ENDPOINT AGENT FOR ENTERPRISE SECURITY SYSTEM

US 20190081982A1
Filed: 09/13/2017
Published: 03/14/2019
Est. Priority Date: 09/13/2017
Status: Active Grant

First Claim

Patent Images

1. A method for installing a plug-in to an endpoint security agent executing on an endpoint in a networked computer environment, the method comprising:

receiving a policy from a cloud server, the policy specifying an operating configuration of the endpoint security agent to provide security to the endpoint;

identifying a plug-in specified by the policy that is not currently installed in the endpoint security agent and configuration information for the plug-in specified by the policy, the plug-in configured to perform a security function relating to the endpoint;

retrieving the plug-in from the cloud server;

configuring the plug-in according to the configuration information;

obtaining, from the plug-in, command type identifiers for a set of command types subscribed to by the plug-in;

updating a communication table to store associations between the plug-in and each of the command type identifiers obtained from the plug-in;

receiving a target command from the cloud server;

identifying a target command type identifier from the target command received from the cloud server;

determining, based on the communication table, a subscribing plug-in of the endpoint security agent associated with the target command type identifier in the target command; and

sending the target command to the subscribing plug-in.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An endpoint security agent facilitates a security policy on an endpoint computing device. The endpoint agent comprises an engine and one or more plugins that each provide a particular security feature. The endpoint agent receives a policy from a cloud server specifying one or more plug-ins used by the policy and configuration of those plug-ins. The endpoint agent retrieves, installs, and configures the one or more plugins. The endpoint agent updates a communication table with command subscription information obtained from each installed plugin indicating command types subscribed to by each plug-in. When a command is received, a lookup of the command type is performed in the table, and the command is sent to the subscribing plugin.

23 Citations

View as Search Results

23 Claims

1. A method for installing a plug-in to an endpoint security agent executing on an endpoint in a networked computer environment, the method comprising:
- receiving a policy from a cloud server, the policy specifying an operating configuration of the endpoint security agent to provide security to the endpoint;
  
  identifying a plug-in specified by the policy that is not currently installed in the endpoint security agent and configuration information for the plug-in specified by the policy, the plug-in configured to perform a security function relating to the endpoint;
  
  retrieving the plug-in from the cloud server;
  
  configuring the plug-in according to the configuration information;
  
  obtaining, from the plug-in, command type identifiers for a set of command types subscribed to by the plug-in;
  
  updating a communication table to store associations between the plug-in and each of the command type identifiers obtained from the plug-in;
  
  receiving a target command from the cloud server;
  
  identifying a target command type identifier from the target command received from the cloud server;
  
  determining, based on the communication table, a subscribing plug-in of the endpoint security agent associated with the target command type identifier in the target command; and
  
  sending the target command to the subscribing plug-in.
- View Dependent Claims (4, 5, 6, 7, 8)
- - 4. The method of claim 1, wherein retrieving the plug-in comprises:
    - identifying a link to an address on the cloud server from where the plug-in can be downloaded; and
      
      downloading the plug-in using the link.
  - 5. The method of claim 1, wherein retrieving the plug-in further comprises:
    - obtaining, from the plug-in, a plug-in digital certificate indicative of authenticity of the plug-in;
      
      authenticating the plug-in digital certificate; and
      
      providing an endpoint agent digital certificate to the plug-in to enable the plug-in to verify authenticity of the endpoint security agent.
  - 6. The method of claim 1, wherein the security function of the plug-in includes at least one of:
    - a scanning function to detect malware installed on the endpoint,a real-time protection function to prevent malware from being installed on the endpoint,an administrative function to collect state information about the endpoint and provide the state information to the cloud server, anda remote desktop function to enable remote access to the endpoint from a remote administrative client.
  - 7. The method of claim 1, further comprising:
    - identifying a currently installed plug-in that is not required by the policy; and
      
      uninstalling the currently installed plug-in in response to receiving the policy.
  - 8. The method of claim 1, further comprising:
    - identifying a new version of a currently installed plug-in is available; and
      
      obtaining the new version of the plug-in from the cloud server.

2. (canceled)
- View Dependent Claims (3)
- - 3. The method of claim 2, further comprising:
    - receiving, from the subscribing plug-in in response to the target command, a response indicative of a result of the subscribing plug-in processing the target command; and
      
      sending the response to the cloud server.

9. A non-transitory computer-readable storage medium storing instructions for installing a plug-in to an endpoint security agent executing on an endpoint in a networked computer environment, the instructions when executed by a processor cause the processor to perform steps comprising:
- receiving a policy from a cloud server, the policy specifying an operating configuration of the endpoint security agent to provide security to the endpoint;
  
  identifying a plug-in specified by the policy that is not currently installed in the endpoint security agent and configuration information for the plug-in specified by the policy, the plug-in configured to perform a security function relating to the endpoint;
  
  retrieving the plug-in from the cloud server;
  
  configuring the plug-in according to the configuration information;
  
  obtaining, from the plug-in, command type identifiers for a set of command types subscribed to by the plug-in;
  
  updating a communication table to store associations between the plug-in and each of the command type identifiers obtained from the plug-in;
  
  receiving a target command from the cloud server;
  
  identifying a target command type identifier from the target command received from the cloud server;
  
  determining, based on the communication table, a subscribing plug-in of the endpoint security agent associated with the target command type identifier in the target command; and
  
  sending the target command to the subscribing plug-in.
- View Dependent Claims (11, 12, 13, 14, 15, 21)
- - 11. The non-transitory computer-readable storage medium of claim 9, the steps further comprising:
    - receiving, from the subscribing plug-in in response to the target command, a response indicative of a result of the subscribing plug-in processing the target command; and
      
      sending the response to the cloud server.
  - 12. The non-transitory computer-readable storage medium of claim 9, the steps further comprising:
    - identifying a link to an address on the cloud server where the plug-in can be downloaded; and
      
      downloading the plug-in using the link.
  - 13. The non-transitory computer-readable storage medium of claim 9, wherein retrieving the plug-in further comprises:
    - obtaining, from the plug-in, a plug-in digital certificate indicative of authenticity of the plug-in;
      
      authenticating the plug-in digital certificate; and
      
      providing an endpoint agent digital certificate to the plug-in to enable the plug-in to verify authenticity of the endpoint security agent.
  - 14. The non-transitory computer-readable storage medium of claim 9, wherein the security function includes at least one of:
    - a scanning function to detect malware installed on the endpoint,a real-time protection function to prevent malware from being installed on the endpoint,an administrative function to collect state information about the endpoint and provide the state information to the cloud server, anda remote desktop function to enable remote access to the endpoint from a remote administrative client.
  - 15. The non-transitory computer-readable storage medium of claim 9, the steps further comprising:
    - identifying a currently installed plug-in that is not required by the policy; and
      
      uninstalling the currently installed plug-in in response to receiving the policy.
  - 21. The non-transitory computer-readable storage medium of claim 9, further comprising:
    - identifying a new version of a currently installed plug-in is available; and
      
      obtaining the new version of the plug-in from the cloud server.

10. (canceled)

16. A security system for implementing a security policy on a plurality of endpoints in a networked computer environment, the security system comprising:
- one or more computer processors; and
  
  one or more non-transitory computer-readable storage media, the storage media storing computer program instructions executable by the one or more computer processors to perform steps comprising;
  
  receiving a policy from a cloud server, the policy specifying an operating configuration of the endpoint security agent to provide security to the endpoint;
  
  identifying a plug-in specified by the policy that is not currently installed in the endpoint security agent and configuration information for the plug-in specified by the policy, the plug-in configured to perform a security function relating to the endpoint;
  
  retrieving the plug-in from the cloud server;
  
  configuring the plug-in according to the configuration information;
  
  obtaining, from the plug-in, command type identifiers for a set of command types subscribed to by the plug-in;
  
  updating a communication table to store associations between the plug-in and each of the command type identifiers obtained from the plug-in;
  
  receiving a target command from the cloud server;
  
  identifying a target command type identifier from the target command received from the cloud server;
  
  determining, based on the communication table, a subscribing plug-in of the endpoint security agent associated with the target command type identifier in the target command; and
  
  sending the target command to the subscribing plug-in.
- View Dependent Claims (18, 19, 20, 22, 23)
- - 18. The security system of claim 16, the steps further comprising:
    - receiving, from the subscribing plug-in in response to the target command, a response indicative of a result of the subscribing plug-in processing the target command; and
      
      sending the response to the cloud server.
  - 19. The security system of claim 16, the steps further comprising:
    - identifying a link to an address on the cloud server where the plug-in can be downloaded; and
      
      downloading the plug-in using the link.
  - 20. The security system of claim 16, wherein retrieving the plug-in further comprises:
    - obtaining, from the plug-in, a plug-in digital certificate indicative of authenticity of the plug-in;
      
      authenticating the plug-in digital certificate; and
      
      providing an endpoint agent digital certificate to the plug-in to enable the plug-in to verify authenticity of the endpoint security agent.
  - 22. The security system of claim 16, wherein the security function includes at least one of:
    - a scanning function to detect malware installed on the endpoint,a real-time protection function to prevent malware from being installed on the endpoint,an administrative function to collect state information about the endpoint and provide the state information to the cloud server, anda remote desktop function to enable remote access to the endpoint from a remote administrative client.
  - 23. The security system of claim 16, the steps further comprising:
    - identifying a currently installed plug-in that is not required by the policy; and
      
      uninstalling the currently installed plug-in in response to receiving the policy.

17. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malwarebytes Corporate Holdco Incorporated
Original Assignee
Malwarebytes Inc.
Inventors
Breton, Kevin Douglas, Patton, Mark William

Granted Patent

US 10,257,232 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/57   Certifying or maintaining t...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

ENDPOINT AGENT FOR ENTERPRISE SECURITY SYSTEM

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

ENDPOINT AGENT FOR ENTERPRISE SECURITY SYSTEM

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links