METHODS AND APPARATUS FOR AGENT-BASED MALWARE MANAGEMENT

US 20120260304A1
Filed: 02/13/2012
Published: 10/11/2012
Est. Priority Date: 02/15/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method of operating a security program on a computer, comprising:

operating the security program to impersonate or use operating system functions in monitoring objects running on the computer;

determining, based upon the monitoring, whether the objects are malware.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for providing protection against malware are disclosed. An exemplary method includes executing an agent program on a remote computer connected to a network, the agent program being configured to communicate with a base computer via the network, the agent program including a firewall arranged to block communications between the remote computer and entities on the network in accordance with predetermined rules; and configuring the firewall in accordance with rules received from the base computer.

Citations

12 Claims

1. A method of operating a security program on a computer, comprising:
- operating the security program to impersonate or use operating system functions in monitoring objects running on the computer;
  
  determining, based upon the monitoring, whether the objects are malware.

2. A non-transitory, tangible processor readable storage medium, encoded with processor readable instructions to perform a method for fighting malware on a computer, the method comprising:
- impersonating operating system functions to monitor objects running on the computer; and
  
  determining whether the objects are malware or not based upon the monitoring.

3. A method of operating a security program on a computer, comprising:
- loading a first component of the security program on the computer;
  
  dynamically creating a second component of the security program on the computer having different attributes from the first component and which will automatically load in the event that the first component fails to load due to malevolent activity.
- View Dependent Claims (4)
- - 4. A method according to claim 3, wherein the second component is arranged to remove its own digital signature.

5. A non-transitory, tangible processor readable storage medium, encoded with processor readable instructions to perform a method for fighting malware, the method comprising:
- loading a first component of the security program on the computer; and
  
  dynamically creating a second component of the security program on the computer having different attributes from the first component and which will automatically load in the event that the first component fails to load due to malevolent activity.
- View Dependent Claims (6)
- - 6. The non-transitory, tangible processor readable storage medium according to claim 5, wherein the second component is arranged to remove its own digital signature.

7. A method of providing protection against malware, the method comprising:
- executing an agent program on a remote computer connected to a network, the agent program being configured to communicate with a base computer via the network, the agent program including a firewall arranged to block communications between the remote computer and entities on the network in accordance with predetermined rules; and
  
  configuring the firewall in accordance with rules received from the base computer.
- View Dependent Claims (8, 9)
- - 8. A method according to claim 7, comprising:
    - receiving at the remote computer from the base computer information that an object on the remote computer and or an entity on the network is unsafe; and
      
      including a rule at the remote computer so that intended network communications involving the unsafe object and or unsafe entity are blocked by the firewall.
  - 9. The method according to claim 8, comprising:
    - receiving at the remote computer from the base computer information that an object on the remote computer and or an entity on the network is unsafe;
      
      asking permission from the user of the remote computer for details of intended network communications involving the unsafe object and or unsafe entity to be shared with a third party; and
      
      ,intercepting intended network communications involving the unsafe object and or the unsafe entity and sharing them with a third party.

10. A non-transitory, tangible processor readable storage medium, encoded with processor readable instructions to perform a method for providing protection against malware, the method comprising:
- communicating with a base computer via the network,creating a firewall arranged to block communications between the remote computer and entities on the network in accordance with predetermined rules; and
  
  configuring the firewall in accordance with rules received from the base computer.
- View Dependent Claims (11, 12)
- - 11. The non-transitory, tangible processor readable storage medium according to claim 10, the method including:
    - receiving at the remote computer from the base computer information that an object on the remote computer and or an entity on the network is unsafe; and
      
      including a rule at the remote computer so that intended network communications involving the unsafe object and or unsafe entity are blocked by the firewall.
  - 12. The non-transitory, tangible processor readable storage medium according to claim 10, the method including:
    - receiving at the remote computer from the base computer information that an object on the remote computer and or an entity on the network is unsafe;
      
      asking permission from the user of the remote computer for details of intended network communications involving the unsafe object and or unsafe entity to be shared with a third party; and
      
      intercepting intended network communications involving the unsafe object and or the unsafe entity and sharing them with a third party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Webroot Inc. (Open Text Corporation)
Original Assignee
Webroot Inc. (Open Text Corporation)
Inventors
Morris, Melvyn, Jaroch, Joseph

Application Number

US13/372,439
Publication Number

US 20120260304A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

H04L 63/0263   Rule management

H04L 63/14   for detecting or protecting...

H04L 63/145   the attack involving the pr...

METHODS AND APPARATUS FOR AGENT-BASED MALWARE MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND APPARATUS FOR AGENT-BASED MALWARE MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links