Anti-virus policy enforcement system and method

US 6,892,241 B2
Filed: 09/28/2001
Issued: 05/10/2005
Est. Priority Date: 09/28/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method for enforcing an anti-virus policy, comprising:

(a) receiving a status command at a client computer from a network device utilizing a network;

(b) sending a status to the network device utilizing the network in response to the status command, the status rolating to anti-virus scanning software on the client computer; and

(c) initiating a response at the client computer utilizing the network based on the status;

wherein the response includes conditionally preventing access to the network by the client computer based on the status of the anti-virus scanning software, the status including at least one of a version of the anti-virus scanning software and any deactivation of the anti-virus scanning software.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for enforcing an anti-virus policy. Initially, a status command is received at a client computer from a network device utilizing a network. In response to the status command, a status is sent to the network device utilizing the network. Such status relates to anti-virus scanning software on the client computer. Next, a response is initiated at the client computer utilizing the network based on the status.

96 Citations

View as Search Results

42 Claims

1. A method for enforcing an anti-virus policy, comprising:
- (a) receiving a status command at a client computer from a network device utilizing a network;
  
  (b) sending a status to the network device utilizing the network in response to the status command, the status rolating to anti-virus scanning software on the client computer; and
  
  (c) initiating a response at the client computer utilizing the network based on the status;
  
  wherein the response includes conditionally preventing access to the network by the client computer based on the status of the anti-virus scanning software, the status including at least one of a version of the anti-virus scanning software and any deactivation of the anti-virus scanning software.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 2. The method as recited in claim 1, wherein the status command is received in response to an attempt to access the network by the client computer.
  - 3. The method as recited in claim 1, wherein the status command is received on a predetermined port.
  - 4. The method as recited in claim 1, wherein the status command is received utilizing user datagram protocol (UDP).
  - 5. The method as recited in claim 1, wherein the network device includes a firewall.
  - 6. The method as recited in claim 5, and further comprising determining whether the status command is received from the firewall.
  - 7. The method as recited in claim 6, wherein the status is conditionally sent based on the determination as to whether the status command is received from the firewall.
  - 8. The method as recited in claim 1, wherein the status command is encrypted, and further comprising decrypting the status command.
  - 9. The method as recited in claim 8, and further comprising encrypting the status prior to sending the status utilizing the network.
  - 10. The method as recited in claim 1, wherein the response includes requiring an action at the client computer.
  - 11. The method as recited in claim 10, and further comprising preventing access to the network until the action is carried out.
  - 12. The method as recited in claim 1, wherein the response conditionally includes a notice to the user of the client computer based on the status.
  - 13. The method as recited in claim 12, wherein the notice indicates that the user is required to reinstall the anti-virus scanning software.
  - 14. The method as recited in claim 12, wherein the notice indicates that the user is required to reactivate the anti-virus scanning software.
  - 15. The method as recited in claim 1, wherein the response conditionally requires a reinstallation of the anti-virus scanning software based on the status.
  - 16. The method as recited in claim 1, wherein the response conditionally requires a reactivation of the anti-virus scanning software based on the status.
  - 17. The method as recited in claim 1, wherein the response conditionally includes an update command received from the network device based on the status.
  - 18. The method as recited in claim 17, wherein the update command is encrypted.
  - 19. The method as recited in claim 17, wherein the update command is received if the status indicates that the anti-virus scanning software on the client computer requires an update.
  - 20. The method as recited in claim 17, and further comprising updating the anti-virus scanning software in response to the update command.
  - 21. The method as recited in claim 20, wherein the anti-virus scanning software is updated utilizing the network.
  - 22. The method as recited in claim 21, wherein the updating of the anti-virus scanning software includes sending an update request to a server utilizing the network.
  - 23. The method as recited in claim 22, wherein the updating of the anti-virus scanning software further include receiving an update from the server.
  - 24. The method as recited in claim 23, wherein the update includes a plurality of virus signatures.
  - 25. The method as recited in claim 23, wherein the update includes a plurality of DAT files.
  - 26. The method as recited in claim 1, and further comprising determining an amount of time that elapsed between the receipt of the status command and a previous receipt of the status command.
  - 27. The method as recited claim 26, and further comprising conditionally sending the status in response to the status command based on the amount of time that has elapsed.
  - 28. The method as recited in claim 27, and further comprising sending the status in response to the status command if the amount of time that has elapsed is greater than a predetermined amount to prevent a denial of service attack (DOS).
  - 29. The method as recited in claim 1, wherein the status is automatically sent to the network device in response to the status command.
  - 30. The method as recited in claim 19, wherein the anti-virus scanning software is automatically updated in response to the update command.
  - 31. The method as recited in claim 1, wherein the status relates to any tampering of the anti-virus scanning software.
  - 32. The method as recited in claim 1, wherein the status relates to any removal of the anti-virus scanning software.
  - 33. The method as recited in claim 1, wherein (a)-(c) are carried out for a plurality of client computers communicating with the network device.
  - 34. The method as recited in claim 33, wherein the client computers communicate with the network device via a local area network (LAN).

35. A computer program product embodied on a computer readable medium for enforcing an anti-virus policy, comprising:
- (a) computer code for receiving a status command at a client computer from a network device utilizing a network;
  
  (b) computer code for sending a status to the network device utilizing the network in response to the status command, the status relating to anti-virus scanning software on the client computer; and
  
  (c) computer code for initiating a response at the client computer utilizing the network based on the status;
  
  wherein the response includes conditionally preventing access to the network by the client computer based on the status of the anti-virus scanning software, the status including at least one of a version of the anti-virus scanning software and any deactivation of the anti-virus scanning software.

36. A system for enforcing an anti-virus policy, comprising:
- (a) means for receiving a status command at a client computer from a network device utilizing a network;
  
  (b) means for sending a status to the network device utilizing the network in response to the status command, the status relating to anti-virus scanning software on the client computer; and
  
  (c) means for initiating a response at the client computer utilizing the network based on the status;
  
  wherein the response includes conditionally preventing access to the network by the client computer based on the status of the anti-virus scanning software, the status including at least one of a version of the anti-virus scanning software and any deactivation of the anti-virus scanning software.

37. A system for enforcing an anti-virus policy, comprising:
- (a) a client agent for receiving a status command at a client computer from a network device utilizing a network, and sending a status to the network device utilizing the network in response to the status command, the status relating to anti-virus scanning software on the client computer, and (b) wherein a response at the client computer is initiated utilizing the network by on the status;
  
  wherein the response includes conditionally preventing access to the network by the client computer based on the status of the anti-virus scanning software, the status including at least one of a version of the anti-virus scanning software and any deactivation of the anti-virus scanning software.

38. A method for enforcing an anti-virus policy, comprising:
- (a) attempting to gain access to a network via a firewall utilizing a client computer;
  
  (b) sending a status to the firewall utilizing the network, the status relating to anti-virus scanning software on the client computer, and (c) conditionally gaining access to the network via the firewall based on the status, the status including at least one of a version of the anti-virus scanning software and any deactivation of the anti-virus scanning software.

39. A method for enforcing an anti-virus policy, comprising:
- (a) attempting to gain access to a network via a firewall utilizing a client computer; and
  
  (b) identifying a status relating to anti-virus scanning software on the client computer, (c) wherein access is selectively allowed to the network via the firewall based on the status, the status including at least one of a version of the anti-virus scanning software and any deactivation of the anti-virus scanning software.

40. A computer program product embodied on a computer readable medium for enforcing an anti-virus policy, comprising:
- (a) computer code for attempting to gain access to a network via a firewall utilizing a client computer; and
  
  (b) computer code for identifying a status relating to anti-virus scanning software on the client computer;
  
  (c) wherein access is selectively allowed to the network via the firewall based on the status, the status including at least one of a version of the anti-virus scanning software and any deactivation of the anti-virus scanning software.

41. A method for enforcing an anti-virus policy, comprising;
- (a) monitoring a port on a client computer;
  
  (b) receiving a command at the client computer utilizing a network;
  
  (c) determining whether the command is received from a firewall; and
  
  (d) if it is determined that the command is received from the firewall;
  
  (i) decrypting the command, (ii) determining whether the command includes a status command or an update command. (iii) if the command includes a status command, sending a status to the firewall utilizing the network in response to the status command, the status relating to anti-virus scanning software on the client computer status including at least one of a version of the anti-virus scanning software and any deactivation of the anti-virus scanning software, wherein access is selectively allowed to the network via the firewall based on the status, and (iv) if the command includes an update command, updating the anti-virus scanning software utilizing the network in response to the update command.

42. A method for enforcing an anti-virus policy, comprising(a) receiving a status command at a client computer from a network device utilizing a network;
- (b) sending a status to the network device utilizing the network in response to the status command, the status relating to anti-virus scanning software on the client computer; and
  
  (c) initiating a response at the client computer utilizing the network based an the status;
  
  wherein the status command is received in response to an attempt to access the network by the client computer;
  
  wherein the status command is received on a predetermined port;
  
  wherein the status command is received utilizing user datagram protocol (UDP);
  
  wherein the network device includes a firewall;
  
  wherein it is determined whether the status command is received from the firewall, and the status is conditionally sent based on the determination as to whether the status command is received from the firewall;
  
  wherein the status command is encrypted, and further comprising decrypting the status command, and the status is encrypted prior to sending the status utilizing the network;
  
  wherein the response includes conditionally preventing access to the network by the client computer based on the status, requiring an action at the client computer, conditionally including a notice to the user of the client computer based on the status where the notice indicates that the user is required to at least one of reinstall the anti-virus scanning software and reactivate the anti-virus scanning software, conditionally requiring a reinstallation of the anti-virus scanning software based on the status, conditionally requiring a reactivation of the anti-virus scanning software based on the status, and conditionally including an update command received from the network device based on the status;
  
  wherein access to the network is prevented until the action is carried out;
  
  wherein the update command is encrypted;
  
  wherein the update command is received if the status indicates that the anti-virus scanning software on the client computer requires an update, and the anti-virus scanning software is updated in response to the update command;
  
  wherein an amount of time that elapsed between the receipt of the status command and a previous receipt of the status command is determined, and the status is conditionally sent in response to the status command based on the amount of time that has elapsed;
  
  wherein the status is sent in response to the status command if the amount of time that has elapsed is greater than a predetermined amount to prevent a denial of service attack (DOS);
  
  wherein the status relates to aversion of the anti-virus scanning software, any tampering of the anti-virus scanning software, any removal of the anti-virus scanning software, and any deactivation of the anti-virus scanning software;
  
  wherein (a)-(c) are carried out for a plurality of client computers communicating with the network device;
  
  wherein the client computers communicate with the network device via a local area network (LAN).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Networks Associates Technology, Inc. (McAfee, LLC)
Inventors
Huang, Ricky, Kouznetsov, Victor
Primary Examiner(s)
Vu, Thong

Application Number

US09/968,106
Publication Number

US 20030065793A1
Time in Patent Office

1,320 Days
Field of Search

709/203, 709/238, 709/229, 709/227, 709/225, 713/201, 713/200, 705/400, 707/200, 380/23, 340/5, 340/8
US Class Current

709/229
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/145   the attack involving the pr...

Anti-virus policy enforcement system and method

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

96 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Anti-virus policy enforcement system and method

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links