Method and apparatus for protecting data files on a computer from virus infection
First Claim
1. A computer-implemented method for protecting files on a computer from infection by a virus, the files compatible with a program module running on the computer, comprising the steps of:
- detecting one of an external and internal open file event for a selected one of the files;
prior to responding to the detected open file event, determining whether the selected file is likely to contain the virus;
in the event that the selected file is likely to contain the virus, then providing a notice advising that the selected file may contain the virus;
otherwise, responding to the open file event by opening the file for operation with the program module.
2 Assignments
0 Petitions
Accused Products
Abstract
Protection of data files on a computer system from infection or damage by a computer virus. A virus protection system can detect either an external or internal open file event for a file maintained on a local or remote computer. Typically, the protection system is implemented as an internal component of the program module that processes the files protected by the protection system. Prior to responding to a detected open file event, an inquiry is conducted to determine whether the file is likely to contain a virus. If so, a notice is generated to indicate that the file may contain a virus, thereby advising of the possible danger of spreading the virus to other files if the file opening is completed. If the file is not likely to contain the virus, the response to the detected open file event is completed by opening the file for processing by the program module.
-
Citations
34 Claims
-
1. A computer-implemented method for protecting files on a computer from infection by a virus, the files compatible with a program module running on the computer, comprising the steps of:
-
detecting one of an external and internal open file event for a selected one of the files; prior to responding to the detected open file event, determining whether the selected file is likely to contain the virus; in the event that the selected file is likely to contain the virus, then providing a notice advising that the selected file may contain the virus; otherwise, responding to the open file event by opening the file for operation with the program module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-readable medium having computer executable instructions for a virus protection routine incorporated within a program module, for causing a computer to perform the steps of:
-
detecting a request to access a data file in response to one of an external and internal open file event; in response to the request to access the data file, determining whether the data file contains a known virus component; if the data file contains a known virus component, then (i) providing an advisory notice that the data file is susceptible to infection by a virus; and (ii) providing an option to access the data file using a safe mode; and if the option to access the data file in the safe mode is selected, then accessing the data file with the known virus component disabled. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer-implemented method for protecting a plurality of files on a computer from infection by a known virus component using a virus check routine incorporated within a program module, the program module operative to access the files and the virus check routine operative to store a digital signature with a selected data file once the selected data file is accessed by the program module, comprising the steps of:
-
detecting a request to access the selected data file in response to one of an external and internal open file event; determining whether the selected data file contains the known virus component; if the selected data file contains the known virus component, then determining whether the selected data file was previously accessed by the program module by (i) obtaining the digital signature for the selected data file; (ii) obtaining a digital session key for the present session of the program module; and (iii) comparing the digital signature with the digital session key; if the digital signature matches the digital session key, then determining that the selected data file was previously accessed by the program module; determining whether the selected data file was previously accessed using a safe access mode; and if the selected data file was previously accessed using the safe access mode, then accessing the selected data file using the safe access mode. - View Dependent Claims (23, 24, 25)
-
-
26. A computer-implemented method for detecting a known virus component using a virus check routine incorporated within a program module operative to process a file that is susceptible to a virus, comprising:
-
detecting a request to process a selected file in response to one of an external and internal open file event; determining whether the selected file contains a known virus component; if the selected file contains a known virus component, then (i) providing an advisory notice indicating that the selected file contains a known virus component; and (ii) providing file processing options to process the selected file; receiving one of the file processing options as a selected file processing option; processing the selected file in accordance with the selected file processing option; detecting a second request to process the selected file; and if the advisory notice indicating that the selected file contains a known virus component was previously provided, then processing the selected file in accordance with the selected file processing option without providing a second advisory notice. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
-
Specification