SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR REACTING IN RESPONSE TO A DETECTION OF AN ATTEMPT TO STORE A CONFIGURATION FILE AND AN EXECUTABLE FILE ON A REMOVABLE DEVICE

US 20150172301A1
Filed: 12/22/2014
Published: 06/18/2015
Est. Priority Date: 06/27/2008
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for reacting in response to a detection of an attempt to store a configuration file and an executable file on a removable device. In use, a first device removably coupled to a second device is identified. Additionally, an attempt to store on the first device a configuration file for the first device and an executable file is detected. Further, a reaction is performed in response to the detection of the attempt.

17 Citations

View as Search Results

40 Claims

1-20. -20. (canceled)

21. A non-transitory tangible computer readable medium comprising one or more instructions that when executed on a processor configure the processor to perform operations for preventing propagation of malware from a first device to a second device via a removable storage device, the operations comprising:
- monitoring, by a security system of the first device, ports of the first device to identify that the removable storage device coupled to the first device;
  
  monitoring, by the security system, file copy or create operations directed to the removable storage device to detect an attempt by a program on the first device to store a configuration file and an executable file on the removable storage device; and
  
  in response to detecting the attempt, providing, by the security system, an alert to a user of the first device of the attempt to store the configuration file and the executable file on the removable storage device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 22. The non-transitory tangible computer readable medium of claim 21, wherein the program is a malicious program attempting to spread the configuration file and executable file to other devices via the removable storage device, and an antivirus program installed on the first device does not have a malware signature for the malicious program.
  - 23. The non-transitory tangible computer readable medium of claim 21, wherein the operations further comprises:
    - flagging the program for review by the security system in response to the user selecting a first option to prevent the copy or creation of the configuration file and the executable file on the removable device.
  - 24. The non-transitory tangible computer readable medium of claim 21, wherein providing the alert comprises providing a first option to prevent the storage of the configuration file and the executable file on the removable storage device.
  - 25. The non-transitory tangible computer readable medium of claim 21, wherein the configuration file includes one or more instructions for an operating system of the second device to run the executable file upon the removable storage device being coupled to the second device.
  - 26. The non-transitory tangible computer readable medium of claim 21, wherein the configuration file includes a file configuring software on the removable device.
  - 27. The non-transitory tangible computer readable medium of claim 21, wherein the configuration file includes a setup information (INF) file.
  - 28. The non-transitory tangible computer readable medium of claim 21, wherein the configuration file is a text-based configuration file.
  - 29. The non-transitory tangible computer readable medium of claim 21, wherein providing the alert comprises providing a second option to review one or more of the following:
    - a name, a location, a source, and content of the configuration file.
  - 30. The non-transitory tangible computer readable medium of claim 29, wherein providing the second option comprises providing the user with the ability to view at least a part of the text of the configuration file.
  - 31. The non-transitory tangible computer readable medium of claim 29, wherein providing the second option comprises providing the user with the ability to identify in the content of the configuration file whether the executable file is instructed to be executed via the configuration file.
  - 32. The non-transitory tangible computer readable medium of claim 21, wherein providing the alert comprises providing a third option to review one or more of the following:
    - a name, a location, a source, and content of the executable file.
  - 33. The non-transitory tangible computer readable medium of claim 21, wherein the executable file includes one or more of the following:
    - a malware file, a virus software file, an adware file, and a spyware file.
  - 34. The non-transitory tangible computer readable medium of claim 21, wherein the removable storage device is removably coupled to the first device via a universal serial bus (USB) connection, or an Institute of Electrical and Electronics Engineers (IEEE) 1394 connection.
  - 35. The non-transitory tangible computer readable medium of claim 21, wherein the removable storage device is removably coupled to the first device via a Bluetooth wireless connection, or a network connection.
  - 36. The non-transitory tangible computer readable medium of claim 21, wherein the removable storage device includes one or more of the following:
    - a portable hard drive device, a flash-based memory device, a shared network drive, and a portable music player.

37. A first device for preventing propagation of malware from the first device to a second device via a removable storage device, the device comprising:
- a processor,a memory having instructions stored thereon, wherein the instructions are executable by the processor to cause the first device to;
  
  monitor, by a security system of the first device, ports of the first device to identify that the removable storage device coupled to the first device;
  
  monitor, by the security system, file copy or create operations directed to the removable storage device to detect an attempt by a program on the first device to store a configuration file and an executable file on the removable storage device; and
  
  in response to detecting the attempt, provide, by the security system, an alert to a user of the first device of the attempt to store the configuration file and the executable file on the removable storage device.
- View Dependent Claims (38)
- - 38. The first device of claim 37, wherein the program is a malicious program attempting to spread the configuration file and executable file to other devices via the removable storage device, and an antivirus program installed on the first device does not have a malware signature for the malicious program.

39. A method for preventing propagation of malware from a first device to a second device via a removable storage device, the method comprising:
- monitoring, by a security system of the first device, ports of the first device to identify that the removable storage device coupled to the first device;
  
  monitoring, by the security system, file copy or create operations directed to the removable storage device to detect an attempt by a program on the first device to store a configuration file and an executable file on the removable storage device; and
  
  in response to detecting the attempt, providing, by the security system, an alert to a user of the first device of the attempt to store the configuration file and the executable file on the removable storage device.
- View Dependent Claims (40)
- - 40. The method of claim 39, wherein the program is a malicious program attempting to spread the configuration file and executable file to other devices via the removable storage device, and an antivirus program installed on the first device does not have a malware signature for the malicious program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Kumar, Lokesh, Ramachetty, Harinath V.

Granted Patent

US 9,531,748 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/145   the attack involving the pr...

H04W 12/08   Access security

SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR REACTING IN RESPONSE TO A DETECTION OF AN ATTEMPT TO STORE A CONFIGURATION FILE AND AN EXECUTABLE FILE ON A REMOVABLE DEVICE

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR REACTING IN RESPONSE TO A DETECTION OF AN ATTEMPT TO STORE A CONFIGURATION FILE AND AN EXECUTABLE FILE ON A REMOVABLE DEVICE

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links