SYSTEM AND METHOD FOR LOCAL PROTECTION AGAINST MALICIOUS SOFTWARE
First Claim
1. One or more non-transitory machine readable media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
- intercepting, on a computing device, an application programming interface (API) associated with a network access attempt;
determining a process mapped to the API;
determining a plurality of software program files mapped to the process;
determining a trust status of each software program file of the plurality of software program files;
determining whether the network access attempt is permitted based, at least in part, on a first criterion, wherein the first criterion includes a trust status of each software program file of the plurality of software program files; and
performing an action if the network access attempt is not permitted.
9 Assignments
0 Petitions
Accused Products
Abstract
A method in one example implementation includes intercepting a network access attempt on a computing device and determining a software program file associated with the network access attempt. The method also includes evaluating a first criterion to determine whether the network access attempt is permitted and blocking the network access attempt if it is not permitted. The first criterion includes a trust status of the software program file. In specific embodiments, the trust status is defined as trusted if the software program file is included in a whitelist of trustworthy program files and untrusted if the software program file is not included in a whitelist. In more specific embodiments, the method includes blocking the network access attempt if the software program file has an untrusted status. In further embodiments, an event is logged if the software program file associated with the network access attempt has an untrusted status.
-
Citations
20 Claims
-
1. One or more non-transitory machine readable media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
-
intercepting, on a computing device, an application programming interface (API) associated with a network access attempt; determining a process mapped to the API; determining a plurality of software program files mapped to the process; determining a trust status of each software program file of the plurality of software program files; determining whether the network access attempt is permitted based, at least in part, on a first criterion, wherein the first criterion includes a trust status of each software program file of the plurality of software program files; and performing an action if the network access attempt is not permitted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus, comprising:
-
a protection module; and one or more processors operable to execute instructions associated with the protection module, to cause the one or more processors to; intercept, on a computing device, an application programming interface (API) associated with a network access attempt; determine a process mapped to the API; determine a plurality of software program files mapped to the process; determine a trust status of each software program file of the plurality of software program files; determine whether the network access attempt is permitted based, at least in part, on a first criterion, wherein the first criterion includes a trust status of each software program file of the plurality of software program files; and perform an action if the network access attempt is not permitted. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method comprising:
-
intercepting, on a computing device, an application programming interface (API) associated with a network access attempt; determining a process mapped to the API; determining a plurality of software program files mapped to the process; determining a trust status of each software program file of the plurality of software program files; determining whether the network access attempt is permitted based, at least in part, on a first criterion, wherein the first criterion includes a trust status of each software program file of the plurality of software program files; and performing an action if the network access attempt is not permitted. - View Dependent Claims (18, 19, 20)
-
Specification