METHODS AND APPARATUS FOR AGENT-BASED MALWARE MANAGEMENT
First Claim
Patent Images
1. A method of operating a security program on a computer, comprising:
- operating the security program to impersonate or use operating system functions in monitoring objects running on the computer;
determining, based upon the monitoring, whether the objects are malware.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for providing protection against malware are disclosed. An exemplary method includes executing an agent program on a remote computer connected to a network, the agent program being configured to communicate with a base computer via the network, the agent program including a firewall arranged to block communications between the remote computer and entities on the network in accordance with predetermined rules; and configuring the firewall in accordance with rules received from the base computer.
-
Citations
12 Claims
-
1. A method of operating a security program on a computer, comprising:
-
operating the security program to impersonate or use operating system functions in monitoring objects running on the computer; determining, based upon the monitoring, whether the objects are malware.
-
-
2. A non-transitory, tangible processor readable storage medium, encoded with processor readable instructions to perform a method for fighting malware on a computer, the method comprising:
-
impersonating operating system functions to monitor objects running on the computer; and determining whether the objects are malware or not based upon the monitoring.
-
-
3. A method of operating a security program on a computer, comprising:
-
loading a first component of the security program on the computer; dynamically creating a second component of the security program on the computer having different attributes from the first component and which will automatically load in the event that the first component fails to load due to malevolent activity. - View Dependent Claims (4)
-
-
5. A non-transitory, tangible processor readable storage medium, encoded with processor readable instructions to perform a method for fighting malware, the method comprising:
-
loading a first component of the security program on the computer; and dynamically creating a second component of the security program on the computer having different attributes from the first component and which will automatically load in the event that the first component fails to load due to malevolent activity. - View Dependent Claims (6)
-
-
7. A method of providing protection against malware, the method comprising:
-
executing an agent program on a remote computer connected to a network, the agent program being configured to communicate with a base computer via the network, the agent program including a firewall arranged to block communications between the remote computer and entities on the network in accordance with predetermined rules; and configuring the firewall in accordance with rules received from the base computer. - View Dependent Claims (8, 9)
-
-
10. A non-transitory, tangible processor readable storage medium, encoded with processor readable instructions to perform a method for providing protection against malware, the method comprising:
-
communicating with a base computer via the network, creating a firewall arranged to block communications between the remote computer and entities on the network in accordance with predetermined rules; and configuring the firewall in accordance with rules received from the base computer. - View Dependent Claims (11, 12)
-
Specification