first file;
in response to determining that the process is not a prohibited process, determining, by the first computer, whether the target path is a uniform resource locator;
in response to determining that the target path is a uniform resource locator, determining, by the first computer, whether the uniform resource locator is a prohibited uniform resource locator;
in response to determining that the uniform resource locator is a prohibited uniform resource locator, performing, by the first computer, one or more protection processes on the first file.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for monitoring the generation of link files by processes on a computer and performing protection processes based on whether the link files target malicious objects or are generated by malicious processes. In one aspect, a method includes monitoring for a generation of a first file that includes a target path that points to an object; in response to monitoring the generation of the first file: determining whether the target path is a uniform resource locator; in response to determining that the target path is a uniform resource locator, identifying a process that caused the first file to be generated; determining whether the process is a prohibited process; in response to determining that the process is a prohibited process, performing one or more protection processes on the process and the first file; in response to determining that the process is not a prohibited process, determining whether the uniform resource locator is a prohibited uniform resource locator; in response to determining that the uniform resource locator is a prohibited uniform resource locator, performing one or more protection processes on the process and the first file.
-
Citations
21 Claims
-
1. A computer-implemented method, comprising:
-
monitoring, by a first computer, a generation of a first file that includes a target path that points to an object; in response to monitoring the generation of the first file; identifying, by the first computer, a process that caused the first file to be generated; determining, by the first computer, whether the process is a prohibited process; in response to determining that the process is a prohibited process, performing, by the first computer, one or more protection processes on the process and the first file; in response to determining that the process is not a prohibited process, determining, by the first computer, whether the target path is a uniform resource locator; in response to determining that the target path is a uniform resource locator, determining, by the first computer, whether the uniform resource locator is a prohibited uniform resource locator; in response to determining that the uniform resource locator is a prohibited uniform resource locator, performing, by the first computer, one or more protection processes on the first file. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method, comprising:
-
monitoring, by a first computer, a generation of a first file that includes a target path that points to an object; in response to monitoring the generation of the first file; determining, by the first computer, whether the target path is a uniform resource locator; in response to determining that the target path is a uniform resource locator, identifying, by the first computer, a process that caused the first file to be generated; determining, by the first computer, whether the process is a prohibited process; in response to determining that the process is a prohibited process, performing, by the first computer, one or more protection processes on the process and the first file; in response to determining that the process is not a prohibited process, determining, by the first computer, whether the uniform resource locator is a prohibited uniform resource locator; in response to determining that the uniform resource locator is a prohibited uniform resource locator, performing, by the first computer, one or more protection processes on the process and the first file. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer storage medium encoded with a computer program, the program comprising instructions that when executed by data processing apparatus cause the data processing apparatus to perform operations comprising:
-
monitoring a generation of a first file that generates a request based on a uniform resource locator; in response to monitoring the generation of the first file; identifying a process that caused the first file to be generated; determining whether the process is a prohibited process; in response to determining that the process is a prohibited process, performing one or more protection processes on the process and the first file; in response to determining that the process is not a prohibited process, determining whether the uniform resource locator is a prohibited uniform resource locator; in response to determining that the uniform resource locator is a prohibited uniform resource locator, performing one or more protection processes on the process and the first file. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification